#hackathon
Hack them all!
Great news from our European HQ: Group-IB won the Police Hackathon 2022 organised by the Dutch police (Politie Eenheid Den Haag). As part of the team "Team Spirit", our guys from Incident Response, High-Tech Crime Investigation and Threat Intelligence departments solved the real cybercrime cases provided by the police. "Team Spirit" were runaway winners๐ช Great job!
Group-IB's experts not only win hackathons, but share their knowledge with the community. Want to learn more about the most recent cybersecurity trends, technologies, and predictions? Check out Group-IB's reports ๐
Hack them all!
Great news from our European HQ: Group-IB won the Police Hackathon 2022 organised by the Dutch police (Politie Eenheid Den Haag). As part of the team "Team Spirit", our guys from Incident Response, High-Tech Crime Investigation and Threat Intelligence departments solved the real cybercrime cases provided by the police. "Team Spirit" were runaway winners๐ช Great job!
Group-IB's experts not only win hackathons, but share their knowledge with the community. Want to learn more about the most recent cybersecurity trends, technologies, and predictions? Check out Group-IB's reports ๐
โค11๐5
#ransomware #DeadBolt
Everything you need to know about DeadBolt ransomware in one blog post.
The Group-IB Incident Response Team investigated an incident related to a DeadBolt attack and analyzed a DeadBolt ransomware sample. Their investigation was the first full-fledged analysis of DeadBolt and included reverse-engineering the code in full to reveal the ransomware sampleโs functionalities and capabilities.
Deadbolt ransomware is famous for a notorious attack on NAS manufacturer QNAP through the exploitation of a 0-day vulnerability in its software. The threat actors demanded 0.05 BTC from individual users of NAS for decrypting their data. For a ransom of 10 BTC, Deadbolt operators promised QNAP that they would share all the technical details relating to the zero-day vulnerability that they manipulated and for 50 BTC they offered to include the master key to decrypt the files belonging to QNAPโs clients who had fallen victim to the campaign.
Check out our latest blog post to learn more๐
Everything you need to know about DeadBolt ransomware in one blog post.
The Group-IB Incident Response Team investigated an incident related to a DeadBolt attack and analyzed a DeadBolt ransomware sample. Their investigation was the first full-fledged analysis of DeadBolt and included reverse-engineering the code in full to reveal the ransomware sampleโs functionalities and capabilities.
Deadbolt ransomware is famous for a notorious attack on NAS manufacturer QNAP through the exploitation of a 0-day vulnerability in its software. The threat actors demanded 0.05 BTC from individual users of NAS for decrypting their data. For a ransom of 10 BTC, Deadbolt operators promised QNAP that they would share all the technical details relating to the zero-day vulnerability that they manipulated and for 50 BTC they offered to include the master key to decrypt the files belonging to QNAPโs clients who had fallen victim to the campaign.
Check out our latest blog post to learn more๐
๐4๐ฅ3
#report #ransomware #OldGremlin
๐ฟDon't ever feed gremlins after midnight.
Group-IB released a first threat report detailing the operations of a Russian-speaking ransomware group OldGremlin: "OldGremlin Ransomware: Never ever feed them after the Locknight". In just two years and a half, the "Gremlins" carried out 16 malicious campaigns.
๐OldGremlin remains one of the very few ransomware gangs targeting Russian companies. However, their growing ambitions can push them to explore new geographies in the future.
๐For the second year in a row, OldGremlin demanded the highest ransom from Russian organizations: in 2021 their largest ransom demand amounted to $4.2 million, while in 2022 it soared to $16.9 million.
๐The groupโs victim list includes banks, logistics and manufacturing companies, insurance firms, retailers, real estate developers, and software companies. In 2020, the group even targeted a Russian arms manufacturer.
Group-IB wants to help security professionals better track OldGremlin and eliminate the risks of incidents involving the gang. Download our report to get detailed information about the current tactics, techniques, and procedures (TTPs) used by the attackers, which are described using MITRE ATT&CKยฎ.
๐ฟDon't ever feed gremlins after midnight.
Group-IB released a first threat report detailing the operations of a Russian-speaking ransomware group OldGremlin: "OldGremlin Ransomware: Never ever feed them after the Locknight". In just two years and a half, the "Gremlins" carried out 16 malicious campaigns.
๐OldGremlin remains one of the very few ransomware gangs targeting Russian companies. However, their growing ambitions can push them to explore new geographies in the future.
๐For the second year in a row, OldGremlin demanded the highest ransom from Russian organizations: in 2021 their largest ransom demand amounted to $4.2 million, while in 2022 it soared to $16.9 million.
๐The groupโs victim list includes banks, logistics and manufacturing companies, insurance firms, retailers, real estate developers, and software companies. In 2020, the group even targeted a Russian arms manufacturer.
Group-IB wants to help security professionals better track OldGremlin and eliminate the risks of incidents involving the gang. Download our report to get detailed information about the current tactics, techniques, and procedures (TTPs) used by the attackers, which are described using MITRE ATT&CKยฎ.
๐ฅ9๐2
#MajikPOS #blog
Point-of-sale (POS) malware is a type of malicious software designed to infect POS terminals for the purpose of stealing payment data stored on magnetic stripes on the back of bank cards. On April 19, 2022, the Group-IB Threat Intelligence identified a Command and Control (C2) server of the POS malware called MajikPOS.
Our experts analyzed the server and established that it also hosts a C2 administrative panel of another POS malware called Treasure Hunter, which is also used to collect compromised credit card data. After analyzing the malicious infrastructure, Group-IB researchers retrieved information about the infected devices and the credit cards compromised as a result of this campaign. Since at least February 2021, the operators have stolen more than 167,000 payment records (as of September 8, 2022), mainly from the US. According to Group-IBโs estimates, the operators could make as much as $3,340,000 if they simply decide to sell the compromised card dumps on underground forums.
Read our latest blog post to learn more about the analysis of the MajikPOS and Treasure Hunter samples ๐
Point-of-sale (POS) malware is a type of malicious software designed to infect POS terminals for the purpose of stealing payment data stored on magnetic stripes on the back of bank cards. On April 19, 2022, the Group-IB Threat Intelligence identified a Command and Control (C2) server of the POS malware called MajikPOS.
Our experts analyzed the server and established that it also hosts a C2 administrative panel of another POS malware called Treasure Hunter, which is also used to collect compromised credit card data. After analyzing the malicious infrastructure, Group-IB researchers retrieved information about the infected devices and the credit cards compromised as a result of this campaign. Since at least February 2021, the operators have stolen more than 167,000 payment records (as of September 8, 2022), mainly from the US. According to Group-IBโs estimates, the operators could make as much as $3,340,000 if they simply decide to sell the compromised card dumps on underground forums.
Read our latest blog post to learn more about the analysis of the MajikPOS and Treasure Hunter samples ๐
๐1
#cybersecuritytips #breaches
The consequences of data breaches might be devastating for companies. This #CybersecurityAwarenessMonth we want to share with you some recommendations on how to prevent data leakages. Check them out!
The consequences of data breaches might be devastating for companies. This #CybersecurityAwarenessMonth we want to share with you some recommendations on how to prevent data leakages. Check them out!
๐ฅ8