|Type of Malware||Ransomware|
|Location – Country of Origin||Russia|
|Date of initial activity||2019|
|Associated Groups||Cryptomix ransomware family, Clop, TA505 threat actor|
|Motivation||Attacking various sectors for financial gain.|
|Attack Vectors||Spam email attachments, trojans, hyperlinks, cracks, unprotected Remote Desktop Protocol (RDP) connection, infected websites, etc|
|Targeted System||Any system connected to the Internet|
This malware works by encrypting your files and asks you to pay a certain ransom amount to have them decrypted. It is one of the most dangerous and feared ransomware variants, and it mostly targets Windows users. This advanced security threat starts by blocking most of the Windows processes, so you will not detect when it does the encryption. It will disable most essential security applications such as Windows defender, so your computer will have no chance of protecting the files from encryption.
Attacking various sectors for financial gain and encrypting assets in corporate networks. Attacking various sectors for financial gain and encrypting assets in corporate networks.
Tools/ Techniques Used
Impact / Significant Attacks
A significant attack on a South Korean retailer, demanding $40 million ransom this time, and threatening to leak 2 million cards in case the negotiation fails.