I like malwarebytes work. When they write up malware, at least its informative and pleasing to use. The write up on Troldesh (shade) is a great example.
It gets right to the point: hey, everyone, while ransomware has trended down some families are still on the rise, especially this one.
Can't beat that. Gets right to the meat of things.
Infection vector: same ole same ole: email spam. In this case, you learn its vector is via attachments, especially zip files. If that isn't your normal email attachment, then give it a skip -- save yourself from being infected.
They do let me down a bit about the attribution. Saying something might be Russian in origin because its ransomware note is in both Russian and English makes me sad. Now if they had pointed to the orthography of the writing or the coding, maybe that could hold more water. It does hint that those two audiences are a focus.
Anyway, in the gems I saw in this article, the movies references used as extension were interesting. Many of these were not only very famous in the US but equally runaway famous in foreign countries, such as breaking bad, dexter, da Vinci code, etc.
When I see these, I tend to pay attention to where reporting is happening from. In this case, a wide array of English speaking, Chinese and Russian sites dominate.
Bonus Points (older reporting):
- https://www.microsoft.com/security/blog/2016/07/13/troldesh-ransomware-influenced-by-the-da-vinci-code/
- https://servicedesk.necsu.nhs.uk/hscic-carecert-bulletin-necs-response-270716/
No comments:
Post a Comment