Articles Quantum ransomware operators carried out the attack in almost...

Quantum ransomware operators carried out the attack in almost 4 hours

-

The attackers used the IcedID malware as one of their initial access vectors.

Quantum ransomware, first discovered in August 2021, has been used in fast network attacks. The attackers used the IcedID malware as one of their initial access vectors, which deploys Cobalt Strike for remote access and leads to data theft and encryption with Quantum.

The DFIR Report analyzed Quantum ransomware attacks. The attack lasted only 3 hours and 44 minutes from the initial infection to the completion of device encryption. The attack used the IcedID malware as initial access to the victim’s system. Presumably, the malware was installed by attackers via a phishing email containing an attached ISO file.

IcedID is a modular banking Trojan that has been used over the past five years primarily to deploy stage 2 payloads, downloaders, and ransomware. The combination of IcedID and ISO archives is often used in cyberattacks because such files can bypass email security solutions.

Two hours after the initial infection, the attackers injected Cobalt Strike into the C:\Windows\SysWOW64\cmd.exe process to avoid detection. At this point, the criminals stole Windows domain credentials by dumping LSASS memory and spread through the network. The hackers then proceeded to establish RDP connections to other servers in the environment.

Once the criminals had a grasp of the domain structure, they prepared to deploy the ransomware by copying the ransomware (named ttsel.exe) to each system via the C$ share. The attackers eventually used WMI and PsExec to deploy the Quantum ransomware payload and encrypt devices.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you