Moving Target Defense Blog

In recent weeks we've seen threat actors stepping up ransomware attacks against hospitals at a moment when saving lives is their most important focus. To keep critical care operating uninterrupted, it’s become more important than ever for hospitals to harden their environment with ransomware prevention.Without secure  infrastructure, treatments and surgeries can and do grind to a halt. The operators of the Ryuk ransomware, for example, targeted 10 healthcare organizations over the course of the past month and are continuing to attack and encrypt data at healthcare organizations, according to Bleeping Computer.

A whopping 186.4 million Americans shopped in stores and online between Black Friday and Cyber Monday this year, according to the National Retail Federation. On average, these shoppers spent $361.90 per person over the five-day Thanksgiving weekend.

In April 2019, attackers who breached IT supplier Wipro leveraged the ConnectWise Control (formerly ScreenConnect) remote desktop application as a major component of their attack.

Last week, Intezer and IBM X-Force released new research identifying a new form of ransomware, which they named PureLocker. Written in PureBasic and designed to attack servers, this damaging new malware has been described as Malware-as-a-Service in a recent ZDNet article. 

Last week, a new strain of ransomware hit dozens of targets across Germany. The categorization as ransomware is really a misnomer as, while the attackers do demand a ransom, by that time the victim’s data has already been irreversibly wiped, even if the ransom is paid.

Morphisec Labs recently investigated an ongoing BitPaymer ransomware campaign that has been attacking companies across the U.S., both public and private, over the last 3 months.

Despite HIPAA regulations designed to keep them informed on the security of their personal health data, patients still seem to be in the dark. That was just one of the findings of Morphisec's new 2019 Consumer Healthcare Cybersecurity Threat Index.

The cybersecurity attack landscape moves fast, really fast. Last year, not a week passed that didn’t bring about news on a new ransomware incident. Of course ransomware’s very nature lends itself to newsworthy headlines based on how incredibly damaging to businesses this class of attacks can be.

July has been a busy month for the distributors of GandCrab ransomware. After about two months with no major update, the cybercrime gang behind GandCrab released version 4, and a few days later, version 4.1. The primary delivery method is via compromised WordPress websites, which have been hijacked to include fake crack application pages, which in turn redirect to the GandCrab executable. Other distribution methods are Exploit Kits (EK) and malicious email campaigns.

GandCrab Ransomware

Here is a look at GandCrab ransomware and some techniques it uses to evade detection and analysis. These days, most malware employs long chain attack and anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. Such is the case with GandCrab, a new ransomware strain that entered the scene late last month and is currently active.