Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns
Introduction We previously reported on how we managed to temporarily shut down 15 operative QNAPCrypt ransomware campaigns targeting Linux-based file storage systems (NAS servers). We have now identified a new QNAPCrypt sample which is being used by the same threat actor group. The authors behind this new ransomware instance have revealed enough evidence for us […]
Why we Should be Paying More Attention to Linux Threats
In a previous post we wrote for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), we discussed the emergence of Linux-based threats. This threat ecosystem is heavily concentrated with financial driven crypto-miners and DDoS botnet tools which primarily target vulnerable Linux servers. In addition, more sophisticated threats utilizing rare evasion techniques exist within […]
Intezer Analyze Community: GonnaCry, HawkEye, BXAQ and More
In July, Intezer Analyze community detections included GonnaCry ransomware, the HawkEye malware kit, and BXAQ, the spyware that Chinese authorities have been installing onto foreign travelers’ Android devices. 1) GonnaCry [Link to Analysis] GonnaCry is an open-source ransomware designed for the Linux platform. GonnaCry’s source code is downloaded from GitHub and utilized by attackers to […]
Intezer Analyze Community: Mapping Code Connections Between Malware Samples
In addition to highlighting five notable file uploads and endpoint scans made by our community users each month, I thought it was important to visualize the code reuse connections between the malware detected and their respective malware families. The following graphic represents a mapping of file uploads made to the Intezer Analyze community in June […]
How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers
Introduction It is rare to see ransomware being used to target the Linux operating system. However, cyber criminals seem to adapt to this emerging environment and use a variety of creative methods to gain profits from this landscape. We at Intezer have detected and temporarily DoS’d the operation of a ransomware targeting Linux-based file storage systems (NAS servers). We […]
Intezer Analyze Community: BlackSquid, RobbinHood Ransomware and More
1) BlackSquid [Link to Analysis] BlackSquid is a Monero crypto-miner which was recently discovered by researchers at Trend Micro. According to Trend Micro, BlackSquid uses up to eight different exploits to stealthily infect web servers and it can also laterally propagate through a network in a worm-like fashion. In order to avoid detection, the malware […]