WORKERS FROM HOME EXPANDS AN ORGANIZATION"S IP FOOTPRINT
Organizations like Evil Corp. are getting more aggressive and attacking organizations from every sector. Local Government is as exposed as Fortune 100; Depending on IT protections ... maybe more.
Public Safety Layered Approach to Safety
The Secure Cities Project
DARKTRACE FOILS RAMSONWARE ATTACK BY EVIL CORP
Darktrace has recently observed several targeted intrusions associated with Evil Corp, an advanced cyber-criminal group recently in the headlines after a surge in WastedLocker ransomware cases. The group is believed to have targeted hundreds of organizations in over 40 countries, demanding ransoms of $500,000 to $1m to unlock computer files it seizes. US authorities are now offering a $5m reward for information leading to the arrest of the group’s leaders — understood to be the largest sum of money ever offered for a cyber-criminal.
Thanks to its self-learning nature, Darktrace's AI detected these intrusions without the use of any threat intelligence or static Indicators of Compromise (IoCs). This blog describes the techniques, tools and procedures used in multiple intrusions by Evil Corp – also known as TA505 or SectorJ04
With the right technologies in place, you can secure the perimeter around your police departments' facility while increasing your efficiency and effectiveness in protecting the public.
The threat actor was reusing TTPs as well as infrastructure across multiple intrusions
Some infrastructure was only observed in individual intrusions
While most WastedLocker reports focus on the ransomware, Darktrace has observed Evil Corp conducting data exfiltration
The attacker used various living-off-the-land techniques for lateral movement
Data exfiltration and ransomware activity took place on weekends, likely to reduce response capabilities of IT teams
Although clearly an advanced actor, Evil Corp can be detected and stopped before encryption ensues
Contact us to receive more information or send us a message.