RANSOMWARE
CASE STUDY

WORKERS FROM HOME EXPANDS AN ORGANIZATION"S IP FOOTPRINT

Organizations like Evil Corp. are getting more aggressive and attacking organizations from every sector. Local Government is as exposed as Fortune 100; Depending on IT protections ... maybe more.

 

SECTOR:

Public Safety Layered Approach to Safety

CLIENT:

The Secure Cities Project

DARKTRACE FOILS RAMSONWARE ATTACK BY EVIL CORP

Darktrace has recently observed several targeted intrusions associated with Evil Corp, an advanced cyber-criminal group recently in the headlines after a surge in WastedLocker ransomware cases. The group is believed to have targeted hundreds of organizations in over 40 countries, demanding ransoms of $500,000 to $1m to unlock computer files it seizes. US authorities are now offering a $5m reward for information leading to the arrest of the group’s leaders — understood to be the largest sum of money ever offered for a cyber-criminal.

Thanks to its self-learning nature, Darktrace's AI detected these intrusions without the use of any threat intelligence or static Indicators of Compromise (IoCs). This blog describes the techniques, tools and procedures used in multiple intrusions by Evil Corp – also known as TA505 or SectorJ04

With the right technologies in place, you can secure the perimeter around your police departments' facility while increasing your efficiency and effectiveness in protecting the public.

Key Takeaways

  • The threat actor was reusing TTPs as well as infrastructure across multiple intrusions

  • Some infrastructure was only observed in individual intrusions

  • While most WastedLocker reports focus on the ransomware, Darktrace has observed Evil Corp conducting data exfiltration

  • The attacker used various living-off-the-land techniques for lateral movement

  • Data exfiltration and ransomware activity took place on weekends, likely to reduce response capabilities of IT teams

  • Although clearly an advanced actor, Evil Corp can be detected and stopped before encryption ensues

Contact us to receive more information sales@surveillancegrid.com or send us a message.

OUR MISSION

Creating safe places to live, work and learn through community partnerships and technology.

WHAT WE DO
COMPANY
CONNECT
  • White Facebook Icon
  • White Twitter Icon
  • White YouTube Icon

SurveillanceGRID Integration Inc
PO Box 2168
Morgan Hill, CA. 95038

(800) 528-8184

(408) 528-9277

sales@surveillancegrid.com

© 2018 by SurveillanceGrid Integration Inc.   Designed by BLACK KOI 360 Design Studio

Terms of Service       |        Privacy Policy