12 January 19, 10:29
Quote:Financially motivated threat actors,referred to as TEMP.MixMaster, are infecting victims with Trickbot malware before deploying the infamous Ryuk ransomware and so far have managed to make off with a reported $3.7 million worth of Bitcoin.
The attacks are also unique as the threat actors often wait for extended periods after gaining access, often profiting from the victims in other ways, before launching ransomware attacks.
FireEye researchers noted the threat actors have been active since at least december 2017 and while it’s unclear exactly who is behind the attacks numerous reports have attributed the campaign to North Korea, according to a Jan. 10 blog post.
“In multiple incidents, rather than relying solely on built-in TrickBot capabilities, TEMP.MixMaster used EMPIRE and RDP connections to enable lateral movement within victim environments,” researchers said in the post.
“Interactive deployment of ransomware, such as this, allows an attacker to perform valuable reconnaissance within the victim network and identify critical systems to maximize their disruption to business operations, ultimately increasing the likelihood an organization will pay the demanded ransom.”
Source: https://www.scmagazine.com/home/security...ansomware/
![[-]](https://www.geeks.fyi/images/collapse.png)
