216.73.216.77

A Technical Look At The New 'Termite' Ransomware That Hit Blue Yonder

· Published 07/12/2024 12:25 · Modified 09/12/2024 11:31

Export JSON

Essential information

Published
07/12/2024 12:25
Modified
09/12/2024 11:31
Tags
2024-12-07 babuk blue yonder double-extortion file-encryption network shares ransomware termite
Related entities
1 intrusion sets (apt), 9 techniques (mitre), 4 malware, 1 others

Description

The , a rebranded version of , recently targeted supply chain management platform . This new strain employs advanced tactics, including double extortion, to maximize its impact. Upon execution, it terminates services, deletes shadow copies, empties the recycle bin, and encrypts files while avoiding certain system folders. The spreads through and appends a '.' extension to encrypted files. It uses multiple MITRE ATT&CK techniques for execution, defense evasion, discovery, and impact. The emergence of highlights the need for robust cybersecurity measures, proactive threat intelligence, and effective incident response strategies to counter evolving threats.

External references