216.73.216.233

Ransomware Roundup - Underground

· Published 02/09/2024 16:21 · Modified 02/09/2024 16:40

Export JSON

Essential information

Published
02/09/2024 16:21
Modified
02/09/2024 16:40
Tags
2024-09-02 CVE-2023-36884 data leak encryption romcom storm-0978 underground windows
Related entities
1 vulnerabilities (cve), 4 observables, 1 intrusion sets (apt), 15 techniques (mitre), 1 malware, 14 others

Description

The ransomware, first observed in July 2023, targets machines by encrypting files and demanding ransom. Attributed to the Russia-based group, it exploits and other common infection vectors. The ransomware deletes shadow copies, modifies RemoteDesktop settings, and stops MS SQL Server. It drops a ransom note and encrypts files without changing extensions. The group's site lists 16 victims across various industries and locations. FortiGuard Labs provides protection against this threat through antivirus detection and other security solutions.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

External references