{"id":18472,"date":"2022-03-10T10:10:06","date_gmt":"2022-03-10T18:10:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/03\/10\/news-12205\/"},"modified":"2022-03-10T10:10:06","modified_gmt":"2022-03-10T18:10:06","slug":"news-12205","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/03\/10\/news-12205\/","title":{"rendered":"Ransomware: February 2022 review"},"content":{"rendered":"<p><strong>Credit to Author: Threat Intelligence Team| Date: Thu, 10 Mar 2022 17:59:42 +0000<\/strong><\/p>\n<p>The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/993c63a5-f054-445f-a580-6d535d91e7f0.png\" data-rel=\"lightbox-image-0\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55021\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/993c63a5-f054-445f-a580-6d535d91e7f0\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/993c63a5-f054-445f-a580-6d535d91e7f0.png\" data-orig-size=\"829,490\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"993c63a5-f054-445f-a580-6d535d91e7f0\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/993c63a5-f054-445f-a580-6d535d91e7f0-300x177.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/993c63a5-f054-445f-a580-6d535d91e7f0-600x355.png\" loading=\"lazy\" width=\"829\" height=\"490\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/993c63a5-f054-445f-a580-6d535d91e7f0.png\" alt=\"\" class=\"wp-image-55021\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/993c63a5-f054-445f-a580-6d535d91e7f0.png 829w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/993c63a5-f054-445f-a580-6d535d91e7f0-300x177.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/993c63a5-f054-445f-a580-6d535d91e7f0-600x355.png 600w\" sizes=\"auto, (max-width: 829px) 100vw, 829px\" \/><\/a><\/figure>\n<\/div>\n<h2 id=\"BlackByte\"><strong>BlackByte<\/strong><\/h2>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b2282f4d-3f8d-47fd-b228-205c71c46c06.png\" data-rel=\"lightbox-image-1\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55005\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/b2282f4d-3f8d-47fd-b228-205c71c46c06\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b2282f4d-3f8d-47fd-b228-205c71c46c06.png\" data-orig-size=\"1271,772\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"b2282f4d-3f8d-47fd-b228-205c71c46c06\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b2282f4d-3f8d-47fd-b228-205c71c46c06-300x182.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b2282f4d-3f8d-47fd-b228-205c71c46c06-600x364.png\" loading=\"lazy\" width=\"1271\" height=\"772\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b2282f4d-3f8d-47fd-b228-205c71c46c06.png\" alt=\"\" class=\"wp-image-55005\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b2282f4d-3f8d-47fd-b228-205c71c46c06.png 1271w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b2282f4d-3f8d-47fd-b228-205c71c46c06-300x182.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b2282f4d-3f8d-47fd-b228-205c71c46c06-600x364.png 600w\" sizes=\"auto, (max-width: 1271px) 100vw, 1271px\" \/><\/a><\/figure>\n<\/div>\n<ul>\n<li>Observed since:<strong>\u00a0<\/strong><code>July 2021<\/code><\/li>\n<li>Ransomware note:\u00a0<code>BlackByteRestore.txt<\/code><\/li>\n<li>Ransomware extension:<strong> <\/strong><code>.BlackByte<\/code><\/li>\n<li>Kill Chain:<strong> <\/strong>Some victims reported that attackers used known <code>Microsoft Exchange Server<\/code> vulnerabilities to gain access to their networks. &gt;\u00a0<code>BlackByte Ransomware<\/code>\u00a0<\/li>\n<li>Sample hash:\u00a0<code>1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad<\/code><\/li>\n<\/ul>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/96787996-8ac2-4bac-a7f7-09b5b6cc089e.png\" data-rel=\"lightbox-image-2\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55006\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/96787996-8ac2-4bac-a7f7-09b5b6cc089e\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/96787996-8ac2-4bac-a7f7-09b5b6cc089e.png\" data-orig-size=\"1110,329\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"96787996-8ac2-4bac-a7f7-09b5b6cc089e\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/96787996-8ac2-4bac-a7f7-09b5b6cc089e-300x89.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/96787996-8ac2-4bac-a7f7-09b5b6cc089e-600x178.png\" loading=\"lazy\" width=\"1110\" height=\"329\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/96787996-8ac2-4bac-a7f7-09b5b6cc089e.png\" alt=\"\" class=\"wp-image-55006\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/96787996-8ac2-4bac-a7f7-09b5b6cc089e.png 1110w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/96787996-8ac2-4bac-a7f7-09b5b6cc089e-300x89.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/96787996-8ac2-4bac-a7f7-09b5b6cc089e-600x178.png 600w\" sizes=\"auto, (max-width: 1110px) 100vw, 1110px\" \/><\/a><\/figure>\n<\/div>\n<h2><strong>HermeticRansom (PartyTicket)<\/strong><\/h2>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/adf5c70f-2c12-4a47-87b5-9c39e5b4ca0a.png\" data-rel=\"lightbox-image-3\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55007\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/adf5c70f-2c12-4a47-87b5-9c39e5b4ca0a\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/adf5c70f-2c12-4a47-87b5-9c39e5b4ca0a.png\" data-orig-size=\"1072,579\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"adf5c70f-2c12-4a47-87b5-9c39e5b4ca0a\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/adf5c70f-2c12-4a47-87b5-9c39e5b4ca0a-300x162.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/adf5c70f-2c12-4a47-87b5-9c39e5b4ca0a-600x324.png\" loading=\"lazy\" width=\"1072\" height=\"579\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/adf5c70f-2c12-4a47-87b5-9c39e5b4ca0a.png\" alt=\"\" class=\"wp-image-55007\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/adf5c70f-2c12-4a47-87b5-9c39e5b4ca0a.png 1072w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/adf5c70f-2c12-4a47-87b5-9c39e5b4ca0a-300x162.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/adf5c70f-2c12-4a47-87b5-9c39e5b4ca0a-600x324.png 600w\" sizes=\"auto, (max-width: 1072px) 100vw, 1072px\" \/><\/a><\/figure>\n<\/div>\n<ul>\n<li>Observed since:\u00a0<code>February 2022<\/code><\/li>\n<li>Ransomware note:\u00a0<code>read_me.html<\/code><\/li>\n<li>Ransomware extension:\u00a0<code>&lt;original file name&gt;.[vote2024forjb@protonmail[.]com].encryptedJB<\/code><\/li>\n<li>Kill Chain:\u00a0 On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at several organizations affected by the attack<\/li>\n<li>Sample hash:\u00a0<code>4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382<\/code><\/li>\n<\/ul>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/5e9cf988-4ee1-4f40-9477-3bd56d1afa39.png\" data-rel=\"lightbox-image-4\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55008\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/5e9cf988-4ee1-4f40-9477-3bd56d1afa39\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/5e9cf988-4ee1-4f40-9477-3bd56d1afa39.png\" data-orig-size=\"1098,327\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"5e9cf988-4ee1-4f40-9477-3bd56d1afa39\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/5e9cf988-4ee1-4f40-9477-3bd56d1afa39-300x89.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/5e9cf988-4ee1-4f40-9477-3bd56d1afa39-600x179.png\" loading=\"lazy\" width=\"1098\" height=\"327\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/5e9cf988-4ee1-4f40-9477-3bd56d1afa39.png\" alt=\"\" class=\"wp-image-55008\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/5e9cf988-4ee1-4f40-9477-3bd56d1afa39.png 1098w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/5e9cf988-4ee1-4f40-9477-3bd56d1afa39-300x89.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/5e9cf988-4ee1-4f40-9477-3bd56d1afa39-600x179.png 600w\" sizes=\"auto, (max-width: 1098px) 100vw, 1098px\" \/><\/a><\/figure>\n<\/div>\n<h2><strong>SFile (Escal)<\/strong><\/h2>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/f21f3777-b931-4155-80fe-7c5d3e6211f5.png\" data-rel=\"lightbox-image-5\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55009\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/f21f3777-b931-4155-80fe-7c5d3e6211f5\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/f21f3777-b931-4155-80fe-7c5d3e6211f5.png\" data-orig-size=\"1271,554\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"f21f3777-b931-4155-80fe-7c5d3e6211f5\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/f21f3777-b931-4155-80fe-7c5d3e6211f5-300x131.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/f21f3777-b931-4155-80fe-7c5d3e6211f5-600x262.png\" loading=\"lazy\" width=\"1271\" height=\"554\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/f21f3777-b931-4155-80fe-7c5d3e6211f5.png\" alt=\"\" class=\"wp-image-55009\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/f21f3777-b931-4155-80fe-7c5d3e6211f5.png 1271w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/f21f3777-b931-4155-80fe-7c5d3e6211f5-300x131.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/f21f3777-b931-4155-80fe-7c5d3e6211f5-600x262.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/f21f3777-b931-4155-80fe-7c5d3e6211f5-195x85.png 195w\" sizes=\"auto, (max-width: 1271px) 100vw, 1271px\" \/><\/a><\/figure>\n<\/div>\n<ul>\n<li>Observed since:\u00a0<code>February 2022<\/code><\/li>\n<li>Ransomware note:\u00a0<code>.&lt;company_name&gt;.!README.log<\/code><\/li>\n<li>Ransomware extension:\u00a0<code>.&lt;company_name&gt;.&lt;random&gt;<\/code><\/li>\n<li>Kill Chain:\u00a0 Smaller ransomware strains used in targeted attacks<\/li>\n<li>Sample hash:\u00a0<code>6a7cef95a501cce16dce6f5a645fc97c4bcbb568c83dde5a7f2e4a0d7555dd98<\/code><\/li>\n<\/ul>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6d2615e0-c882-4d24-9a1b-63fca3a49caa.png\" data-rel=\"lightbox-image-6\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55010\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/6d2615e0-c882-4d24-9a1b-63fca3a49caa\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6d2615e0-c882-4d24-9a1b-63fca3a49caa.png\" data-orig-size=\"1090,323\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"6d2615e0-c882-4d24-9a1b-63fca3a49caa\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6d2615e0-c882-4d24-9a1b-63fca3a49caa-300x89.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6d2615e0-c882-4d24-9a1b-63fca3a49caa-600x178.png\" loading=\"lazy\" width=\"1090\" height=\"323\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6d2615e0-c882-4d24-9a1b-63fca3a49caa.png\" alt=\"\" class=\"wp-image-55010\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6d2615e0-c882-4d24-9a1b-63fca3a49caa.png 1090w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6d2615e0-c882-4d24-9a1b-63fca3a49caa-300x89.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6d2615e0-c882-4d24-9a1b-63fca3a49caa-600x178.png 600w\" sizes=\"auto, (max-width: 1090px) 100vw, 1090px\" \/><\/a><\/figure>\n<\/div>\n<h2><strong>LockBit 2.0<\/strong><\/h2>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/8c724752-9fa4-4c7b-9589-bcf77c87e406.png\" data-rel=\"lightbox-image-7\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55011\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/8c724752-9fa4-4c7b-9589-bcf77c87e406\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/8c724752-9fa4-4c7b-9589-bcf77c87e406.png\" data-orig-size=\"1271,800\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"8c724752-9fa4-4c7b-9589-bcf77c87e406\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/8c724752-9fa4-4c7b-9589-bcf77c87e406-300x189.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/8c724752-9fa4-4c7b-9589-bcf77c87e406-600x378.png\" loading=\"lazy\" width=\"1271\" height=\"800\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/8c724752-9fa4-4c7b-9589-bcf77c87e406.png\" alt=\"\" class=\"wp-image-55011\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/8c724752-9fa4-4c7b-9589-bcf77c87e406.png 1271w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/8c724752-9fa4-4c7b-9589-bcf77c87e406-300x189.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/8c724752-9fa4-4c7b-9589-bcf77c87e406-600x378.png 600w\" sizes=\"auto, (max-width: 1271px) 100vw, 1271px\" \/><\/a><\/figure>\n<\/div>\n<ul>\n<li>Observed since:<strong>\u00a0<\/strong><code>September 2019<\/code><\/li>\n<li>Ransomware note:\u00a0<code>Restore-My-Files.txt<\/code><\/li>\n<li>Ransomware extension:<strong> <\/strong><code>.lockbit<\/code><\/li>\n<li>Kill Chain:<strong> <\/strong><code>Brute force attack on a web server containing an outdated VPN service<\/code> &gt;\u00a0<code>LockBit<\/code><\/li>\n<li>Sample hash:\u00a0<code>9feed0c7fa8c1d32390e1c168051267df61f11b048ec62aa5b8e66f60e8083af<\/code><\/li>\n<\/ul>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b9a18682-39f5-401c-a162-40243054c1bf.png\" data-rel=\"lightbox-image-8\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55012\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/b9a18682-39f5-401c-a162-40243054c1bf\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b9a18682-39f5-401c-a162-40243054c1bf.png\" data-orig-size=\"1084,323\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"b9a18682-39f5-401c-a162-40243054c1bf\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b9a18682-39f5-401c-a162-40243054c1bf-300x89.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b9a18682-39f5-401c-a162-40243054c1bf-600x179.png\" loading=\"lazy\" width=\"1084\" height=\"323\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b9a18682-39f5-401c-a162-40243054c1bf.png\" alt=\"\" class=\"wp-image-55012\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b9a18682-39f5-401c-a162-40243054c1bf.png 1084w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b9a18682-39f5-401c-a162-40243054c1bf-300x89.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/b9a18682-39f5-401c-a162-40243054c1bf-600x179.png 600w\" sizes=\"auto, (max-width: 1084px) 100vw, 1084px\" \/><\/a><\/figure>\n<\/div>\n<h2><strong>Magniber<\/strong><\/h2>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/d9e96dbe-a2f2-4da9-b71c-f7cf8fe71186.png\" data-rel=\"lightbox-image-9\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55013\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/d9e96dbe-a2f2-4da9-b71c-f7cf8fe71186\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/d9e96dbe-a2f2-4da9-b71c-f7cf8fe71186.png\" data-orig-size=\"961,508\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"d9e96dbe-a2f2-4da9-b71c-f7cf8fe71186\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/d9e96dbe-a2f2-4da9-b71c-f7cf8fe71186-300x159.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/d9e96dbe-a2f2-4da9-b71c-f7cf8fe71186-600x317.png\" loading=\"lazy\" width=\"961\" height=\"508\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/d9e96dbe-a2f2-4da9-b71c-f7cf8fe71186.png\" alt=\"\" class=\"wp-image-55013\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/d9e96dbe-a2f2-4da9-b71c-f7cf8fe71186.png 961w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/d9e96dbe-a2f2-4da9-b71c-f7cf8fe71186-300x159.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/d9e96dbe-a2f2-4da9-b71c-f7cf8fe71186-600x317.png 600w\" sizes=\"auto, (max-width: 961px) 100vw, 961px\" \/><\/a><\/figure>\n<\/div>\n<ul>\n<li>Observed since:\u00a0<code>October 2017<\/code><\/li>\n<li>Ransomware note:\u00a0<code>readme.txt<\/code><\/li>\n<li>Ransomware extension:\u00a0<code>dihlxbl<\/code><\/li>\n<li>Kill Chain:\u00a0 Being Distributed via Microsoft Edge and Google Chrome (Korean users)<\/li>\n<li>Sample hash:\u00a0<code>06ea8f2b8b70b665cbecab797125733f75014052d710515c5ca2d908f3852349<\/code><\/li>\n<\/ul>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/e40ce10c-9137-43a9-bb30-d4b4ade5c5f0.png\" data-rel=\"lightbox-image-10\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55014\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/e40ce10c-9137-43a9-bb30-d4b4ade5c5f0\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/e40ce10c-9137-43a9-bb30-d4b4ade5c5f0.png\" data-orig-size=\"1089,324\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"e40ce10c-9137-43a9-bb30-d4b4ade5c5f0\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/e40ce10c-9137-43a9-bb30-d4b4ade5c5f0-300x89.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/e40ce10c-9137-43a9-bb30-d4b4ade5c5f0-600x179.png\" loading=\"lazy\" width=\"1089\" height=\"324\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/e40ce10c-9137-43a9-bb30-d4b4ade5c5f0.png\" alt=\"\" class=\"wp-image-55014\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/e40ce10c-9137-43a9-bb30-d4b4ade5c5f0.png 1089w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/e40ce10c-9137-43a9-bb30-d4b4ade5c5f0-300x89.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/e40ce10c-9137-43a9-bb30-d4b4ade5c5f0-600x179.png 600w\" sizes=\"auto, (max-width: 1089px) 100vw, 1089px\" \/><\/a><\/figure>\n<\/div>\n<h2><strong>Surtr<\/strong><\/h2>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/53d0495e-09f8-43e1-a40d-1bc736dcf4ae.png\" data-rel=\"lightbox-image-11\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55015\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/53d0495e-09f8-43e1-a40d-1bc736dcf4ae\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/53d0495e-09f8-43e1-a40d-1bc736dcf4ae.png\" data-orig-size=\"1271,426\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"53d0495e-09f8-43e1-a40d-1bc736dcf4ae\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/53d0495e-09f8-43e1-a40d-1bc736dcf4ae-300x101.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/53d0495e-09f8-43e1-a40d-1bc736dcf4ae-600x201.png\" loading=\"lazy\" width=\"1271\" height=\"426\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/53d0495e-09f8-43e1-a40d-1bc736dcf4ae.png\" alt=\"\" class=\"wp-image-55015\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/53d0495e-09f8-43e1-a40d-1bc736dcf4ae.png 1271w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/53d0495e-09f8-43e1-a40d-1bc736dcf4ae-300x101.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/53d0495e-09f8-43e1-a40d-1bc736dcf4ae-600x201.png 600w\" sizes=\"auto, (max-width: 1271px) 100vw, 1271px\" \/><\/a><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/c0ff547d-67c5-4b84-9c39-f38f861fc800.png\" data-rel=\"lightbox-image-12\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55016\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/c0ff547d-67c5-4b84-9c39-f38f861fc800\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/c0ff547d-67c5-4b84-9c39-f38f861fc800.png\" data-orig-size=\"1091,324\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"c0ff547d-67c5-4b84-9c39-f38f861fc800\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/c0ff547d-67c5-4b84-9c39-f38f861fc800-300x89.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/c0ff547d-67c5-4b84-9c39-f38f861fc800-600x178.png\" loading=\"lazy\" width=\"1091\" height=\"324\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/c0ff547d-67c5-4b84-9c39-f38f861fc800.png\" alt=\"\" class=\"wp-image-55016\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/c0ff547d-67c5-4b84-9c39-f38f861fc800.png 1091w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/c0ff547d-67c5-4b84-9c39-f38f861fc800-300x89.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/c0ff547d-67c5-4b84-9c39-f38f861fc800-600x178.png 600w\" sizes=\"auto, (max-width: 1091px) 100vw, 1091px\" \/><\/a><\/figure>\n<\/div>\n<ul>\n<li>Observed since:&nbsp;<code>December 2021<\/code><\/li>\n<li>Ransomware note:&nbsp;<code>SURTR_README.hta<\/code><\/li>\n<li>Ransomware extension:&nbsp;<code>.surtr<\/code><\/li>\n<li>Kill Chain:&nbsp; <code>Spear-Phishing<\/code>&nbsp;&gt;&nbsp;<code>MalDoc&nbsp;<\/code>&gt;&nbsp;<code>Surtr Ransomware<\/code><\/li>\n<li>Sample hash:&nbsp;<code>40e5bb0526169c02126ffa60a09041e5e5453a24b26bc837036748b150fa3fae<\/code><\/li>\n<\/ul>\n<h2><strong>Sugar<\/strong><\/h2>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6b5bb64f-92d0-4793-ab5e-1cc1687bb029.png\" data-rel=\"lightbox-image-13\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55017\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/6b5bb64f-92d0-4793-ab5e-1cc1687bb029\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6b5bb64f-92d0-4793-ab5e-1cc1687bb029.png\" data-orig-size=\"1265,1068\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"6b5bb64f-92d0-4793-ab5e-1cc1687bb029\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6b5bb64f-92d0-4793-ab5e-1cc1687bb029-300x253.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6b5bb64f-92d0-4793-ab5e-1cc1687bb029-600x507.png\" loading=\"lazy\" width=\"1265\" height=\"1068\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6b5bb64f-92d0-4793-ab5e-1cc1687bb029.png\" alt=\"\" class=\"wp-image-55017\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6b5bb64f-92d0-4793-ab5e-1cc1687bb029.png 1265w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6b5bb64f-92d0-4793-ab5e-1cc1687bb029-300x253.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6b5bb64f-92d0-4793-ab5e-1cc1687bb029-600x507.png 600w\" sizes=\"auto, (max-width: 1265px) 100vw, 1265px\" \/><\/a><\/figure>\n<\/div>\n<ul>\n<li>Observed since:\u00a0<code>January 2021<\/code><\/li>\n<li>Ransomware note:\u00a0<code>BackFiles_encoded01.txt<\/code><\/li>\n<li>Ransomware extension:\u00a0<code>.Encoded01<\/code><\/li>\n<li>Kill Chain:\u00a0 <code>Spear-Phishing<\/code>\u00a0&gt;\u00a0<code>MalDoc\u00a0<\/code>&gt;\u00a0<code>Sugar Ransomware<\/code><\/li>\n<li>Sample hash:\u00a0<code>4a97bc8111631795cb730dfe7836d0afac3131ed8a91db81dde5062bb8021058<\/code><\/li>\n<\/ul>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6cd03bf3-9673-4b3d-b612-a498b7eece77.png\" data-rel=\"lightbox-image-14\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55018\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/6cd03bf3-9673-4b3d-b612-a498b7eece77\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6cd03bf3-9673-4b3d-b612-a498b7eece77.png\" data-orig-size=\"1241,299\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"6cd03bf3-9673-4b3d-b612-a498b7eece77\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6cd03bf3-9673-4b3d-b612-a498b7eece77-300x72.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6cd03bf3-9673-4b3d-b612-a498b7eece77-600x145.png\" loading=\"lazy\" width=\"1241\" height=\"299\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6cd03bf3-9673-4b3d-b612-a498b7eece77.png\" alt=\"\" class=\"wp-image-55018\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6cd03bf3-9673-4b3d-b612-a498b7eece77.png 1241w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6cd03bf3-9673-4b3d-b612-a498b7eece77-300x72.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6cd03bf3-9673-4b3d-b612-a498b7eece77-600x145.png 600w\" sizes=\"auto, (max-width: 1241px) 100vw, 1241px\" \/><\/a><\/figure>\n<\/div>\n<h2><strong>Conti<\/strong><\/h2>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6c65b6a3-83a5-4e7a-819a-976ee0e35ed9.png\" data-rel=\"lightbox-image-15\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55019\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/6c65b6a3-83a5-4e7a-819a-976ee0e35ed9\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6c65b6a3-83a5-4e7a-819a-976ee0e35ed9.png\" data-orig-size=\"1271,751\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"6c65b6a3-83a5-4e7a-819a-976ee0e35ed9\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6c65b6a3-83a5-4e7a-819a-976ee0e35ed9-300x177.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6c65b6a3-83a5-4e7a-819a-976ee0e35ed9-600x355.png\" loading=\"lazy\" width=\"1271\" height=\"751\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6c65b6a3-83a5-4e7a-819a-976ee0e35ed9.png\" alt=\"\" class=\"wp-image-55019\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6c65b6a3-83a5-4e7a-819a-976ee0e35ed9.png 1271w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6c65b6a3-83a5-4e7a-819a-976ee0e35ed9-300x177.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/6c65b6a3-83a5-4e7a-819a-976ee0e35ed9-600x355.png 600w\" sizes=\"auto, (max-width: 1271px) 100vw, 1271px\" \/><\/a><\/figure>\n<\/div>\n<ul>\n<li>Observed since:\u00a0<code>June 2021<\/code><\/li>\n<li>Ransomware ext: <code>.CONTI<\/code><\/li>\n<li>Ransomware notes:\u00a0<code>CONTI.txt<\/code> &#8211; <code>R3ADM3.txt<\/code> &#8211; <code>readme.txt<\/code> &#8211; <code>CONTI_README.txt<\/code><\/li>\n<li>Kill Chain:\u00a0<code>Spear-Phishing<\/code>\u00a0&gt;\u00a0<code>Bazar backdoor<\/code>, or <code>IcedID <\/code>\u00a0&gt;\u00a0<code>Cobalt Strike<\/code>\u00a0&gt;\u00a0<code>Conti Ransomware<\/code>\u00a0<\/li>\n<li>Sample hash:\u00a0<code>24ac73821de77cc9644d2ac40e97067ff63f625b5f20e085ad10535e47d7db59<\/code><\/li>\n<\/ul>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/70b1c0ea-2f13-4878-bace-ad0c783b8b59.png\" data-rel=\"lightbox-image-16\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" data-attachment-id=\"55020\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/attachment\/70b1c0ea-2f13-4878-bace-ad0c783b8b59\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/70b1c0ea-2f13-4878-bace-ad0c783b8b59.png\" data-orig-size=\"1087,323\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"70b1c0ea-2f13-4878-bace-ad0c783b8b59\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/70b1c0ea-2f13-4878-bace-ad0c783b8b59-300x89.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/70b1c0ea-2f13-4878-bace-ad0c783b8b59-600x178.png\" loading=\"lazy\" width=\"1087\" height=\"323\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/70b1c0ea-2f13-4878-bace-ad0c783b8b59.png\" alt=\"\" class=\"wp-image-55020\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/70b1c0ea-2f13-4878-bace-ad0c783b8b59.png 1087w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/70b1c0ea-2f13-4878-bace-ad0c783b8b59-300x89.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/03\/70b1c0ea-2f13-4878-bace-ad0c783b8b59-600x178.png 600w\" sizes=\"auto, (max-width: 1087px) 100vw, 1087px\" \/><\/a><\/figure>\n<\/div>\n<h2 id=\"Mitigations\"><strong>Mitigations<\/strong><\/h2>\n<p><em>Source: IC3.gov<\/em><\/p>\n<ul>\n<li>Implement regular backups of all data to be stored as air-gapped, password-protected copies offline. Ensure these copies are not accessible for modification or deletion from any system where the original data resides.<\/li>\n<li>Implement network segmentation, such that all machines on your network are not accessible from every other machine.<\/li>\n<li>Install and regularly update antivirus software on all hosts, and enable real-time detection.<\/li>\n<li>Install updates\/patch operating systems, software, and firmware as soon as updates\/patches are released.<\/li>\n<li>Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts.<\/li>\n<li>Audit user accounts with administrative privileges and configures access controls with the least privilege in mind. Do not give all users administrative privileges.<\/li>\n<li>Disable unused remote access\/Remote Desktop Protocol (RDP) ports and monitor remote access\/RDP logs for any unusual activity.<\/li>\n<li>Consider adding an email banner to emails received from outside your organization.<\/li>\n<li>Disable hyperlinks in received emails.<\/li>\n<li>Use double authentication when logging into accounts or services.<\/li>\n<li>Ensure routine auditing is conducted for all accounts.<\/li>\n<li>Ensure all the identified IOCs are input into the network SIEM for continuous monitoring and alerts.<\/li>\n<\/ul>\n<h2 id=\"How-Malwarebytes-protects-against-ransomware\"><strong>How Malwarebytes protects against ransomware<\/strong><\/h2>\n<p>Malwarebytes can protect systems against all <a href=\"https:\/\/www.malwarebytes.com\/ransomware\" target=\"_blank\" rel=\"noreferrer noopener\">ransomware<\/a> variants in several ways.<\/p>\n<p>The Malwarebytes Anti-Malware technology detects malicious files, browser modifications, and system modifications on Windows PCs using a combination of signature-based and signatureless technologies. This layer of protection detects the Ransomware binary itself. Detections can happen in real-time as the binary is run or the infection can be rooted out from an already-compromised machine by conducting a full system scan.<\/p>\n<p>Anti-Ransomware is a signatureless technology in charge of monitoring system activity of processes against a certain subset of data in specific locations on the endpoint. Using patented technology, Anti-Ransomware assesses changes in those data files. If an internal scoring threshold is crossed by a monitored process, it triggers a detection from the Anti-Ransomware component.<\/p>\n<p>For those already infected, Ransomware Rollback can help recover encrypted files within 72 hours of the attack. Rollback creates a local cache on the endpoint to store changes to files on the system. It can use this cache to help revert changes caused by a threat. The Rollback feature is dependent on activity monitoring available in <a href=\"https:\/\/www.malwarebytes.com\/business\/edr\">Malwarebytes Endpoint Detection and Response.<\/a><\/p>\n<p>Recommended reading:\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/security-world\/business-security-world\/2018\/08\/protect-rdp-access-ransomware-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to protect your RDP access from ransomware attacks<\/a><\/p>\n<\/p>\n<\/p>\n<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/\">Ransomware: February 2022 review<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Threat Intelligence Team| Date: Thu, 10 Mar 2022 17:59:42 +0000<\/strong><\/p>\n<p>Get the latest information on ransomware trends with our monthly review.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/ransomware-february-2022-review\/\">Ransomware: February 2022 review<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[25301,25302,25303,25304,25141,8957,25305,24616,15021,14323,25270,25306,3765,23661,25307,12040],"class_list":["post-18472","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-avoslocker","tag-blackbyte","tag-blackcat","tag-clop","tag-conti","tag-cuba","tag-hivelekas","tag-lockbit","tag-locker","tag-quantum","tag-ragnar","tag-ransomexx","tag-ransomware","tag-snatch","tag-suncrypts","tag-threat-intelligence"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18472","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18472"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18472\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}