Ask the community

The Revolving Ransomware Door

rcanzanese
Netskope
Netskope

The Ragnarok ransomware gang had been around since 2019, and suddenly ceased operations today, posting a universal decrypter and instructions on how do use it.

E9vfVKmXsAsWZgm.jpeg

What does this mean for the risk of ransomware? Not much. This week, we published a blog post about BlackMatter, a newcomer to the ransomware space. This is just the normal revolving door of ransomware operators, all following the same ransomware-as-a-service business model, using the same tactics, and trying to put controls in place so their affiliates don't target anyone that results in too much attention for the operators.

 

Netskope protects against ransomware using a multi-layered approach that includes signatures, machine learning, static heuristics, and sandbox analysis to prevent ransomware from making its way onto any of your endpoints. One of the most common ransomware delivery tactics we are actively blocking is ransomware delivered as next-stage payloads by malicious Microsoft Office Documents. Our Office Document Analyzer (part of our Advanced Threat offering) was built specifically to identify day-zero malicious Office documents using a combination of heuristics and machine learning. This screenshot shows a typical detection, which uses the name Gen.Malware.Detect.By.StHeur.MsOffice

 

Screenshot from 2021-08-27 14-47-00.png

 

The details illustrate the reasons why the sample was detected:

 

Screenshot from 2021-08-27 14-51-01.png

 

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In