Change in Magniber Ransomware Vulnerability (CVE-2021-40444)
Magniber is a fileless ransomware using an IE vulnerability and it is one of the ransomware that causes damage to numerous Korean users. It is difficult to prevent infection if not detected and blocked in advance during the vulnerability occurrence phase, which makes it difficult for anti-malware programs to detect
Makop Ransomware Disguised as Resume Being Distributed in Korea
The ASEC analysis team has recently confirmed that Makop ransomware disguised as a resume is being distributed to Korean users. Makop ransomware is malware that has continuously changed and been distributed since last year. It has been introduced in the previous ASEC blogs and it still takes the form of
Kaseya VSA Supply Chain Ransomware Attacks (REvil Gang)
The ransomware attack by leveraging a vulnerability in VSA (a cloud-based management service that can manage various patches and perform client monitoring) made by Kaseya, an IT solutions developer for enterprises and managed service providers (MSPs), turned out to be BlueCrab (Sodinikibi) ransomware that is being actively distributed in korea
Detection of JavaScript Vulnerability (CVE-2021-26411) via V3 Behavior Detection (Magniber)
Attackers are using the CVE-2021-26411 JavaScript vulnerability to actively distribute fileless Magniber ransomware via IE browser. Its internal code flow is changing rapidly, and there are still numerous damage reports that involve Magniber ransomware in Korea. As it is being distributed via an IE vulnerability (CVE-2021-26411), it is absolutely crucial
More Companies being Targeted by Ransomware! Cases of Ransomware Attacks Against Company Systems
The number of cyberattacks targeting companies is increasing day by day. Just this May, the United States’ largest private pipeline company was attacked by ransomware, resulting in the shutdown of the entire pipeline facility. A well-known domestic delivery platform company also suffered from a ransomware attack, affecting hundreds and thousands
[Caution] Makop Ransomware Disguised as Job Application E-mail Being Distributed!
ASEC analysis team has recently discovered ransomware disguised as job application being distributed via e-mail. It appears that the attacker is targeting recruitment managers of various companies amidst the recruitment season of the first half of the year. Hence, recruiters must pay particular attention when managing their e-mail accounts. The
BlueCrab Ransomware’s Continuous Attempts to Bypass Detection
BlueCrab Ransomware (=Sodinokibi Ransomware) is a ransomware that is being vigorously distributed to Korean users. It distributes through a fake forum web page created using various search keywords. The infection process begins at the moment when a user runs the JS file downloaded from the distribution page. The distribution page
![[Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant](https://asec.ahnlab.com/wp-content/uploads/2021/01/15_cyber-threat_01.png)
[Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant
In November last year, there was a case that shocked not only the security industry, but also all of the Korean industries. The system of E-Land Group, the distribution giant, was infected by the ‘CLOP Ransomware.’ According to the press report that quoted an associate of the company, over half
