Kaseya VSA Supply Chain Ransomware Attacks (REvil Gang) Posted By jcleebobgatenet , July 16, 2021 The ransomware attack by leveraging a vulnerability in VSA (a cloud-based management service that can manage various patches and perform client monitoring) made by Kaseya, an IT solutions developer for enterprises and managed service providers (MSPs), turned out to be BlueCrab (Sodinikibi) ransomware that is being actively distributed in korea as well. The figure below shows a desktop infected with the ransomware, which flashes the same screen like that of BlueCrab being widely spread in Korea. Unlike BlueCrab well-known in…
BlueCrab Ransomware Installing Hacking Tool CobaltStrike in Corporate Environments Posted By jcleebobgatenet , February 5, 2021 The ASEC analysis team confirmed that during the BlueCrab ransomware (=Sodinokibi, REvil) infection process, which is distributed in JS form, the CobaltStrike hacking tool was distributed under certain conditions. CobaltStrike hacking tool is a limited tool used for mock hacking test purposes under legitimate purposes; however, it has been actively used in malware since the recent source code leak. Since recently confirmed BlueCrab ransomware distribution JS file checks the corporate Active Directory (AD) environment and installs the CobaltStrike hacking tool…
BlueCrab Ransomware’s Continuous Attempts to Bypass Detection Posted By jcleebobgatenet , February 3, 2021 BlueCrab Ransomware (=Sodinokibi Ransomware) is a ransomware that is being vigorously distributed to Korean users. It distributes through a fake forum web page created using various search keywords. The infection process begins at the moment when a user runs the JS file downloaded from the distribution page. The distribution page appears in the front pages of a search engine, allowing it to be easily accessible. Because of this, cases of infection are being continuously reported by users. ASEC analysis team…