Case of Infection With Lockis Ransomware in a Company, Caused by Not Using Anti-Malware’s Lock Policy
Around November, one of AhnLab’s clients suffered an infection from the Lockis ransomware to several of their servers. As the targeted company suffered a malware infection despite the fact it was using the anti-malware program V3, AhnLab A-FIRST conducted a forensic analysis to find out the cause of infection. As
Hacking Tool Used With Lockis Ransomware
AhnLab A-FIRST conducted a forensic analysis of the damaged system infected with Lockis ransomware around November. Lockis ransomware is a variant of GlobeImposter ransomware that the Russian attack group TA505 uses, and it first appeared on September 16th. The number of variants of the GlobeImposter ransomware has constantly been increasing
New Malware of Lazarus Threat Actor Group Exploiting INITECH Process
The AhnLab ASEC analysis team has discovered that there are 47 companies and institutions—including defense companies—infected with the malware distributed by the Lazarus group in the first quarter of 2022. Considering the severity of the situation, the team has been monitoring the infection cases. In systems of the organizations infected
Case of Ransomware Infection in a Company Using Local Administrator Accounts Set with Same Password
After analyzing the infected systems of the company that suffered damage from the recent Lockis ransomware infection, the ASEC analysis team discovered that the attacker executed the ransomware after RDP accessing the infected systems with local Administrator accounts. An investigation of local Administrator information of the infected systems showed that
