Home     >     Technology     >    

Nefilim Ransomware Targets Victims with $1 Billion Revenue

HONG KONG SAR -  - 9 June 2021 - Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today released a case study of the Nefilim ransomware group, providing insight into the inner-workings of modern ransomware attacks. The report gives valuable insight into how ransomware groups have evolved, operate under the radar and how advanced threat detection and response platforms can help stop them.

 

The approach of modern ransomware families makes detection and response significantly more difficult for already stretched SOC and IT security teams. This matters not only to the bottom line and corporate reputation, but also the wellbeing of SOC teams themselves.

 

To read the report "Modern Ransomware's Double Extortion Tactics and How to Protect Enterprises Against Them": https://www.trendmicro.com/vinfo/hk/security/news/cybercrime-and-digital-threats/modern-ransomwares-double-extortion-tactics-and-how-to-protect-enterprises-against-them.

 

"Modern ransomware attacks are highly targeted, adaptable and stealthy – using proven approaches perfected by APT groups in the past. By stealing data and locking key systems, groups like Nefilim look to extort highly profitable global organizations," said Bob McArdle, director of cybercrime research for Trend Micro. "Our latest report is a must-read for anyone in the industry who wants to understand this fast-growing underground economy inside-out, and how solutions like Trend Micro Vision One can help them hit back."

 

Of the 16 ransomware groups studied from March 2020 to January 2021, Conti, Doppelpaymer, Egregor and REvil led the way in terms of number of victims exposed—and Cl0p had the most stolen data hosted online at 5TB.

 

However, with its ruthless focus on organizations posting more than $1 billion in revenue, Nefilim extorted the highest median revenue.

 

As the report reveals, a Nefilim attack typically involves the following stages:

  • Initial access that exploits weak credentials on exposed RDP services or other externally facing HTTP services.
  • Once inside, legitimate admin tools are used for lateral movement to find valuable systems for data theft and encryption.
  • A "call home" system is set up with Cobalt Strike and protocols that can pass through firewalls, like HTTP, HTTPS and DNS.
  • Bulletproof hosting services are used for C&C servers.
  • Data is exfiltrated and published on TOR-protected websites later to extort victim. Nefilim published around 2TB of data last year.
  • Ransomware payload is launched manually once enough data has been exfiltrated.


Trend Micro has previously warned of the widespread use of legitimate tools such as AdFind, Cobalt Strike, Mimikatz, Process Hacker, PsExec, and MegaSync, to help ransomware attackers achieve their end goal while staying hidden. This can make it challenging for different SOC analysts looking at event logs from different parts of the environment to see the bigger picture and spot attacks.

 

Trend Micro Vision One monitors and correlates suspicious behavior across multiple layers—endpoints, emails, servers, and cloud workloads—to ensure there's no hiding space for threat actors. This makes for faster incident response times, and teams can often stop attacks before they've had a chance to make a serious impact on the organization.

 

  • Media Contact
  • Trend Micro
Information contained on this page is provided by an independent third-party content provider.This Site make no warranties or representations in connection therewith.If you are affiliated with this page and would like it removed it please contact service@ceapress.com
Related tags: Technology
Recommend

BYD Rolls Off Its 3 Millionth New Energy Vehicle and Debuts A New Passenger Car Brand Matrix

2022-11-16 23:18:00

BYD's acceleration on promoting New Energy Vehicles. From the first new energy vehicle to the 1 millionth new energy vehicle in 13 years and from 1 million to 2 million in just 1 year and from 2 million to 3 million in just 6 months, BYD is actively promoting NEVs. "To reassure our customers about safety, we have made it a mission that we will carry to the end". In addition to the Blade Battery and CTB technology, BYD will also launch another safe and novel pioneering technology which will be equipped for the first time on the new model of its high-end brand, the Yangwang brand. BYD Auto will build up its brand matrix with five brands. These five brands are Dynasty, Ocean, Denza, Yangwang, and a new brand that specializes in professional and personalized identities. BYD operates globally. As a global seeker of talent, BYD acquires its talents worldwide. In terms of operation, BYD has extended its new energy vehicle footprint to over 400 cities across 70 countries and regions on 6 continents. In particular, BYD's new energy passenger cars have entered Norway, Germany, Japan, Thailand, Brazil, and other markets in the world. In the future, BYD's new energy passenger cars will enter more markets and will be manufactured as well as sold globally.

Trina Solar defines the aesthetic black product by high tech, delivering new Vertex S modules globally

2022-11-01 23:02:00

Trina Solar's Vertex S Aesthetic Module, an upgraded product highly anticipated by global customers, has arrived in Europe, Australia, Japan and other markets recently. It is the first solar PV module to win the Red Dot Award and is turning heads because of its efficient and reliable performance and an outstanding design and visual appearance, making it a favorite among distributed solar rooftops in global markets.

Hikvision released the evolutionary eDVR Series with eSSD technology

2022-10-12 00:00:00

October 12, 2022 – Hikvision recently added the eDVR Series into its expanding portfolio of security solutions for SMBs. Powered by embedded solid state drive technology, Hikvision's eDVRs are compact, durable, easy-to-use, and energy-efficient. All this means they are ideal for small-to-medium-sized businesses and residential applications.

Xiaomi Partners with National Geographic Magazine China Inspring Global Youth to Rediscover Life's Wonders

2022-10-04 00:00:00

Following the footsteps of Out of Eden Walk Paul Salopek Harnessing Xiaomi technology to inspire curiosity in their world

XPENG Receives Third Consecutive MSCI ESG Rating of AA Achieves Industry-leading DJSI Scores

2022-10-03 11:00:00

Dedication to EV technology innovation brings remarkable growth potential

OPPO Wins Impact Award and Innovation Award on Consumer Tech at BEYOND Expo 2022

2022-09-26 00:00:00

OPPO was awarded the Impact Award and Consumer Tech Innovation Award at BEYOND Expo 2022 yesterday for its achievements in sustainability and SUPERVOOC Flash Charge technology.