Sophos discovered new stripped-down ransomware called Epsilon Red that offloads most of its functionality to a series of PowerShell scripts. It was delivered as the final executable payload in a hand-controlled attack against a US-based business in the hospitality industry in which every other early
Global security vendor Sophos claims to have discovered a new strain of Windows ransomware which is the final executable payload in a manual attack wh.
By Eduard Kovacs on May 31, 2021
A new piece of ransomware named Epsilon Red has been used to target at least one organization in the United States, and its operators have apparently already made a significant profit.
Cybersecurity firm Sophos reported last week that Epsilon Red operators have been spotted targeting a US-based company in the hospitality sector. The cryptocurrency address provided by the cybercriminals shows a bitcoin transaction for an amount worth roughly $210,000, which seems to indicate that at least one victim has agreed to pay the ransom demanded by the cybercriminals.
Sophos researchers noticed that the ransom note dropped by Epsilon Red is similar to the one displayed by the REvil ransomware, but Epsilon Red’s ransom note is better written it does not contain some of the grammar errors in the REvil note.
Ransomware macht Jagd auf ungepatchte Microsoft Exchange-Server winfuture.de - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from winfuture.de Daily Mail and Mail on Sunday newspapers.
Sophos: How timely intervention stopped a ProxyLogon attack
A recent incident at an undisclosed customer sheds new light on how malicious actors exploit unpatched Microsoft Exchange servers
Share this item with your network: By Published: 05 May 2021 14:00
Cyber security researchers at Sophos have been sharing details of how they were able to cut off an ongoing cyber attack on one of their customers, which exploited the dangerous ProxyLogon vulnerabilities in on-premise instances of Microsoft Exchange Server.
The customer, whose identity has not been revealed, is a large North American organisation with about 15,000 endpoints in play. It was initially compromised on 16 March 2021, a couple of weeks after the ProxyLogon zero-days were disclosed, via CVE-2021-26855 and CVE-2021-27065, which were leveraged to execute a malicious PowerShell command on the vulnerable server.