#Edited# , a recording of the Threat Gazette Live session on the Norsk Hydro Cyber Attack and SandBlast Agent prevention for it is now available.
The ongoing Cyber Attack on Norsk Hydro is changing fronts, adding fraud attempts that are trying to leverage the still not fully operational enterprise, still suffering from a cyber attack that started on March 19th . For more details you can join @Marcel_Afrahim and myself for the Threat Gazette Live on April 1st, scroll down for details.
The following initial analysis by @Marcel_Afrahim shows LockerGoga is using multi process operation, where each process encrypts a few files. This is done to bypass detection and work in parallel together with having a separate decryption key for every bunch, supposedly to make it harder to break.
You can deep dive and analyze the malware yourself using its online SandBlast Agent forensic report.
Here is a view to the multi process using SandBlast Agent forensic report:
The main process doesn't try to move laterally, suggesting an initial dropper insert it. On execution it enumerates the files and executes a child process to encrypt each bunch. After that he will cut the computer communication.
Join Threat Gazette Live on April 1st to hear more, click a link for your preferred webinar time:
Click to Register for the 8 a.m. GMT for EMEA and APAC
Click to Register for the 11 a.m. EST for Americas
Thanks,
Gadi
| User | Count |
|---|---|
| 9 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Thu 21 Nov 2024 @ 02:00 PM (MST)
Denver North: Infinity External Risk Management and Harmony SaaSMon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Mon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsThu 21 Nov 2024 @ 02:00 PM (MST)
Denver North: Infinity External Risk Management and Harmony SaaSTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
