Blog

In a year of threat landscape defining vulnerabilities (ProxyLogon, Log4j) and supply chain attacks with never before seen blast radiuses (SolarWinds, Kaseya), one threat has been consistently booming in the most recent years, dominating much of the cybersecurity dialog in both 2020 and 2021 — ransomware.

A Compromise Assessment (CA) is a comprehensive, automated, evidence-based analysis and evaluation of an organization’s entire digital environment and cybersecurity posture and is designed to identify all ongoing and past incidents of unauthorized access, malicious activity, and indicators of compromise.

Carrying on from our recent work on Prometheus Ransomware, we have new thoughts and intelligence to share on Conti Ransomware. However, considering the current climate and chatter across the global cyber landscape, we thought it best to also discuss how enterprises today should approach best practices regarding protection against ransomware.

Managed detection and response (MDR) is a service that fulfills the needs of organizations that lack the time and resources to be fully capable of identifying risks and detecting, verifying, and responding to threats and/or security incidents.

This year, CyCraft has been involved in several cases of Prometheus attacks. Naturally, we attempted to reverse-engineer Prometheus to gain a better understanding of the attack itself, the malware, and the attacker. We discovered that it was possible to recover our customers’ encrypted files to some degree. We are sharing this internally developed tool to help other victims recover.

Every year, the scale and scope of the ATT&CK Evaluations have gotten bigger, going more in-depth, and with more vendors participating; and each vendor doing everything they can to express their own value and worth to potential customers. Yet, this evaluation environment also creates a situation where each vendor could be a winner.