In Part 1 of our BlackByte ransomware analysis, we covered the execution flow of the first stage JScript launcher, how we extracted BlackByte binary from the second stage DLL, the inner workings of the ransomware, and our decryptor code. In this blog, we will detail how we analyzed and de-obfuscated the JScript launcher, BlackByte’s code, and strings.
Please click here for Part 2 UPDATE 19.October.2021 - Based on some reactions and responses to our BlackByte analysis, and specifically, the included decryptor, we wanted to provide an update and some clarification. First off, we’ve updated the decryptor on github to include two new files. One is the compiled build of the executable to make the tool more accessible and the second is a sample encrypted file “spider.png.blackbyte” that can be used to test the decryptor.
“Buy Now, Pay Later” (or BNPL) schemes are instant approval loans given at the point of sale on eCommerce websites. They are commonly seen on fashion websites, where shoppers are offered the chance to buy products right away and split the payment for their items over several months. Taking the FinTech world by storm in recent years, well-known BNPL providers include Klarna, Clearpay, Laybuy, Payl8r, Afterpay and Affirm.
A document sent to the US Congress published by Motherboard, the technology section of Vice, confirms that CIA personnel, the NSA and other members of the US Intelligence Community widely use ad blockers in their Internet browsers. This measure was adopted to remove the distraction of adverts on web pages for employees, but it provides additional protection against malware.
The most recent Transaction Advisors M&A Strategy Forum was held (virtually) in September and offered a wealth of information about deal tactics and terms. Transaction Advisors promotes best practices in all facets of M&A. (Full disclosure: Synopsys is a sponsor of the forum; we find the content very relevant to our clients.)
The security landscape is ever-changing, intensified by more sophisticated threats, and an increasing number of employees working from home leading to an expanding attack surface. Security professionals are tasked with maintaining a secure environment against a plethora of threats, manifested in thousands of alerts and events that are generated by security controls every day.
Security in cloud computing is often a major concern among cloud customers, mainly because of the risk of losing sensitive data and the difficulties of enforcing the organization’s security policies. Despite cloud computing’s potential efficiency for storing and exchanging files, cloud security remains questionable. According to one report from Statista, 81 percent of respondents found security to be the most prevalent challenge in cloud computing today.
The cyberworld has witnessed and defended against several forms of attacks. Some of the most common ones known to disrupt a network include credential stealing, malware installations, worms and viruses, and insider threats. In order to execute these attacks successfully, attackers often use different tools and techniques. For instance, in a ransomware attack, an attacker may install malicious software to encrypt all the files and folders in your network and demand a ransom to recover the files.
The FBI recently published a warning stating that ransomware gang OnePercent Group has been attacking companies in the US since November 2020. This gang of cybercriminals targets individuals within an organization with social engineering tactics designed to fool them into opening a document from a ZIP file attached to an email. Ransomware is then downloaded and the breach is underway.
