Ashley Munoz

Dec 4, 2024 | xataka.com.mx | Ashley Munoz

El Equipo de Respuesta a Emergencias Globales de Kaspersky (GERT) informó que identificó recientemente una nueva variante del ransomware Mimic llamada ElPaco, que representa una amenaza avanzada para usuarios y para empresas. Este malware fue diseñado para desactivar medidas de seguridad, destruir respaldos críticos y cifrar archivos esenciales, según informó la empresa de ciberseguridad en un comunicado. Esto deja a sus víctimas sin opciones de recuperación más allá de pagar el rescate exigido.

Nov 26, 2024 | securelist.com | Cristian Souza |Eduardo Ovalle |Ashley Munoz |Timofey Ezhov

IntroductionIn a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim’s server after a successful brute force attack and then launch the ransomware. After that, the adversary was able to elevate their privileges by exploiting the CVE-2020-1472 vulnerability (Zerologon).

May 23, 2024 | securelist.com | Eduardo Ovalle |Ashley Munoz |Cristian Souza |Christopher Zachor

IntroductionAttackers always find creative ways to bypass defensive features and accomplish their goals. This can be done with packers, crypters, and code obfuscation. However, one of the best ways of evading detection, as well as maximizing compatibility, is to use the operating system’s own features. In the context of ransomware threats, one notable example is leveraging exported functions present in the cryptography DLL ADVAPI32.dll, such as CryptAcquireContextA, CryptEncrypt, and CryptDecrypt.