Ransomware tops the list of cybersecurity concerns, and for good reason. As industry guides like Verizon’s data breach report and ECI’s own threat research show, such attacks are increasingly common and bring devastating results. In honor of Cybersecurity Awareness Month, our threat hunting teams took a closer at three of the latest ransomware attacks and what these exploits tell us about how financial firms can better protect themselves with the help of the right MSP partner.
The Triple Threat of JanelaRAT, Black Cat and Lockbit 3.0 Ransomware
Financial firms need to be on guard for an ever-shifting landscape of ransomware threats that are targeting their IT systems and data. Just this month, the ECI SOC team conducted a proactive analysis of the emerging JanelaRAT threat targeting users in the FinTech sector within the LATAM region. The infection chain starts with malicious VBScript sent inside ZIP archives. From there, JanelaRAT unleashes a complex range of tactics, techniques, and procedures (TTPs) that include DLL side-loading, utilization of dynamic C2 infrastructure as part of a multi-stage attack methodology.
We recently conducted a separate threat hunt analysis into BlackCat, a Ransomware-as-a-Service offering that the FBI has tied to at least 60 entities worldwide. BlackCat is a highly customizable ransomware that allows for attacks on a wide range of corporate environments, including both Linux and Windows systems. BlackCat is especially troubling in that it is believed to be the first use of Rust to write a ransomware strain. Rust is a much more secure programming language compared to C and C++, making it difficult for SOC teams to find coding weaknesses.
And then there’s Lockbit 3.0, the most recent version of the Lockbit ransomware family, posing a significant threat to enterprise networks. This advanced ransomware strain exploits a wide range of vulnerabilities and weaknesses in corporate systems to automate the encryption process. As was the case with its predecessors, Lockbit 3.0 employs a powerful combination of AES and RSA encryption algorithms and is known for its ability to neutralize backup systems, thereby preventing data restoration.
ECI Supports Clients with Proactive Threat Hunting and Rigorous Ransomware Protections
The above threats are just three of the most recent and troubling forms of ransomware circulating today, and they serve as just the latest reminders that modern ransomware is too devastating and too complex for organizations to battle on their own without the help of a qualified MSP partner like ECI.
ECI is trusted by financial firms to proactively identify, detect and effectively manage the risk associated with ransomware on client environments. We leverage a comprehensive understanding of the mechanisms employed by malicious actors. We examine the fine details around indicators of compromise (IoCs) and unique behavior patterns to develop the best remediation and mitigation strategies to enhance our clients’ cyber defense posture with robust tooling and processes to both detect and prevent attacks on client systems.
Clients who sign on to ECI’s Managed Extended Detection and Response (MXDR) service get the highest level of protection, with a combination of human and technology resources to stop ransomware in its tracks. ECI maintains superior staffing and skill sets in infrastructure engineering, systems architecture, device configuration and data management to continually optimize threat detection and mitigation. We combine this with advanced threat intelligence, domain expertise and coding acumen that tailor detection and prevention activities specifically to the threats that are most likely to target the organization.
Learn more about ECI’s MXDR offering for FinTech firms, and stay tuned for future blogs that drill down on exactly how JanelaRAT, Black Cat and Lockbit 3.0 operate – how best to protect against each of these critical ransomware threats.
