Threat Management, Ransomware
Details emerge on new Noberus ransomware
SecurityWeek reports that threat actors leveraging the new Noberus ransomware, also known as BlackCat or ALPHV, have used three variants of the first known Rust-based ransomware in a single attack against a victim organization's network.
Symantec researchers discovered that malicious activity commenced on November 3, when the attackers first gained network access and infected two of the victim's systems, but they waited until November 18 before releasing the ransomware.
Attackers leveraged PsExec, which was initially deployed to obtain elevated administrative privileges, to enable PowerShell command execution that disabled Windows Defender before launching Noberus. Noberus has been discovered to have shadow copy deletion, system data collection, and hidden partition creation capabilities. Symantec also noted that while the attack has been discovered and remediated by the victim organization, network access was regained by its attackers, who launched another Noberus variant.
"In total, three variants of this ransomware were identified during this intrusion, leading to at least 261 machines on the network becoming infected with Noberus," said Symantec.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds