Threat Intelligence Times

Discovery of a massive ransomware operation, dubbed “Operation Kofer”, has been announced today by Cybereason. Researchers at Cybereason have examined samples of several Kofer variants from around the world, and found that whilst general packaging and delivery techniques were shared, random variables were incorporated to avod static-signature or hash-based detection. Cybereason have provisionally concluded that all of the variants discovered as far were created by the same group, who may have used an algorithm to randomly assign different components, giving the resulting randomware ‘APT-like’ evasion capabilities.

“If the Kofer variants are in fact coming from a single source, then this can indicate the commoditization of ransomware at a whole new scale,” said Uri Sternfeld, Senior Security Researcher at Cybereason. “Our best suggestion to minimize the impact of ransomware is to run frequent backups using an external drive and use endpoint monitoring and detection technologies to limit the scope of such…

View original post 157 more words