Copy
Share Share
Share Share
Share Share
Forward Forward
January eNews 2022

LIFARS Tabletop Exercise & Ransomware Playbook Bundle


Tabletop Exercise
Our Tabletop Exercises are individually tailored to meet the specific data protection needs of each client. LIFARS experts identify and interview essential personnel to understand your company’s distinct capabilities and existing contingency plans, then use this information to formulate a custom data-breach scenario based on our real-world experience.

Ransomware Playbook
LIFARS Ransomware Playbook is both a strategic, and a tactical guide to help your organization be more prepared in the case of a ransomware attack.  With the increasing frequency and voracity of the ransomware attacks, it is essential your team is prepared.  Consisting of a  detailed preparation checklist, critical incident decision points, and a technical response guide, LIFARS Ransomware Playbook will enable effective response and recovery from a ransomware incident. 

To speak with a representative complete our online form, or for immediate assistance call 
1-212-222-7061

For more information about our services visit www.lifars.com

Learn More

LIFARS Case Studies

A Deep Dive into The Grief Ransomware’s Capabilities

Grief ransomware is the successor of the DoppelPaymer ransomware, which emerged from the BitPaymer ransomware. Grief is deployed in an environment already compromised by Dridex and where the threat actor performed post-exploitation activities using Cobalt Strike. The ransomware is obfuscated and employs anti-analysis techniques that include API hashing, Vectored Exception Handling (VEH) manipulation, the Heaven’s Gate technique, encrypt relevant data using RC4. Grief runs with specific parameters computed based on the victim’s environment and crashes if no/incorrect parameters are provided (if you have been a victim of Grief ransomware, please contact us). The malware deletes all Volume Shadow Copies using vssadmin and Diskshadow and disables Microsoft Defender Antivirus. The encrypted files have the “.pay0rgrief” extension, and the malware imports an RSA public key that will be used to encrypt the generated AES file encryption keys.

To learn more, download our case study on The Grief Ransomware

Learn More
Reigster Now!

LIFARS Threat Bulletin 

Microsoft Discovers Threat Actor Targeting
SolarWinds Serv-U Software with 0-day Exploit

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures.

The vulnerability being exploited is CVE-2021-35211, which was recently patched by SolarWinds. The vulnerability, which Microsoft reported to SolarWinds, exists in Serv-U’s implementation of the Secure Shell (SSH) protocol. If Serv-U’s SSH is exposed to the internet, successful exploitation would give attackers ability to remotely run arbitrary code with privileges, allowing them to perform actions like install and run malicious payloads, or view and change data. We strongly urge all customers to update their instances of Serv-U to the latest available version.

Read More
Listen Now


Microsoft reported evidence of destructive malware targeting organizations in Ukraine starting from January 13. The LIFARS threat intelligence team have analyzed the malicious samples and provided a detailed analysis of the execution flow. The main objective of this technical brief is to demonstrate sophistication and TTPsdemonstrated by threat actors. The Ukrainian authorities blamed Russia for attacks in the context of the geopolitical tensions. LIFARS Threat Intelligence Team believes that there is a high possibility to see more wiper and ransomware attacks against Ukrainian institutions soon. 

Grief ransomware is the successor of the DoppelPaymer ransomware, which emerged from the BitPaymer ransomware. Grief is deployed in an environment already compromised by Dridex and where the threat actor performed post-exploitation activities using Cobalt Strike. The ransomware is obfuscated and employs anti-analysis techniques that include API hashing, Vectored Exception Handling (VEH) manipulation, the Heaven’s Gate technique, encrypt relevant data using RC4. Grief runs with specific parameters computed based on the victim’s environment and crashes if no/incorrect parameters are provided.

                   

Daniel Kelley, a reformed British computer hacker who committed over £70,000,000 in damages, has decided to share his story and answer questions from Redditors on the famous IAmA subreddit. Kelley was arrested in 2015 and released on bail until his trial in 2019. He spent the last two years in HMP Belmarsh, a high-security prison in London. If you don’t want your company to be mentioned in a former hacker’s AMA in the future, contact LIFARS. LIFARS is an industry leader that develops proactive strategies and tactics against evolving cybersecurity threats. 
 

 

A new cybersecurity coalition is forming in the Midwestern United States, led by electrical and computer engineering Professor Doug Jacobson of Iowa State University. He is also the leader of the university’s Center for Cybersecurity Innovation and Outreach. He is leading the effort to establish a regional coalition that protects critical local infrastructure from computer attacks. The coalition has been named ReCIPE (Regional Coalition for Critical Infrastructure Protection, Education and Practice) by the organizers from Iowa State University and the University of Illinois Urbana-Champaign. 

Drawbridge is a premier provider of cybersecurity software and solutions and a trusted partner to more than 700 funds in the alternative investment industry and their portfolio companies, with more than $1.3 trillion in Assets Under Management. Our technology platform empowers firms to build customized cyber programs that proactively manage vulnerabilities, simplify risk management, and grow with their business.
 
Drawbridge’s proprietary platform, Drawbridge Connect, is built to help firms combat the challenging cyber threat landscape by connecting business, compliance, and IT. We empower firms to centralize and manage their security programs, improve their risk profile, and raise institutional capital with our award-winning blend of SaaS-based solutions and client service. Visit drawbridgeco.com today to learn more and schedule a demo.

Facebook
Twitter
LinkedIn
Instagram
Instagram
RSS
Website
Email
About LIFARS
LIFARS is an elite cybersecurity, digital forensics, and incident response firm based in New York City. At LIFARS, we believe that cybersecurity is a matter of trust – that is why most of our services are rendered onsite at your premises to establish a personal relationship. Our solutions are based on industry best practices and hands-on expertise stemming from decades of experience. LIFARS conducts digital forensic investigations, incident response, web application security testing, digital risk assessments and academic research. LIFARS continuously explores the latest innovation in the cybersecurity field, and seeks to stay one step ahead of tomorrow’s industry landscape.
Copyright © 2022 LIFARS, All rights reserved.
244 Fifth Avenue, Suite 2035, New York, NY 10001   |   www.lifars.com   |   +1 (212) 222-7061   |   unsubscribe