Threat Watch

BitPaymer Ransomware Back Again; Targets US Manufacturing Company

A more targeted approach is being used by attackers when they are choosing the recipients of ransomware. This BitPaymer variant (Ransom.Win32.BITPAYMER.TGACAJ) has been seen a few times recently and it is unique because it mentions the targeted company by name in the ransom note, making it specific. That’s exactly what it did when it sent commands to the unnamed US manufacturing company’s system through PsExec on February 18th. Attackers were also attempting to run the PowerShell Empire Backdoor starting on January 29th leading up to the 18th of February when the BitPaymer Ransomware was installed. It is likely that a data breach occurred prior to or on the 29th of January because attackers needed administrator privileges to install BitPaymer through PsExec.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Companies can use intrusion detection systems that would have been able to detect malicious activity within the system. If accounts are believed to have been compromised, they should be updated immediately and if machines are believed to have been compromised, they should be cleaned as soon as possible to stop the spread of ransomware or malware.

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support