GetCrypt ransomware is a new malware that is being distributed through malvertising campaigns. Victims are first sent either a spam email or redirected to a malicious site. Malicious scripts on the site will try to exploit vulnerabilities on the user’s system. If it is successfully downloaded, the ransomware will immediately start scanning files on the user’s system. One interesting note is that if GetCrypt detects that the victim’s computer language is set to Ukrainian, Belarusian, Russian or Kazakh, the ransomware will terminate immediately. otherwise, the ransomware will start encrypting files on the infected computer. The virus will then create a ransom note named “# decrypt my files #.txt” and will demand that the user contacts “getcrypt@cock.li” for payment instructions. GetCrypt also attempts to brute force attack the user’s network in an attempt to infect other computers.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is