A lesser-known ransomware strain called AstraLocker has recently released its second major version, and according to threat analysts, its operators engage in rapid attacks that drop its payload directly from email attachments.
This approach is quite unusual as all the intermediate steps that typically characterize email attacks are there to help evade detection and minimize the chances of raising red flags on email security products.
According to ReversingLabs, which has been following AstraLocker operations, the adversaries don't seem to care about reconnaissance, evaluation of valuable files, and lateral network movement.
Instead, they are performing "smash-n-grab" attacks to his immediately hit with maximum force aiming for a quick payout.
AstraLocker 2.0 infects users directly from Word attachments
Userlevel 5
+3
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Login
CUSTOMER / CYMULATE EMPLOYEE LOGINor
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.