The R Word: Retelling the Recent Rise and Resurgence of Resilient Ransomware-as-a-Service Operators

Channel:
United States SANS Institute
Subscribers:
64,200
Published on ● Video Link: https://www.youtube.com/watch?v=pZ3tyhL61rI


Category:
Discussion
Duration: 26:55
1,018 views
9

SANS Ransomware Summit 2022

Speaker:
Jono Davis, Senior Analyst, PwC Global Threat Intelligence Team

The Ransomware threat landscape has evolved markedly since the first big "players" entered the scene in 2019. 2022 has seen a continuation of the themes of 2021, where the Ransomware-as-a-Service (RaaS) market has dominated both discussion in the security community and mainstream headlines. In this presentation, we will talk about the most infamous Ransomware-as-a-Service (RaaS) operator of 2021: BlackMatter/Darkside: a threat actor PwC's threat intelligence team tracks as White Apep. The group has become infamous for its resilience, having undergone multiple rebrands in the face of operational crackdowns by US law enforcement. We also present evidence that supports the theory that the operations of White Apep have continued in the form of a new RaaS known in open source as BlackCat, or ALPHV-NG; with the operator of this affiliate program tracked by PwC as White Dev 101. We present these findings as a unique case study of advanced and successful techniques, tools, and procedures (TTPs), alongside an affiliate program that has proven to be difficult to eliminate. This session is a chance to expose how the ransomware itself evolved as it became necessary for White Apep: and then potentially White Dev 101 to alter the binary so as to maintain its corner of the RaaS market. We will detail the elements that we assess are unique features of the ransomware codebase, which allow us to draw similarities between BlackMatter and BlackCat, as well as those features that are more common to other ransomware binaries. In doing so, we hope to provide useful information for both technical and strategic analysts when it comes to the tracking and analyzing of RaaS binaries, as well as the pitfalls of common TTPs that could be misread as unique.

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE



Other Videos By SANS Institute


2022-08-19SANS Cyber Solutions Fest 2022 - Track: Threat Hunting & Intelligence
2022-08-17Ransomware Management and Recovery Tactics
2022-08-17Multifaceted Extortion: Analysis of Data Exfiltration TTPs Used by Ransomware Threat Actors
2022-08-17The Role of Cryptocurrency in Ransomware Negotiations and Other Cybercrimes
2022-08-17Can you Detect This? | Inside The Ransomware Operator's Toolkit
2022-08-17Initial Access Merchant Offerings & Ransomware Victims: Mapping Breached Entities & Threat Actors
2022-08-17Sleeping with the Enemy: A Best Practice Guide for Attacker Engagement
2022-08-17SANS Netwars Core Tournament Version 8 Demo
2022-08-16Cyber Security Expertise - Where Should You Begin?
2022-08-11Kaseya Ransomware Reaction - Lessons Learned
2022-08-02The R Word: Retelling the Recent Rise and Resurgence of Resilient Ransomware-as-a-Service Operators
2022-07-29"Crime Time" | Rethinking Ransomware and How to Disrupt It
2022-07-27Security Conversations That Matter | Seat At The Table
2022-07-20The Anatomy of a Targeted Industrial Ransomware Attack
2022-07-19Enterprise Journey to Multicloud Security
2022-07-19Detection-In-Depth: Out of Band Monitoring for Critical Process Parameters-Gus Serino
2022-07-19I Can’t Get That Out of My Memory! A PLC’s Story About Love, Loss, and Triumph- Jeffrey Shearer
2022-07-19Making Use of All Those SBOMs-Eric Byrnes
2022-07-19Board Room Decisions: How to Use Threat-Informed Industrial Risk Management-Jason Christopher
2022-07-14SANS@Night - Blueprint Podcast Live [REPLAY]
2022-07-07Panel | Self-Management Strategies for Avoiding Burnout, Staying Healthy, and Getting Stuff Done


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training