Ransomware cyber

Malwarebytes

Sep 12, 2024 1 min read
Malwarebytes

Malwarebytes' security systems faced an attack by the RansomHub ransomware gang, who leveraged Kaspersky's TDSSKiller tool to disable endpoint detection and response (EDR) services. This tactic, directed at the Malwarebytes Anti-Malware Service, was part of the attackers' strategy to undermine defense mechanisms and facilitate ransomware deployment. Additionally, the LaZagne tool was used for extracting and likely exfiltrating credentials. While the extent of the breach has not been publicized, the usage of legitimate tools allowed the attackers to bypass security measures, indicating a sophisticated approach and underscoring the challenges organizations face in protecting against such illicit activities by ransomware operators.

Source: https://securityaffairs.com/168296/malware/ransomhub-ransomware-tdskiller-disable-edr.html

TPRM report: https://scoringcyber.rankiteo.com/company/malwarebytes

"id": "mal000091224",
"linkid": "malwarebytes",
"type": "Ransomware",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Malwarebytes',
                        'type': 'Cybersecurity Company'}],
 'attack_vector': ['Exploitation of Legitimate Tools', 'Credential Extraction'],
 'data_breach': {'data_exfiltration': 'Likely',
                 'type_of_data_compromised': ['Credentials']},
 'description': "Malwarebytes' security systems faced an attack by the "
                "RansomHub ransomware gang, who leveraged Kaspersky's "
                'TDSSKiller tool to disable endpoint detection and response '
                '(EDR) services. This tactic, directed at the Malwarebytes '
                "Anti-Malware Service, was part of the attackers' strategy to "
                'undermine defense mechanisms and facilitate ransomware '
                'deployment. Additionally, the LaZagne tool was used for '
                'extracting and likely exfiltrating credentials. While the '
                'extent of the breach has not been publicized, the usage of '
                'legitimate tools allowed the attackers to bypass security '
                'measures, indicating a sophisticated approach and '
                'underscoring the challenges organizations face in protecting '
                'against such illicit activities by ransomware operators.',
 'impact': {'systems_affected': ['Malwarebytes Anti-Malware Service']},
 'lessons_learned': 'The usage of legitimate tools allowed the attackers to '
                    'bypass security measures, indicating a sophisticated '
                    'approach and underscoring the challenges organizations '
                    'face in protecting against such illicit activities by '
                    'ransomware operators.',
 'motivation': 'Ransomware Deployment',
 'ransomware': {'data_exfiltration': 'Likely',
                'ransomware_strain': 'RansomHub'},
 'threat_actor': 'RansomHub Ransomware Gang',
 'title': 'Malwarebytes Security Breach by RansomHub',
 'type': 'Ransomware Attack',
 'vulnerability_exploited': 'Endpoint Detection and Response (EDR) Services'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.