Archives: August 2021

Cobalt Strike and Ransomware – Tracking An Effective Ransomware Campaign

Posted on August 31st, 2021

During the course of multiple incident response engagements, we encountered a persistent, unknown ransomware threat group utilizing an obfuscated Golang encryptor [1].  It is believed that the threat actors gained initial access through one or more SonicWall exploits [2], [3].  We can confirm prior sightings that Cobalt Strike was used by these threat actors to […]