The more things change, the more they stay the same. Ransomware attacks continue to disrupt organizations across all sectors while the results of law enforcement actions are waiting to be seen. We continue to monitor an effective threat group that shows no signs of slowing down.
The following domains were identified and attributed to this threat group:
| azuregroupusa.com | getprintservices.com | twebhost.com |
| chipfirmware.com | itacrobat.com | vip-source.com |
| databasegroupinc.com | mikrotikinside.com | webnofy.com |
| dmaorlando.com | release-app.net | webonlinecompany.com |
| easyupdatepro.com | slim-well.com | windows-upd.com |
| esc-ok.com | softlinesys.com | wmsmicro.com |
| eztechnet.com | sonyblueprint.com | |
| gdbcrew.com | spdevhost.com |
One positive note, we observed a distinct change in adversarial TTPs with this group in the past month. Threat actors have moved away from their preferred domain name registrar, NameCheap, to other providers like NetEarth One and Hosting Concepts B.V. d/b/a Registrar.eu.
The best defense against ransomware continues to be centered on reliable backups, active monitoring of networks and systems for vulnerabilities and weaknesses, and active patch management solutions. An ounce of prevention is worth a pound of cure. If your enterprise is missing one or more best practices, please contact us to help get you on the right track before it is too late.
If you are in need of incident response support or ways to defend against this and other threats, please contact us at https://breakpoint-labs.com/.