loader gif

Attackers Compromise Admin Account to Infect Manufacturing Company With BitPaymer Ransomware

Attackers Compromise Admin Account to Infect Manufacturing Company With BitPaymer Ransomware (Malware and Vulnerabilities)

Threat actors compromised an account with administrator privileges to infect a manufacturing company with BitPaymer ransomware. A Trend Micro investigation found that digital attackers sent some commands via PsExec — a command-line tool for executing processes on remote computers — to copy and execute a variant of BitPaymer between 9:40 p.m. and 11:03 p.m. on Feb. 18, 2019. These attack attempts occurred remotely and filelessly, though Trend Micro did detect binaries associated with Dridex, a banking Trojan that ESET linked to BitPaymer’s creators last year. Not a New BitPaymer Variant Ransom.Win32.BITPAYMER.TGACAJ, the BitPaymer variant involved in this attack, was unique in that it used the victim organization’s name in its ransom note and as an extension name for encrypted files. How to Defend Against a Ransomware Infection Security professionals can help defend against ransomware by using an endpoint detection and response (EDR) tool to monitor IT devices for suspicious activity.

loader gif