Track Common Adversary Tasks Performed Using BitPaymer

 





To know more about it, you can go through my detailed document by clicking here






Overview

BitPaymer is a ransomware-type virus that uses a unique encryption key, ransom note as well as contact information for each operation, and had targeted hospitals of the UK in 2017. As it is often delivered via Dridex, it's considered connected with Dridex malware.

How Does It Works?

Similar to the other ransomware, this one also spreads via various attack vectors with the help of a targeted phishing campaign against vulnerable organizations. The phishing email urges the victim to click on the link or document that results in the downloading of malware payload. BitPaymer also attacks through Brute Force RPD attack to gain access to a compromised computer network.

Prevention

The following factors might help in mitigating the ransomware:
  • Regularly conduct a thorough review of all the RDP connections as well as all the public-facing servers.

  • Always use RDP only when it's necessary and that too with multi-factor authentication.

  • Educate the users regarding the ransomware to limit its impact. 

  • All the servers and workstations must be patched with the latest security levels by system administrators.

  • Regularly update your operating system to ensure the protection against the latest known vulnerabilities.










To know more about it, you can go through my detailed document by clicking here




















































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)