Carrying on from our recent work on Prometheus Ransomware, we have new thoughts and intelligence to share on Conti Ransomware. However, considering the current climate and chatter across the global cyber landscape, we thought it best to also discuss how enterprises today should approach best practices regarding protection against ransomware.

Part I — Conti Ransomware Case Study
Part II — Brief Analysis of Conti Ransomware
Part III — Best Practices for Enterprises Today

Part I — Conti Ransomware Case Study

When our post-breach Digital Forensic Incident Response (DFIR) investigation began, several domain controllers (DC) had already been compromised; a large amount of data had also been encrypted…


Taipei, Taiwan — September 2021 — CyCraft, a leading managed detection and response (MDR) provider based in Taiwan, has been featured in the latest IDC Perspective, Intelligence-Led Cybersecurity — Examples of Two Asia-Headquartered AI-Enabled Security Providers (Doc # AP47757822)

This IDC Perspective highlights the success of both CyCraft and CYFIMRA, two Asia-based AI-enabled cybersecurity solution providers, their key offerings, and their unique innovations to the Asia Pacific region.

“It is interesting to note how some organizations in the region prefer to engage a niche threat intelligence solution provider compared with some big brand names. The solutions discussed in this document…


New Security Platform Leverages AI-Driven Technology to Manage Over 150,000 Endpoints, Requiring Only One Analyst to Operate

Taipei, Taiwan — 1 September 2021 — CyCraft Technology, a leading managed detection and response (MDR) provider based in Taiwan, has officially released their latest security platform, X-SOC. In two years, CyCraft Technology has seized the domestic market in Taiwan and has been rapidly expanding across Southeast Asia — especially in Japan and Singapore.

CyCraft’s new X-SOC security platform uniquely allows managed security service providers (MSSP) to cohesively deliver CyCraft Managed Detection and Response (MDR) Reporting to large and geographically dispersed endpoints while maintaining CyCraft’s vision of keeping cybersecurity Fast / Accurate / Simple / Thorough.


CyCraft is the only cybersecurity firm featured in the report.

Taipei, Taiwan — 22 July 2021 — CyCraft, a leading managed detection and response (MDR) provider based in Taiwan, has been identified as a Representative AI Startup in Gartner’s 2021 Market Guide for AI Startups, Greater China.

The Gartner Market Guide enables leadership worldwide to make better-informed decisions by providing an in-depth look into key focuses and use cases for AI technology, including natural language technology (NLT), computer vision (CV), machine learning (ML), and AI-enabled hardware, such as AI chips, drones, and autonomous vehicles.

According to Gartner, “[these 47 representative] AI startups offer potential benefits to both China-based and global…


The Benefits, How it’s Different, How to Choose a Vendor, and More

Managed detection and response (MDR) is a service that fulfills the needs of organizations that lack the time and resources to be fully capable of identifying risks and detecting, verifying, and responding to threats and/or security incidents.

According to Gartner, a global research and advisory firm, managed detection and response (MDR) vendors provide the following services:

  • 24/7 threat monitoring
  • Advanced analytics
  • Threat intelligence
  • Human expertise in incident investigation and response
  • Detection and lightweight response services to customers leveraging a combination of technologies deployed at the host and network layers

MDR providers could also undertake incident validation, continuous monitoring of all…


This year, CyCraft has been involved in several cases of Prometheus attacks. Naturally, we attempted to reverse-engineer Prometheus to gain a better understanding of the attack itself, the malware, and the attacker. We discovered that it was possible to recover our customers’ encrypted files to some degree. We are sharing this internally developed tool to help other victims recover.

Visit Our GitHub | https://github.com/cycraft-corp/Prometheus-Decryptor
Direct Download | https://github.com/cycraft-corp/Prometheus-Decryptor/releases/download/1.2/prometheus_decryptor.zip

Quick How-to Guide

We provided a GUI version for windows users. All features are supported in the GUI version. …


Cutting Through the Marketing Buzzwords & How Everyone Can Become a Winner

NOTE: This article has been translated into English from the original Medium article in Chinese.

Foreword

John Jiang, CyCraft Cybersecurity Researcher

Every year, the scale and scope of the ATT&CK Evaluations have gotten bigger, going more in-depth, and with more vendors participating; and each vendor doing everything they can to express their own value and worth to potential customers. Yet, this evaluation environment also creates a situation where each vendor could be a winner.

I would like to offer an opinion that I know differs from the opinions of the general public.

The general public believes that a vendors’ marketing material…


CVE-2021–1675 (or is it CVE-2021–34527?)

What is CVE-2021–1675?

CVE-2021–1675 targets Print Spooler, a native, built-in Windows service that is enabled by default on Windows machines. Originally patched in June 2021 by Microsoft, this vulnerability proved to be a much greater threat than initially thought.

Adding further to the confusion are all the various names attached to vulnerability CVE-2021–1675, such as “PrintNightmare” or “the Print Spooler Bug”. Microsoft also just released this notice, now updating the name to CVE-2021–34527.


Conti ransomware was busy in 2020. In May 2021, the FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks as well as the Irish health service. Unfortunately, an increase in Conti ransomware attacks was also observed here in Taiwan. Fortunately, we were able to acquire samples of Conti ransomware and perform analyses.

For a granular forensic breakdown of Conti ransomware, its obfuscation techniques, execution flow, encryption scheme, as well as the observed attacks, read our full report.

Conti Ransomware Background

Conti Ransomware was first observed in December 2019 and has been primarily targeting corporate networks since.

Conti is reported to have targeted the following industries:

Financial…


Taipei, Taiwan — 17 June 2021 — Two Taiwan-based companies outperformed all other competition in the 2021 SelectUSA Investment Summit held earlier this month, claiming both first and second place in the cybersecurity industry category.

SelectUSA, the successor to Invest in America, is a summit held by the International Trade Administration of the U.S. Department of Commerce. The summit’s goal is to encourage and promote foreign direct investment (FDI) in the U.S.

The summit historically draws more than 3,000 attendees and over 1,200 global business leaders from approximately 80 international markets.

Since 2017, investment projects directly tied to the summit…

CyCraft Technology Corp

CyCraft automates SOC ops for the Fortune Global 500, national govs, & SMEs with MDR, IR, & threat hunting solutions. Learn more at CyCraft.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store