Carrying on from our recent work on Prometheus Ransomware, we have new thoughts and intelligence to share on Conti Ransomware. However, considering the current climate and chatter across the global cyber landscape, we thought it best to also discuss how enterprises today should approach best practices regarding protection against ransomware.
Part I — Conti Ransomware Case Study
Part II — Brief Analysis of Conti Ransomware
Part III — Best Practices for Enterprises Today
When our post-breach Digital Forensic Incident Response (DFIR) investigation began, several domain controllers (DC) had already been compromised; a large amount of data had also been encrypted…
Taipei, Taiwan — September 2021 — CyCraft, a leading managed detection and response (MDR) provider based in Taiwan, has been featured in the latest IDC Perspective, Intelligence-Led Cybersecurity — Examples of Two Asia-Headquartered AI-Enabled Security Providers (Doc # AP47757822)
This IDC Perspective highlights the success of both CyCraft and CYFIMRA, two Asia-based AI-enabled cybersecurity solution providers, their key offerings, and their unique innovations to the Asia Pacific region.
Taipei, Taiwan — 1 September 2021 — CyCraft Technology, a leading managed detection and response (MDR) provider based in Taiwan, has officially released their latest security platform, X-SOC. In two years, CyCraft Technology has seized the domestic market in Taiwan and has been rapidly expanding across Southeast Asia — especially in Japan and Singapore.
CyCraft’s new X-SOC security platform uniquely allows managed security service providers (MSSP) to cohesively deliver CyCraft Managed Detection and Response (MDR) Reporting to large and geographically dispersed endpoints while maintaining CyCraft’s vision of keeping cybersecurity Fast / Accurate / Simple / Thorough.
Taipei, Taiwan — 22 July 2021 — CyCraft, a leading managed detection and response (MDR) provider based in Taiwan, has been identified as a Representative AI Startup in Gartner’s 2021 Market Guide for AI Startups, Greater China.
The Gartner Market Guide enables leadership worldwide to make better-informed decisions by providing an in-depth look into key focuses and use cases for AI technology, including natural language technology (NLT), computer vision (CV), machine learning (ML), and AI-enabled hardware, such as AI chips, drones, and autonomous vehicles.
According to Gartner, “[these 47 representative] AI startups offer potential benefits to both China-based and global…
Managed detection and response (MDR) is a service that fulfills the needs of organizations that lack the time and resources to be fully capable of identifying risks and detecting, verifying, and responding to threats and/or security incidents.
According to Gartner, a global research and advisory firm, managed detection and response (MDR) vendors provide the following services:
MDR providers could also undertake incident validation, continuous monitoring of all…
This year, CyCraft has been involved in several cases of Prometheus attacks. Naturally, we attempted to reverse-engineer Prometheus to gain a better understanding of the attack itself, the malware, and the attacker. We discovered that it was possible to recover our customers’ encrypted files to some degree. We are sharing this internally developed tool to help other victims recover.
We provided a GUI version for windows users. All features are supported in the GUI version. …
NOTE: This article has been translated into English from the original Medium article in Chinese.
John Jiang, CyCraft Cybersecurity Researcher
Every year, the scale and scope of the ATT&CK Evaluations have gotten bigger, going more in-depth, and with more vendors participating; and each vendor doing everything they can to express their own value and worth to potential customers. Yet, this evaluation environment also creates a situation where each vendor could be a winner.
I would like to offer an opinion that I know differs from the opinions of the general public.
The general public believes that a vendors’ marketing material…
CVE-2021–1675 targets Print Spooler, a native, built-in Windows service that is enabled by default on Windows machines. Originally patched in June 2021 by Microsoft, this vulnerability proved to be a much greater threat than initially thought.
Adding further to the confusion are all the various names attached to vulnerability CVE-2021–1675, such as “PrintNightmare” or “the Print Spooler Bug”. Microsoft also just released this notice, now updating the name to CVE-2021–34527.
Conti ransomware was busy in 2020. In May 2021, the FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks as well as the Irish health service. Unfortunately, an increase in Conti ransomware attacks was also observed here in Taiwan. Fortunately, we were able to acquire samples of Conti ransomware and perform analyses.
Conti Ransomware was first observed in December 2019 and has been primarily targeting corporate networks since.
Taipei, Taiwan — 17 June 2021 — Two Taiwan-based companies outperformed all other competition in the 2021 SelectUSA Investment Summit held earlier this month, claiming both first and second place in the cybersecurity industry category.
SelectUSA, the successor to Invest in America, is a summit held by the International Trade Administration of the U.S. Department of Commerce. The summit’s goal is to encourage and promote foreign direct investment (FDI) in the U.S.
The summit historically draws more than 3,000 attendees and over 1,200 global business leaders from approximately 80 international markets.
Since 2017, investment projects directly tied to the summit…