ISC StormCast for Monday, October 14th 2019
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 14 October 2019
⏱️ 4 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, October 14th, 2019 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich. |
| 0:09.3 | I'm recording from Chicago, Illinois. Federal holiday today in the United States, so I'll keep today's podcast a little bit shorter. |
| 0:24.6 | For all the friends of Yara, we do have a new version. This version makes the XOR modifier a little bit more flexible and also adds private |
| 0:32.5 | strings. If you're not familiar with Yara, you're essentially a language to describe binaries and patterns. |
| 0:41.0 | So it's often used in open source antivirus and matter detection engines. |
| 0:49.0 | Now these days we keep hearing about antivirus companies releasing decryption tools for various ransomware |
| 0:57.1 | strains. There's a new twist to this that sort of was released on Friday. Web developer in |
| 1:04.7 | Germany, Tupias Fremel, was infected with ransomware that hit his QNAP network accessible storage device. |
| 1:13.6 | And after he actually paid for the ransomware, he discovered that one of the web server that the ransomware was communicating with had an open web shell installed. |
| 1:25.6 | So he used this web shell to essentially compromise that server |
| 1:31.3 | further and exfiltrate any keys stored in the server's database for different victims of this ransomware. |
| 1:42.3 | He made these keys public, so if you were recently infected by the |
| 1:47.8 | Mystic Ransomware, you may want to take a look at the list and see if it helps you decrypt |
| 1:54.6 | your data. Of course, this kind of hacking back is always quite controversial. According to the description, I read, |
| 2:03.2 | I think he did sort of the minimum amount of hacking, so to speak, in order to get the data |
| 2:11.1 | back for other victims of this criminal. So I would call his response to be proportional. |
| 2:18.3 | On the other hand, these web servers that were used by the ransomware were third-party |
| 2:23.0 | web servers that were compromised by the ransomware. |
| 2:26.4 | So that's always the risk here that if you overstep your boundaries, you're actually doing |
| 2:32.0 | additional damage to victims of other attacks. |
| 2:38.4 | And Malware Hunter team came across an interesting cryptocurrency trading platform, or at least |
| 2:44.2 | that's what it claimed to contain, that did include additional goodies in the form of info stealing malware. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.