Noberus ransomware: Coded in Rust and tailored to victim. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 26 February 2022

⏱️ 19 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Guest Dick O'Brien, Principal Editor at Symantec, joins Dave to discuss their team's research, "Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware." Noberus is new ransomware used in mid-November attack, ConnectWise was likely infection vector. Symantec, a division of Broadcom Software, tracks this ransomware as Ransom.Noberus and our researchers first spotted it on a victim organization on November 18, 2021, with three variants of Noberus deployed by the attackers over the course of that attack. This would appear to show that this ransomware was active earlier than was previously reported, with MalwareHunterTeam having told BleepingComputer they first saw this ransomware on November 21. Noberus is an interesting ransomware because it is coded in Rust, and this is the first time we have seen a professional ransomware strain that has been used in real-world attacks coded in this programming language. Noberus appears to carry out the now-typical double extortion ransomware attacks where they first steal information from victim networks before encrypting files. Noberus adds the .sykffle extension to encrypted files. The research can be found here: Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	Today's episode is sponsored by SRM, your first call for cybersecurity and
0:18.1	investigations. Threats today are evolving faster than ever before and since 2005 SRM has pioneered
0:25.3	tailored security solutions for global corporations and their executives.
0:29.5	Whether it's defending against cyber attacks with their award-winning team of ethical hackers and incident response specialists,
0:36.4	or navigating the murky waters of compliance and ESG challenges,
0:40.9	SRMs, Insight and Straight straightforward advice will help you navigate complex risks
0:46.4	and emerge more resilient.
0:48.4	Their secret, a culture that nurtures the sharpest minds, giving them access to the newest technologies and the freedom
0:55.3	to solve problems in new ways, enabling them to craft simple effective solutions for your
1:01.4	unique cyber challenges.
1:03.7	Search your first call to discover how SRM can help your business. Hello everyone and welcome to the CyberWire's research Saturday.
1:26.7	I'm Dave Bitner and this is our weekly conversation with researchers and analysts tracking
1:31.6	down threats and vulnerabilities, solving some of the hard problems of protecting
1:35.9	ourselves in a rapidly evolving cyberspace.
1:39.4	Thanks for joining us.
1:51.2	So, you know, like a lot of other vendors, we do, like a lot of other vendors, we do find lots of new ransomware families, but this one in particular stood out to us for a number of reasons.
1:56.7	We thought it seemed to be relatively sophisticated and so we thought it was something to watch and something we should maybe publish
2:06.2	a better.
2:07.2	That's Dick O'Brien.
2:08.5	He's a principal editor with Symantec's Threat Intelligence Research Team.
2:12.8	The research we're discussing today is titled, Nobaris.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.