Palo Alto Networks’ Unit 42 Publishes Report on Mespinoza Group

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

Unit 42 of Palo Alto Networks has examined the Mespinoza gang’s latest techniques and practices in identifying its ‘cocky’ message and its instruments endowed with ‘creative names’ – but has shown no evidence suggesting that the group has changed to ransomware-as-a-service. 

Mespinoza attacks mostly, demonstrate various trends between different actors and families threatened with ransomware, which make their attacks simple and easy to use. 

The report researchers explained, “As with other ransomware attacks, Mespinoza originates through the proverbial front door – internet-facing RDP servers – mitigating the need to craft phishing emails, perform social engineering, leverage software vulnerabilities or other more time-consuming and costly activities. Further costs are saved through the use of numerous open-source tools available online for free, or through the use of built-in tools enabling actors to live off the land, all of which benefits bottom-line expenses and profits.” 

Although the MESPINOZA organization has not been as active as the more popular REvil, still its operations have achieved great success: the examination of Unit 42, revealed that victims pay up to $470,000 each for decryption of files, mainly from targets in the US and UK – including a Hackney Council attack last October.