Renewed Satan Ransomware Leverages Mimikatz for Lateral Movement

Delaware, USA – June 19, 2018 – Attackers updated the infamous Satan ransomware and added additional possibilities for lateral movement within the organization’s network after initial infection. They named new modification the DBGer Ransomware, and now it is actively used in malicious campaigns. The Satan ransomware appeared a year and a half ago as a RaaS platform allowing anyone to try themselves as a cybercriminal. By early 2018, the boom of coinminers and the emergence of new RaaS platforms forced ransomware authors to focus on productive infection of organizations. In April, Satan began using the EternalBlue exploit, and by early June, its arsenal was extended with exploits for CVE-2017-12149 and CVE-2017-10271 and the capability of conducting brute force attacks against web applications. A few days ago, attackers added Mimikatz tool, which allows the ransomware to dump credentials for further distribution over the network.

The Satan / DBGer ransomware has become an even more dangerous tool in the hands of adversaries for attacks on organizations since one successful infection is enough to encrypt multiple systems. More and more ransomware families are focused on attacks against businesses, and organizations need tools to protect them against such attacks. Using SIEM and Ransomware Hunter use case, you can significantly decrease the risks of such attacks. Also, you can get Mimikatz Defence Framework at Threat Detection Marketplace that can alert your security team of lateral movement attempts.