Ransomware, Threat Intelligence

Newly emergent Mad Liberator ransomware gang detailed

Share
Malware attack virus alert. Person use laptop with virtual warning sign with ransomware word. warning notification, Cyber threats.

Social engineering techniques and AnyDesk have been utilized by the Mad Liberator ransomware operation in attacks following its emergence last month, The Register reports.

Approval of an AnyDesk connection authorization request sent by Mad Liberator to one organization prompted the execution of a Windows update screen-emulating binary to obtain device control and access to a linked OneDrive account, as well as centralized server files, according to a report from Sophos X-Ops. Mad Liberator then proceeded to exfiltrate files via the AnyDesk FileTransfer facility before using the Advanced IP Scanner to scan for other devices that could be breached and running a ransom note, with the nearly four-hour intrusion ending with the restoration of device control to the victim, said Sophos X-Ops researchers. "We did note that the binary was manually triggered by the attacker; with no scheduled task or automation in place to execute it again once the threat actor was gone, the file simply remained on the affected system," researchers added.

Newly emergent Mad Liberator ransomware gang detailed

Approval of an AnyDesk connection authorization request sent by Mad Liberator to one organization prompted the execution of a Windows update screen-emulating binary to obtain device control and access to a linked OneDrive account.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.