Quick Look at a Novel Technique Used by Darkbit Ransomware
I'm very aware that in infosec we tend to be like magpies, distracted by new and shiny objects while sometimes underestimating the impact of the boring tried and true techniques that hackers use day in and day out because they just work. Having said that, I'm only human and when I see something I haven't seen before it piques my curiosity. That was the case with this tweet by Jazi , a Fortinet threat intel researcher, talking about a Darkbit payload. Before we get into the content of that tweet though let's have a quick look at Darkbit, as there are so many ransomware groups now, and the smaller ones can start to blur together as there are only so many adjectives that they seem to favour. Darkbit are not a very active ransomware group, from what I can tell they have had one high profile victim, the Technion - Israel Institute of Technology. The group heavily implies that they are a disgruntled former tech worker, the further implication is that they may have work