An Encounter with Ransomeware-as-a-Service: MEGAsync Analysis

Jun 21, 2021 1:54:00 PM / by Andrew Cook posted in Security, MEGAsync

Recon's SOC recently responded to an attempted ransomware and extortion attack. It had all the markings of a nightmare scenario: malicious access through the VPN, an external server in the same IP block as the Colonial Pipeline incident, Cobalt Strike flying across the environment, and a system running an unauthorized copy of MEGAsync. We attributed the attack to a Ransomware-as-a-Service (RaaS) threat group, likely DarkSide, REvil, or their affiliates.

Read More
View RSS Feed