The ransomware, is one of the most popular species attack, which is constantly being reformulated. At 2019 the malware builds alliances to target large public and corporate networks. Back to 2018, the hackers behind it GandCrab ransomware started it Ransomware-as-a-Service, which shifts the template and transforms ransomware into a comprehensive Branding, Marketing and Display business.
The Truniger team
The Truniger hacking team, also known as TeamSnatch, was created by a malicious agent who had shown particular interest in scams with credit cards. The team is taking advantage vulnerabilities based on RDP and brute-force attacks to gain access to various RDP databases.
According to Advintel's report, the attack was particularly effective, so the hacking team began looking for new ways to make money from its violations.
So the Truniger team managed to encrypt more than 1.800 Appliances using GandCrab until the end of August 2018. The hacker behind the creation of the team said that by joining GandCrab's affiliate program, he learned the methods for carrying out sophisticated attacks.
The hacker then decided to create his own Ransomware and further expand the team, hiring technicians to help him with his business, offering them up to 10.000 USD a month.
Tools and techniques used
The team hacking uses many techniques to share ransomware, the most common being RDP brute-forcing.
Truniger is trying to gain Windows system administrator rights by using the mimikatz tool to search for domain administrator credentials, financial information and perform escalation privileges.
The team told AdvIntel that it focuses on dedicated RDP servers and is interested in Dynamic Data Exchange (DDE).
One of the most well-known attacks of the organization is that it took place in the German IT company CityComp and received data from companies such as Oracle, SAP, BT, Porsche, Toshiba, Volkswagen, Airbus and more.
The team has also made known its access to various other RDP networks linked to government networks and retail stores.