Alexandre Matousek
Last known affiliation: Orange Cyberdefense
Bio: Alexandre has been working at Orange Cyberdefense CERT for 6 years, first as a forensics investigator, and then as a reverse-engineer specialized in advanced malware analysis. He is also now a proud belgian-sherperd malinois trainer 🙂
Date: 2023-04-13
Ransom Cartel trying not to “REvil” its identity
Jeremie Destuynder 🗣 | Alexandre Matousek 🗣
Jeremie Destuynder 🗣 | Alexandre Matousek 🗣
Abstract (click to view)
We Incident Responders from CERT Orange CyberDefense often face the same proven TTPs over and over by threat actors. Similar initial entry, privilege escalation, lateral movements, exfiltration, etc. techniques are seen in the numerous forensics cases we handled per year. Known ransomware gangs in particular follow scripted playbooks, as training documents from the Conti leaks and abundant public incident response reports already showed.
So when a victim came to us for help last November, our analysts expected to run into “Yet Another Ransomware” case. But it turned out way more interesting than initially thought. We’ll walk you into this case, that surprised in some ways even our most experienced analysts and reversers.
