2021-11-23

Memento Team, Ransomware Gang

Level: 
Tactical
  |  Source: 
Sophos
Share:

Memento Team, Ransomware Gang

Industry: N/A | Level: Operational | Source: Sophos

Ransomware gang, Memento Team, was observed by Sophos to have bypassed encryption protection using password-protected archives with WinRAR when the group's initial Python 3.9 script was stopped by endpoint protection. The group was active in their victim's network for a long time as there was a six-month dwell time from their initial access in April 2021, exploiting CVE-2021-21972 a vCenter vulnerability. During the threat actor’s time on the compromised network, they also deployed two coin-miners, XMR on May 18th, and XMRig on September 8th, which led to the victim’s network being encrypted with a password archive in October.

  • Anvilogic Scenario: Memento Team - Behavior

Get trending threats published weekly by the Anvilogic team.

Sign Up Now