operator
ChainsTTPsBlogLogin
menu
Prelude chain browser

Ransomware

Create a staging directory and generate a cryto key there. Discover the directories inside a user's home folder then safely encrypt all files inside the directories using the generated key. Compress the staging directory to prepare the crypto key for exfiltration and open a ransom note on the system.

2021-08-10

/static/assets/windows-logo.svg/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Professional
This is a professional attack chain. A professional subscription automatically gives you access to this chain + 50 more, with direct integration inside of Operator.info
Authors:khyberspache, w0rk3r, xanthonus

Execute this chain

Download Operator (1.7.1)
Learn about Operator

TTPs

List directories in current users home folder
Create a staging directory
Create a crypto key
Archive exfiltration directory
Recursively encrypt a directory
Remove ransomed files from disk
Leave encrypted data recovery note

Tags

wizard spider, kaseya vsa attack, ransomware

Tactics

Other chains in this theme
Is my host protected against Cuba Ransomware?

2022-12-27

/static/assets/windows-logo.svg
Stage and execute Cuba Ransomware.
Is this host protected from LockBit?

2022-12-06

/static/assets/windows-logo.svg
Is this host protected from LockBit?
CSwipe

2022-01-04

/static/assets/linux-logo.svg
Deploy a custom payload to achieve ransomware without using traditional encryption.
S(C)wipe

2021-12-28

/static/assets/apple-logo.svg
Deploy a custom payload to achieve ransomware without using traditional encryption.
Windows LotL Ransomware

2021-12-21

/static/assets/windows-logo.svg
Deploy a Windows live-off-the-land ransomware attack.
Linux LotL Ransomware

2021-12-14

/static/assets/linux-logo.svg
Deploy a linux live-off-the-land ransomware attack.
About PreludePrelude hardens an organization's defenses by continuously “asking” it questions through the form of safe cyberattacks. These attacks respond immediately to the latest vulnerabilities and cyber events, turning complex technical descriptions into deployable “questions”.Our mission is to increase the reach, frequency and usage of advanced security for all organizations.
twitterFollow @preludeorg on Twitter for new chains and more.
discordJoin the Prelude Discord to discuss chains and more.
githubKeep up to date with code changes and community activity on Github
operator
preludesecurity.comCareersTactics & TechniquesAttack themes
Privacy Policysupport@preludesecurity.com© 2023 Prelude Research, Inc.All rights reserved. Prelude, its logo and other trademarks are trademarks of Prelude Research, Inc. and may not be used without permission.