Jeremie Destuynder
Last known affiliation: Orange Cyberdefense
Bio: Jeremie Destuynder has been an Incident Responder for Orange Cyberdefense CERT for the last 6 years, going from small scale compromises to large APT attacks, with a secret hope that toucans will rule the world one day. Better that than Skynet…
Date: 2023-04-13
Ransom Cartel trying not to “REvil” its identity
Jeremie Destuynder 🗣 | Alexandre Matousek 🗣
Jeremie Destuynder 🗣 | Alexandre Matousek 🗣
Abstract (click to view)
We Incident Responders from CERT Orange CyberDefense often face the same proven TTPs over and over by threat actors. Similar initial entry, privilege escalation, lateral movements, exfiltration, etc. techniques are seen in the numerous forensics cases we handled per year. Known ransomware gangs in particular follow scripted playbooks, as training documents from the Conti leaks and abundant public incident response reports already showed.
So when a victim came to us for help last November, our analysts expected to run into “Yet Another Ransomware” case. But it turned out way more interesting than initially thought. We’ll walk you into this case, that surprised in some ways even our most experienced analysts and reversers.