N3TW0RM is a ransomware group that emerged in May 2021, primarily targeting Israeli companies and, more broadly, organizations within the EMEA region. Assessed with high confidence to be of Iranian origin, its primary motivation is to disrupt Israeli interests rather than purely financial gain, evidenced by minimal ransom demands and a lack of engagement during negotiations. A distinctive characteristic of N3TW0RM is its use of a client-server model for ransomware deployment; a program is installed on the victim's server to listen for workstation connections, subsequently deploying client executables ('slave.exe') via PAExec to encrypt devices. This method allows the group to contain all ransomware activities within the victim's network, reducing reliance on external command and control infrastructure. The group also utilizes a disk space filler utility, an uncommon technique for ransomware operations, to overwhelm disk volumes with junk data before deleting it and shutting down the op

Paises afectados

URLs nuevas detectadas en IntelTracker