Sprite Spider Emerging as One of The Most Destructive Ransomware Threat Actors

February 4, 2021 admin OSINT, Security, threatintel

Click the icon to Follow me:-

Recently, two CrowdStrike cybersecurity leads during a Cyber Threat Intelligence Summit at the SANS – Senior Security Researcher Sergei Frankoff, and Senior Intelligence Analyst Eric Loui, shared detailed information on the ‘Spirit Spider’, an emerging leading ransomware actor. Like other ransomware attacks, the malicious crew behind Sprite Spider attacks has rapidly increased in terms of sophistication and damage capabilities since 2015. At present, Sprite Spider has become one of the most dangerous ransomware malicious actors of 2021.

AMD Ryzen 9 3900X 12-core, 24-thread unlocked desktop processor with Wraith Prism LED Cooler $484.00

The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 12 cores and 24 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED ... read more

(as of February 28, 2021 - )

AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler ~~$389.99~~ $377.10

AMD's fastest 6 core processor for mainstream desktop, with 12 processing threads Can deliver elite 100+ FPS performance in the world's most popular games Bundled with the quiet, capable AMD Wraith Stealth cooler 4.6 GHz Max Boost, unlocked for overc... read more

(as of February 28, 2021 - )

AMD Ryzen 5 2600 Processor with Wraith Stealth Cooler - YD2600BBAFBOX ~~$199.00~~ $189.99

System ram type: DDR4_sdram

(as of February 28, 2021 - )

Although, this ransomware ‘Sprite Spider’, did not come as a surprise for many world-leading IT firms, like other organized ransomware groups which are filled with threat actors who are often fruitfully employed by nation-state cybercriminals.

The journey of Sprite Spider

To have come so far to make headlines, it must have gotten started somewhere, but when and where? It was back in 2015 when the ransomware was employed as a banking Trojan called Shifu, and then in 2017, a malware loader called Vatet. The gang had deployed a remote access Trojan called PyXie, in 2018, and in 2019, the attackers’ deployed ransomware called DEFRAY777.

Crowdstrike researchers linked Shifu, Wyatt, and Pixi to the DEFRAY777 ransomware attacks. At this point they realized that all the activities from these components were linked to a single-malicious group, operating stealthily behind the scenes.

The threat actors can often avoid detection mainly because the malicious code is secretly hidden in open-source projects such as Notepad++, which technically is invisible and hence visibly harmless. The only thing the Sprite Spider writes to disk is ‘Vatet’, which makes it even more difficult for the intelligence to identify it during an attack.

“I think we’ve seen a number of nation-states engage in these types of attacks to generate revenue, specifically North Korea,” CrowdStrike’s senior vice president of intelligence Adam Meyers tells CSO. He added that “Iran and China are also getting in on the ransomware game. It’s not necessarily the nation-state that is conducting the attack, but [the cybercriminals] are using the skills they learned [by working for nation-state attackers] to make a little extra money on the side. The individuals engaged by the nation-state are conducting ransomware attacks on a moonlight shift.”

Mark Weatherford, chief strategy officer at the National Cybersecurity Center and a former DHS cybersecurity official in the Obama administration, said “I think it will take an international effort to address the growing ransomware scourge. Until there is more of an international policy discussion, I think we’re going to see these things grow. What we need is an international combined effort from nations around the world to say that this is no longer acceptable.” He tells CSO.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.