DBGer Ransomware Uses EternalBlue and Mimikatz to Spread Across Networks

The authors of the Satan ransomware have rebranded their "product" and they now go by the name of DBGer ransomware, according to security researcher MalwareHunter, who spotted this new version earlier today.

The change was not only in name but also in the ransomware's modus operandi. According to the researcher, whose discovery was later confirmed by an Intezer code similarity analysis, the new (Satan) DBGer ransomware now also incorporates Mimikatz, an open-source password-dumping utility.

The purpose of DBGer incorporating Mimikatz is for lateral movement inside compromised networks. This fits a recently observed trend in Satan's modus operandi.

 

DBGer adds Mimikatz


The new (Satan) DBGer ransomware strain continues this focus on lateral movement. The new version spotted today works by dropping Mimikatz, dumping passwords for networked computers, and using these credentials to access and infect those devices as well.

The development path we see taken by the Satan/DBGer crew is what we can expect in the coming months from most ransomware strains.

Cybercrime gangs have understood by now that there is more money to be made from coin-mining campaigns rather than ransomware. The groups who are still active on the ransomware scene will need to improve their code to maximize profits and adding self-spreading and lateral movement mechanisms is the simplest way to do that.

This is because self-spreading and lateral movement features in ransomware allow a crook the opportunity to infect and receive multiple ransom payments just by fooling one absent-minded employee to open a boobytrapped file.

 

Cr. bleepingcomputer