
Conti Ransomware Gang Strikes ‘Jeweler to the Stars’
Cybereason has been tracking the Conti ransomware gang since 2020 and they have conducted hundreds of attacks against hospitals, law enforcement agencies and critical infrastructure operators...
Lital Asher-Dotan
A team of Cybereason Labs researchers, headed by Uri Sternfeld, Senior Security Researcher, announced today the discovery of a massive ransomware operation it has named “Operation Kofer”.
After examining samples of several Kofer variants sourced from around the world, Cybereason researchers found they shared the same general packaging and delivery techniques, but incorporated random variables in order to avoid static-signature or hash-based detection. This leads Cybereason to believe they were all created by the same operational group using an algorithm to “mix and match” different components, giving ransomware “APT-like” evasion capabilities. A full analysis of Operation Kofer can be found here.
The fact that the Kofer variants come from a single source is an indication of the commoditization of ransomware at a whole new scale. The analyzed Kofer samples had different hashes and unique characteristics, but share attributes such as fake icons, bogus file names and a distinct packaging pattern that connects what would otherwise appear to be unrelated samples to a single source. In addition to mechanisms that help them evade detection by sandboxes and dynamic detection tools, Kofer variants also include embellishments that attempt to fool malware researchers.
Operation Kofer appears to be the first “drive-by” ransomware operation to incorporate an APT/nation-state level of complexity, making it an increasing threat to organizations. We believe that Operation Kofer already has a European-wide presence, as the researchers identified variants that targeted Spanish, Polish, Swiss and Turkish organizations, among others.
Cybereason’s report, called “Operation Kofer: Mutating Ransomware Enters the Fray” provides a full analysis of Operation Kofer, including key findings, similarities and differences across the samples, detection and mitigation suggestions. For more information, visit or email: kofer@cybereason.com Hashtags: #OperationKofer #Kofer
Lital is a Marketing Team Leader, Storyteller, Technology Marketing Expert. She joined Cybereason as the first marketing hire and built a full marketing department. Specializing in brand building, product marketing, communication and content. Passionate about building ROI-driven marketing teams.
Cybereason has been tracking the Conti ransomware gang since 2020 and they have conducted hundreds of attacks against hospitals, law enforcement agencies and critical infrastructure operators...
Paying a ransom is the worst possible strategy for addressing ransomware attacks.
Cybereason has been tracking the Conti ransomware gang since 2020 and they have conducted hundreds of attacks against hospitals, law enforcement agencies and critical infrastructure operators...
Paying a ransom is the worst possible strategy for addressing ransomware attacks.
Get the latest research, expert insights, and security industry news.
Subscribe