"Sprite Spider Emerging as One of the Most Destructive Ransomware Threat Actors"
CrowdStrike cybersecurity leaders Sergei Frankoff and Eric Loui presented details about the ransomware actor called Sprite Spider at the recent SANS Cyber Threat Intelligence Summit. Sprite Spider is expected to be one of the most destructive ransomware threat actors in 2021. The group behind Sprite Spider's attacks has grown significantly in sophistication and severity since 2015. According to researchers, Sprite Spider emerged in 2015, using a banking Trojan dubbed Shifu. In 2017, Sprite Spider added a malware loader called Vatet. The group then deployed a Remote Access Trojan (RAT) called PyXie in 2018 and ransomware named DEFRAY777 in 2019. The gang often escapes detection by hiding its code in open-source projects like Notepad++. The gang only writes Vatet to disk, making it difficult for analysts to track them. This article continues to discuss the evolution of Sprite Spider and how this threat actor's kill chain is similar to that of Advanced Persistent Threat (APT) groups ten years ago, as well as the use of commodity malware infections as precursors to major ransomware attacks and the need for robust defenses to combat the growing sophistication of ransomware attackers.
CSO Online reports "Sprite Spider Emerging as One of the Most Destructive Ransomware Threat Actors"