Masscan Ransomware Threat Analysis - 2022 Cyber Intelligence Report
Numerous cases of ransomware damage were reported by many Korean companies in the second half of 2022. The damage is unique in its aspect, that an attacker infiltrated a database (DB) server with a vulnerable security system, distributed ransomware, encrypted the file, and added a ".masscan" string to the file extension.
As new ransomware has spread globally, this report names the entire attack lifecycle of Masscan ransomware as operation “MaRS” and tracks further cases of damage.
We expect this report to be used as a resource for understanding the entire process of attack, from the attacker’s initial intrusion to the infection itself, and hence used as a tool to assess and estimate the damage.