Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON
  1. Homepage
  2. Equities
  3. United States
  4. Nasdaq
  5. Splunk Inc.
  6. News
  7. Summary
    SPLK   US8486371045

SPLUNK INC.

(SPLK)
  Report
Real-time Estimate Quote. Real-time Estimate Cboe BZX - 06/18 10:50:17 am
127.76 USD   +1.16%
06/17UNDERSTANDING THE DOD'S DATA STRATEGY : Part 1
PU
06/17SECURE FACTORY : Time to Step Up for the Manufacturing Industry
PU
06/16SPLUNK SOAR PLAYBOOKS : GCP Unusual Service Account Usage
PU
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Clop Ransomware Detection: Threat Research Release, April 2021

05/03/2021 | 04:35pm EDT
Share:
By Splunk Threat Research Team May 03, 2021

Clop Ransomware has been active since 2019 and has been mostly associated with financially-driven criminal groups. However, lately this ransomware payload has been observed in campaigns against universities and other institutions in the education vertical. Most recently, Clop Ransomware has been used in a cyberattack that demanded one of the highest ransom amounts in recorded history ($20 million), and one of the particular items associated with the actors behind the Clop Ransomware is blackmailing their victims through threatening to publish sensitive information exfiltrated from victims' networks. Within this past month in April, we saw that Clop Ransomware-related threats were persistent throughout the distinct variants used by several groups of organized criminals and decided to focus our research efforts on Clop Ransomware detections. We hope that these detections will help organizations detect abnormal behavior faster before it becomes detrimental. Watch this video to learn more.

Detection Searches for Clop Ransomware

As we state in our blog, 'Detecting Clop Ransomware,' the actors behind this crimeware send the malicious payloads via different methods, such as phishing emails, then proceed to spread ransomware payload post-exploitation by pivoting to exposed or related vulnerable systems. Although the actual developers of this crimeware have not been identified yet, they have been tied to several financially-driven threat actors. They are also known for leveraging public available vulnerabilities as entry and post-exploitation vectors.

The most common method behind this crimeware is as follows: once they have infiltrated their targets, they then present instructions on how to pay ransom and communicate further threats of exposure by publishing the sensitive information they obtained on a publicly accessible website.

Source *

Although this may appear as a new modality, in reality ransomware is usually the cherry on top of the cake, as malicious actors usually dwell, exfiltrate and qualify exfiltrated data, which eventually lands on dark web public forums, dark markets or private crime intelligence brokers where qualified financial, business and kompromat information is then priced and sold to the highest bidder.

We used our attack range tool to demonstrate and research how this malware payload infects and spreads once executed. A number of new searches has been created to address this threat:

Please see our blog 'Detecting Clop Ransomware' for specific information about the events and SPL code involved in these detections. We also provide information about a Splunk Phantom playbook that can be used to defend against this threat.

Why Should You Care?

Having the paid ransom amounts in recorded history ($20 million) and the fact that the Clop Ransomware actors are extremely opportunistic makes this a specially worrisome actor. The actors behind this crimeware are constantly looking for vulnerable targets, and once they are able to infiltrate victims, they are driven by obtaining sensitive information which most likely will end up sold in a dark market.

Ransomware campaigns involving this payload will continue, as this group continuously targets different verticals it is important to prepare and understand the workings of these malicious payloads and prepare your environment in order to defend and be resilient against a ransomware attack. You can use our pre-packaged detections to help your organization stay safe against these types of attacks.

For a full list of security content, check out the release notes on Splunk Docs:

Learn More

You can find the latest content about security analytic stories on GitHub and in Splunkbase. All of these detections are also now available via push update in Splunk Security Essentials.

Feedback

Any feedback or requests? Feel free to submitput in an i Issue on Github and we'll follow up. You can also join us on the Slack channel #security-research. Follow these instructions If you need an invitation to our Splunk user groups on Slack.

Contributors

We would like to thank the Splunk threat research team for their contributions to this post, and for developing new tools. We'd also like to thank all of the community contributors who provided feedback and helped generate new security content, especially Shannon Davis from the Splunk Sales Engineering group who contributed new detections for Exchange Webshells.

Disclaimer

Splunk Inc. published this content on 03 May 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 03 May 2021 20:34:06 UTC.


ę Publicnow 2021
All news about SPLUNK INC.
06/17UNDERSTANDING THE DOD'S DATA STRATEG : Part 1
PU
06/17SECURE FACTORY : Time to Step Up for the Manufacturing Industry
PU
06/16SPLUNK SOAR PLAYBOOKS : GCP Unusual Service Account Usage
PU
06/15SPLUNKá : State of Observability 2021 Report Links Observability Best Practices ..
BU
06/15SPLUNKá : Research Identifies the Clear Benefits of Strong Observability
PU
06/14INSIDER TRENDS : Insider at Splunk Makes Tax Sale Interrupting 90-Day Buy Trend
MT
06/14INSIDER TRENDS : Insider at Splunk Makes Shares Sale for Tax Slowing 90-Day Buy ..
MT
06/14INSIDER TRENDS : Splunk Insider Makes Shares Sale for Tax Slowing 90-Day Buy Tre..
MT
06/14SPLUNKá : Super Speed with Phantom Slash Commands
PU
06/13SPLUNKER STORIES : Vassil Barsakov
PU
More news
Financials (USD)
Sales 2022 2 532 M - -
Net income 2022 -1 215 M - -
Net Debt 2022 473 M - -
P/E ratio 2022 -16,6x
Yield 2022 -
Capitalization 20 703 M 20 703 M -
EV / Sales 2022 8,36x
EV / Sales 2023 6,73x
Nbr of Employees 6 500
Free-Float 99,7%
Chart SPLUNK INC.
Duration : Period :
Splunk Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends SPLUNK INC.
Short TermMid-TermLong Term
TrendsBullishBearishBearish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus OUTPERFORM
Number of Analysts 37
Average target price 165,50 $
Last Close Price 126,30 $
Spread / Highest target 78,1%
Spread / Average Target 31,0%
Spread / Lowest Target -1,03%
EPS Revisions
Managers and Directors
NameTitle
Douglas S. Merritt Chief Executive Officer & Director
Teresa H. Carlson President & Chief Growth Officer
Jason E. Child Chief Financial Officer & Senior Vice President
Graham Vivian Smith Chairman
Shawn Bice President-Products & Technology
Sector and Competitors
1st jan.Capitalization (M$)
SPLUNK INC.-25.66%20 703
MICROSOFT CORPORATION15.72%1 964 988
SEA LIMITED42.30%148 541
ZOOM VIDEO COMMUNICATIONS, INC.10.56%109 888
ATLASSIAN CORPORATION PLC12.25%65 938
DASSAULT SYSTÈMES SE18.30%61 290