If you would like to join the NJCCIC membership roster, just click the link below and provide us with some basic information and a Cyber Liaison Officer will get back to you.
Threat Profile Updates
HolyCrypt targets Windows OS and its method of distribution is currently unknown. HolyCrypt is written in Python and compiled into a single Windows executable file using PyInstaller. It targets certain files located in the %UserProfile% folder using AES encryption. HolyCrypt prepends impacted file names with the word “encrypted.”
RIG was discovered in 2014 and remains one of the most active exploits kits today. In February 2015, a security researcher from MalwareTech reported that an underground reseller leaked RIG’s source code after being banned from a hacker forum for trying to scam customers.
Delilah, discovered in 2016, is the first known "insider" threat Trojan. Delilah spreads through social engineering and/or extortion, sometimes using ransomware techniques. The Trojan is currently only shared through closed hacker groups.