Memento Team, Ransomware Gang
Industry: N/A | Level: Operational | Source: Sophos
Ransomware gang, Memento Team, was observed by Sophos to have bypassed encryption protection using password-protected archives with WinRAR when the group's initial Python 3.9 script was stopped by endpoint protection. The group was active in their victim's network for a long time as there was a six-month dwell time from their initial access in April 2021, exploiting CVE-2021-21972 a vCenter vulnerability. During the threat actor’s time on the compromised network, they also deployed two coin-miners, XMR on May 18th, and XMRig on September 8th, which led to the victim’s network being encrypted with a password archive in October.
- Anvilogic Scenario: Memento Team - Behavior