When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Under Attack? Breach Response Hotline: Call 833.997.7327 (US/CAN)
Threat actors target manufacturing facilities to disrupt product distribution.
Threat actors target healthcare industries to steal patients' names, financial records, social security numbers, and other personal information.
Threat actors target education institutions stealing students' and employees' information including name, SSN, and addresses.
Threat actors target MSPs shutting down servers and impacting customers' trust in companies.
Mespinoza breached an Australian money management company, MyBudget, and posted stolen data on their leak website, causing 13 days of downtime.
Mespinoza infected the Hackney London Borough Council impacting numerous government services including systems residents used to pay rent and council tax, access housing benefit payments and process land requests. Data including passport details, staff information and photo IDs were posted on Mespinoza’s leak website
Mespinoza targeted California’s Sierra College causing it to temporarily lose access to its learning management system and taking offline the main website, and payroll systems.
.locked
.pysa
.Mespinoza
Threat actors access the target network using remote desktop protocol credentials or phishing emails. Once the network is compromised, attackers use open-source tools including Advanced Port Scanner and Advanced IP Scanner to conduct network reconnaissance establishing a strong foothold using tools like PowerShell Empire, Koadic and Mimikatz. Before beginning the encryption process, attackers exfiltrate files from the victim’s network using WinSCP tool. Stolen data can be uploaded to MEGA.NZ, cloud storage and file sharing services by uploading the data to either the MEGA website or installing the MEGA client on a compromised endpoint. Threat actors will deploy the Mespinoza ransomware encrypting files on the system using RSA-4096 and AES-256-CFB encryption. Crucial operating systems files are not encrypted as they are necessary for the ransom payment process and decrypting data process.
SpearTip’s ShadowSpear platform defends your environment with unparalleled resources preventing cybersecurity threats and attacks from affecting your business. ShadowSpear integrates with cloud, network and endpoint devices providing security. ShadowSpear prevents ransomware from exploiting memory, stopping the threat before the full attack cycle. The ShadowSpear Platform is backed by the engineers in our 24/7 Security Operations Centers, ready to assist partners with security issues immediately.
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.