Moses Staff is a politically motivated ransomware that targets israeli entities and it did not make any ransom demands. Moses Staff appears make use of publicly available exploits for known vulnerabilities that remain un-patched on public facing infrastructure. it is targeting vulnerable Microsoft Exchange servers that have been under exploitation for quiet some time now. After successfully infiltrating a system, the threat actors will laterally move through the network with the help of PsExec, WMIC, and Powershell, so no custom backdoors are used. The actors eventually use a custom PyDCrypt malware that utilizes the DiskCryptor, an open-source disk encryption tool available on GitHub, to encrypt devices.
Moses Staff Ransomware Signatures
Family: Trojan:Win32/Vigorf.A
MD5: a06c125e6da566be67aacf6c4e44005e
SHA256: 2aae636691b7d258528d19411d111bc48f36616438e8a8d0b223ecc8b33dd3db
Moses Staff Ransomware Download