Blackmon Mooring Faces Ransomware Attack by Hunters Group

By /

Listen to this Post

Blackmon Mooring, a US-based company, recently fell victim to a ransomware attack orchestrated by the cybercriminal group Hunters. The attackers successfully exfiltrated sensitive data and encrypted critical files, disrupting business operations.

You Should Know:

1. Understanding Ransomware Attacks

Ransomware is a type of malware that encrypts files, demanding payment (usually in cryptocurrency) for decryption. Attackers often steal data beforehand to pressure victims into paying.

2. How to Detect Ransomware Activity

Use these commands to monitor suspicious activities on Linux/Windows systems:

Linux:

 Check for unusual file modifications 
find / -type f -mtime -1 -exec ls -lh {} \;

Monitor network connections 
netstat -tulnp | grep -E '(tor|ransom)'

Analyze running processes 
ps aux | grep -i "crypt|encrypt|exfiltration"

Windows (PowerShell):

 Check for abnormal file encryption 
Get-ChildItem -Path C:\ -Recurse -Force -ErrorAction SilentlyContinue | Where-Object { $_.Extension -eq ".encrypted" }

Monitor suspicious network traffic 
Get-NetTCPConnection | Where-Object { $<em>.State -eq "Established" -and $</em>.RemoteAddress -notmatch "192.168|10.0" }

Detect ransomware processes 
Get-Process | Where-Object { $_.ProcessName -match "crypt|lock|exfil" }

3. Mitigation Steps

  • Isolate Infected Systems: Disconnect from the network immediately.
  • Restore from Backups: Ensure backups are immutable (protected from deletion).
  • Report to Authorities: Contact CISA (US) or local cybersecurity agencies.

4. Preventing Future Attacks

  • Patch Management: 
    Linux (Debian/Ubuntu) 
sudo apt update && sudo apt upgrade -y

Windows 
wuauclt /detectnow /updatenow

  • Enable Multi-Factor Authentication (MFA): 
    Linux (Google Authenticator) 
sudo apt install libpam-google-authenticator 
google-authenticator
  • Use Endpoint Protection: 
    Install ClamAV (Linux) 
sudo apt install clamav clamav-daemon 
sudo freshclam 
sudo clamscan -r /home

5. Data Exfiltration Monitoring

Check for unusual outbound traffic:

 Linux (iptables logging) 
sudo iptables -A OUTPUT -j LOG --log-prefix "OUTBOUND: "

What Undercode Say

Ransomware remains a critical threat, and proactive defense is essential. Regularly audit systems, enforce least-privilege access, and maintain offline backups. Hunters’ attack on Blackmon Mooring highlights the need for robust incident response plans.

Expected Output:

Suspicious process detected: /tmp/.crypt_attack (PID 4456) 
Outbound connection to 185.143.223.17 (Tor exit node)

Reference: Ransomware Attack Details

References:

Reported By: Hendryadrian Blackmonmooring – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: