American incident response and digital forensic services company Crypsis today announced the formation of a new research team dedicated to sharing threat data with the public.
Crypsis Threat Research Labs (CTRL) will strive to analyze emerging cybersecurity threats and trends with the goal of making their research publicly available. The Labs hope that sharing their findings will help to improve organizational security.
Tools developed by Crypsis' development team are to be placed at the disposal of the new team, who will also be given access to a hefty helping of threat intelligence data gathered from thousands of historic and ongoing investigations carried out by Crypsis.
In control of CTRL's team of full-time staff members are directors Tony Cook and Jared Greenhill. Support and advice for the new Labs will also be drawn from Crypsis' professional services staff.
"The CTRL team helps our clients by advancing the overall state of cybersecurity and staying on top of threats as they emerge," said CEO of Crypsis Bret Padres.
"We have considerable data from years of investigations and the advanced tools to assess and evaluate the meaning of that data from a macro view. This information will help not only our clients, but organizations in general react more quickly to new threats and respond proactively to emerging trends."
In addition to producing research reports, blogs, white papers, and open-sourced tools, the team will also deliver "Flash Alerts," which will provide analysis of newly discovered security risks or malware types.
The first such flash alert was issued by the team today to warn the world about a custom-written new ransomware variant called PwndLocker. Crypsis has had the novel malware under observation since discovering it in early February 2020.
A CTRL researcher said: "In our observations, this ransomware shows significant deviations from any ransomware behaviors and characteristics our analysts have traditionally encountered. It was developed entirely as location-independent code (shellcode) and implements its own custom encryption algorithm."
Researchers said that the use of location-independent code appeared to be a countermeasure for automated detection tools as it prevents the victim from identifying the ransomware before encryption takes place.