Moses Staff is a politically motivated ransomware that targets israeli entities and it did not make any ransom demands. Moses Staff appears make use of publicly available exploits for known vulnerabilities that remain un-patched on public facing infrastructure. it is targeting vulnerable Microsoft Exchange servers that have been under exploitation for quiet some time now. After successfully infiltrating a system, the threat actors will laterally move through the network with the help of PsExec, WMIC, and Powershell, so no custom backdoors are used. The actors eventually use a custom PyDCrypt malware that utilizes the DiskCryptor, an open-source disk encryption tool available on GitHub, to encrypt devices.
Moses Staff Ransomware Signatures
Moses Staff Ransomware Download