Case Study: Deloitte & Touche LLP 

Cerber Ransomeware Investigation using Farsight's DNSDB™


In 2016, the Deloitte Vigilant Services team, headed by CTO Scott Keoseyan, identified a connection between a number of domains registered in their [.]top and .bid top-level domains. The team suspected that these domains were not legitimate web hosts. Instead, they appeared to be a potential criminal infrastructure hosting Cerber ransomware, a file-encrypting malware. They also suspected that the infrastructure was rapidly spreading via spam emails and moving laterally across infrastructure.