Morphisec Labs recently investigated an ongoing BitPaymer ransomware campaign that has been attacking companies across the U.S. over the last 3 months. We are aware of at least 15 organizations targeted by the threat group during this latest campaign, spanning multiple industries, including finance, agriculture and technology. The attacks all follow a similar pattern. Initial infiltration is usually obtained via phishing emails delivering Dridex. Once attackers have a foothold in the system, they perform a full recon stage and steal AD credentials. Then, during the weekend (usually Saturdays), they deploy the ransomware onto the already compromised network.”]
Source: https://blog.morphisec.com/bitpaymer-ransomware-with-new-custom-packer-framework