Blog Posts by Stuart Gonzalez

We, the ConnectWise CRU, wanted to join in on the [fun/chaos] of the malware variant naming circus. We have ironically dubbed the variant found as Infinity Gauntlet due to the colorful naming various researchers have given this malware. That said, Solarmarker is probably the most appropriate name for this malware in general. We’ll find out why later on in the review of its code.

Today’s cybersecurity landscape is complex and yet, simple at the same time. Vendors, partners, end users – we are all in this together, and the goal is to protect the larger community from bad actors. ConnectWise shares many mutual partners with other vendors in our space, and we do not want to see any vendor compromised. With that, it is important to understand what has happened in the past 36+ hours and what that means to the community. Here is our take.

“This software is targeted for business networks attacks. Any customization can be applied on need based on the situation and environment.” The intended victims are businesses but in their FAQ the operator mentions “we have a residential ransomware for non-business mass distribution.” The operator does not go into any additional details about the difference, so I can only assume it’s the same code but with different or limited features.

We’re actively monitoring and reporting on any possible new leak sites for compromised individuals and corporations.