US CERT has issued an advisory on a ransomware campaign leveraging remote access technologies. Malicious cyber actors are targeting organizations’ networks through remote access tools, such as Remote Desktop Protocol and virtual private networks, to exploit unpatched vulnerabilities and weak authentication. After gaining access, cyber actors use various tools—including mimikatz, PsExec, Cobalt Strike, and Nefilim ransomware—for privilege escalation, lateral movement, persistence, and data exfiltration and encryption. Due to the level of access gained before deploying ransomware, the issue cannot be resolved by simply restoring data from backup.
Experts Comments
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"Ransomware is a particularly destructive and frustrating attack, but there are ways to mitigate it...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/ransomware-exfiltration-campaign-targets-remote-access-resists-resolution-through-data-restoration
Facebook Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"Ransomware is a particularly destructive and frustrating attack, but there are ways to mitigate it...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/ransomware-exfiltration-campaign-targets-remote-access-resists-resolution-through-data-restoration