Articles How to prevent a ransomware attack at the last...

How to prevent a ransomware attack at the last minute


Experts said that they were able to find during the investigation of an attempted ransomware attack.

The cybercriminal group installed software for remote computer control on 130 machines in the corporate network of one of the companies, preparing to encrypt the data stored in it, but at the last moment their plan was thwarted, because information security experts discovered suspicious software and notified the company about it.

The efforts of cybercriminals, which resulted in the installation of remote control software on more than a hundred computers, were identified by the information security company Sophos. The experts initiated an investigation immediately after they discovered the Cobalt Strike software on the network, a legitimate penetration testing tool that is gaining popularity among ransomware operators.

The ultimate goal of cybercriminals was to encrypt as much of the network as possible using the ransomware REvil, but they did not have time to carry out their plans. True, the hackers did manage to encrypt several unprotected devices and delete the stored online backups when they discovered that they were “caught on the hot”.

According to the ransom notice on one of the computers that REvil managed to encrypt, the victim had to pay $ 2.5 million for the decryption key. However, the ransom was not paid.

Be that as it may, the attackers managed to gain enough control over the network to install the software on more than a hundred computers without anyone in the company noticing it.

Paul Jacobs, head of the Sophos Incident Response Team, said it is not unusual to have remote access software on employees’ devices in a pandemic.

“After finding Screen Connect on 130 computers, we decided it was installed specifically to support remote workers. However, it turned out that the company did not know anything about it, and the attackers installed it to provide themselves with access to the network and compromised devices, ”Jacobs explained.

The hackers used several methods to gain initial access to the network, but most often they turned to phishing attacks on company employees. In addition, there were signs of exploitation of vulnerabilities in firewalls and VPNs, as well as traces of brute force attacks on RDP available over the Internet.

Sophos Rapid Response Team Manager Peter Mackenzie provided several guidelines for protecting against ransomware attacks.

“First, make sure that every single computer on your network has security solutions installed and that they are all centrally managed. Attackers love unsecured machines. Next, make sure they get patches on a regular basis, and remember that if the computer hasn’t rebooted for a year, it doesn’t have any patches, ”McKenzie said.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you