Ransomware/Exfiltration Campaign Targets Remote Access, Resists Resolution Through Data Restoration

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog

Security Experts | informationsecuritybuzz.com »

US CERT has issued an advisory on a ransomware campaign leveraging remote access technologies. Malicious cyber actors are targeting organizations’ networks through remote access tools, such as Remote Desktop Protocol and virtual private networks, to exploit unpatched vulnerabilities and weak authentication. After gaining access, cyber actors use various tools—including mimikatz, PsExec, Cobalt Strike, and Nefilim ransomware—for privilege escalation, lateral movement, persistence, and data exfiltration and encryption. Due to the level of access gained before deploying ransomware, the issue cannot be resolved by simply restoring data from backup.

EXPERTS COMMENTS
Saryu Nayyar
Saryu Nayyar, CEO, Gurucul | June 22, 2020

Ransomware is a particularly destructive and frustrating attack, but there are ways to mitigate it.

With the increase in personnel working remotely over VPN or remote desktop tools such as Citrix, RDP, or VNC, it’s no surprise that malicious actors have focused more of their efforts towards these targets. Not every organization has properly enabled strong authentication and, as we have recently seen, phishing schemes and drive-by web exploits are also being used to access people’s systems.

Ransomware is a particularly destructive and frustrating attack, but there are ways to mitigate it. User education and good authentication practices can reduce the chance of infection, while frequent backups and a good disaster recovery plan can help mitigate the infection once it happens. An advanced security analytics platform can help identify an infection if it happens, starting with unusual user or device behavior, and can start mitigation and remediation procedures before the ransomware has infected more than a handful of systems.

 

External Link: Ransomware/Exfiltration Campaign Targets Remote Access, Resists Resolution Through Data Restoration

Share this page:

Related Posts