Active Directory domain controllers spreading ransomware: After Brexit, it’s .SaveTheQueen!
Friday, February 7, 2020
A minimum of five law firms were held hostage by the Maze group in late January and early February, reported Emisoft. The total number of organisations held for ransom range between 45 to 180 in January, the report added.
“Ransomware tactics are becoming extremely perilous by leaving the victims with no solution other than having to pay the ransom. Previously, most of the ransomware campaigns were merely hindering victims' daily operations, as organisations with daily backups and other important cyber-security processes managed to recover pretty quickly and without many losses,” commented Immuniweb founder and CEO Ilia Kolochenko.
“Moreover, some organisations did not even report such incidents to avoid potential fines and lawsuits. Now such incidents have become an invitation to file a class action by the victims and prosecution of careless organisations by competent law enforcement agencies”.
Varonis did not disclose whether the target organisation received a ransom call.
“What’s interesting is that it uses the company’s own Active Directory domain controllers to spread the ransomware within the organisation. Had this slipped under the radar, thousands of machines could've been encrypted due to its fast-spreading nature,” he pointed out. Read Full Article
Forbes: Airport Security Shocker As 97% Of World’s Top 100 Fail Cybersecurity Testing
Infosecurity Magazine: Microsoft: We Detect 77,000 Web Shells Each Month