Security News > 2020 > October > Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
The analysis of the attack revealed that after about four hours and 10 minutes, the Ryuk gang pivoted from the primary domain controller, using RDP to connect to backup servers.
For the final phase of the attack, the Ryuk operators first deployed their ransomware executable onto backup servers.
Ryuk is a highly active malware, responsible for a string of recent hits, including a high-profile attack that shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals.
"The threat actors finished their objective by executing the ransomware on the primary domain controller, and at the five-hour mark, the attack completed," researchers said.
The use of Zerologon made the cybrcriminals' efforts much easier, since the attack didn't need to be aimed at a high-privileged user who would likely have more security controls.
News URL
https://threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)