Security News > 2020 > October > Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
The analysis of the attack revealed that after about four hours and 10 minutes, the Ryuk gang pivoted from the primary domain controller, using RDP to connect to backup servers.
For the final phase of the attack, the Ryuk operators first deployed their ransomware executable onto backup servers.
Ryuk is a highly active malware, responsible for a string of recent hits, including a high-profile attack that shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals.
"The threat actors finished their objective by executing the ransomware on the primary domain controller, and at the five-hour mark, the attack completed," researchers said.
The use of Zerologon made the cybrcriminals' efforts much easier, since the attack didn't need to be aimed at a high-privileged user who would likely have more security controls.
News URL
https://threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/
Related news
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- Romanian energy supplier Electrica hit by ransomware attack (source)
- Ransomware attack hits leading heart surgery device maker (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Starbucks, Supermarkets Targeted in Ransomware Attack (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)