Security News > 2020 > October > Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
The analysis of the attack revealed that after about four hours and 10 minutes, the Ryuk gang pivoted from the primary domain controller, using RDP to connect to backup servers.
For the final phase of the attack, the Ryuk operators first deployed their ransomware executable onto backup servers.
Ryuk is a highly active malware, responsible for a string of recent hits, including a high-profile attack that shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals.
"The threat actors finished their objective by executing the ransomware on the primary domain controller, and at the five-hour mark, the attack completed," researchers said.
The use of Zerologon made the cybrcriminals' efforts much easier, since the attack didn't need to be aimed at a high-privileged user who would likely have more security controls.
News URL
https://threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/
Related news
- Kidney dialysis firm DaVita hit by weekend ransomware attack (source)
- Ahold Delhaize confirms data theft after INC ransomware claims attack (source)
- Interlock ransomware gang pushes fake IT tools in ClickFix attacks (source)
- Interlock ransomware claims DaVita attack, leaks stolen data (source)
- Ransomware attacks are getting smarter, harder to stop (source)
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- Marks & Spencer breach linked to Scattered Spider ransomware attack (source)
- Ukrainian extradited to US for Nefilim ransomware attacks (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- Co-op confirms data theft after DragonForce ransomware claims attack (source)