Ryuk ransomware operation updates hacking techniques

2021-04-17 14:15

Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network.

Security researchers from the threat intelligence boutique Advanced Intelligence observed that Ryuk ransomware attacks this year relied more often on compromising exposed RDP connections to gain an initial foothold on a target network.

To enumerate the active directory information, Ryuk ransomware operators rely on the tried and tested AdFind and the post-exploitation tool Bloodhound that explores relationships in an Active Directory domain to find attack paths.

Among the newer techniques the researchers saw in Ryuk ransomware attacks was the use of KeeThief, an open-source tool for extracting credentials from KeePass password manager.

According to AdvIntel, Ryuk ransomware attacks this year are exploiting two vulnerabilities to increase their permissions on a compromised machine.

Another observation from AdvIntel is that a recent Ryuk ransomware attack used the open-source CrackMapExec penetration tool to extract admin credentials and move laterally on the victim network.

News URL

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-operation-updates-hacking-techniques/

#hacking #ransomware