Security News > 2021 > May > A student pirating software led to a full-blown Ryuk ransomware attack

A student's attempt to pirate an expensive data visualization software led to a full-blown Ryuk ransomware attack at a European biomolecular research institute.

After the research institute suffered a Ryuk ransomware attack, Sophos' Rapid Response team responded and neutralized the cyberattack.

After gaining access to the student's laptop and analyzing the browser history, they learned that the student had searched for an expensive data visualization software tool that they used at work and wanted to install on their home computer.

"The underground market for previously compromised networks offering attackers easy initial access is thriving, so we believe that the malware operators sold their access on to another attacker. The RDP connection could have been the access brokers testing their access."

Marketplaces devoted to the selling of remote access credentials have been flourishing over the last couple of years and have become a common source of accounts used by ransomware gangs to gain access to corporate networks.

Properly configuring security on the network, such as requiring MFA for Remote Desktop connections and restricting access from specific locations or IP addresses, would have prevented this attack.

News URL

https://www.bleepingcomputer.com/news/security/a-student-pirating-software-led-to-a-full-blown-ryuk-ransomware-attack/