Security News > 2021 > May > A student pirating software led to a full-blown Ryuk ransomware attack
A student's attempt to pirate an expensive data visualization software led to a full-blown Ryuk ransomware attack at a European biomolecular research institute.
After the research institute suffered a Ryuk ransomware attack, Sophos' Rapid Response team responded and neutralized the cyberattack.
After gaining access to the student's laptop and analyzing the browser history, they learned that the student had searched for an expensive data visualization software tool that they used at work and wanted to install on their home computer.
"The underground market for previously compromised networks offering attackers easy initial access is thriving, so we believe that the malware operators sold their access on to another attacker. The RDP connection could have been the access brokers testing their access."
Marketplaces devoted to the selling of remote access credentials have been flourishing over the last couple of years and have become a common source of accounts used by ransomware gangs to gain access to corporate networks.
Properly configuring security on the network, such as requiring MFA for Remote Desktop connections and restricting access from specific locations or IP addresses, would have prevented this attack.
News URL
Related news
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Lateral movement: Clearest sign of unfolding ransomware attack (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)
- U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks (source)
- Ransomware crisis deepens as attacks and payouts rise (source)