Security News > 2022 > October > Imagine surviving a wiper attack only for ransomware to scramble your restored files
Organizations hit earlier by the HermeticWiper malware have reportedly been menaced by ransomware unleashed this month against transportation and logistics industries in Ukraine and Poland.
Though there is an overlap in victims, it's unclear whether this Prestige ransomware and HermeticWiper are controlled by the same masterminds, according to researchers at the Microsoft Threat Intelligence Center.
"MSTIC has not yet linked this ransomware campaign to a known threat group and is continuing investigations."
Most ransomware operators tend to use a consistent approach for every victim unless a security configuration forces a change of plan.
In two methods of infection, the ransomware payload is copied to the ADMIN$ share of a remote system.
Impacket creates a Windows Scheduled Task on the victim's system to execute the payload. In the other method, Impacket is used to remotely invoke an encoded PowerShell command on the system to launch the payload. With the third technique, the ransomware payload is copied to an AD Domain Controller and deployed to targeted systems using the Default Domain Group Policy Object.
News URL
Related news
- French govt contractor Atos denies Space Bears ransomware attack claims (source)
- Casio says data of 8,500 people exposed in October ransomware attack (source)
- Preventing the next ransomware attack with help from AI (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)