Security News > 2024 > January > TeamViewer abused to breach networks in new ransomware attacks
![TeamViewer abused to breach networks in new ransomware attacks](/static/build/img/news/teamviewer-abused-to-breach-networks-in-new-ransomware-attacks-medium.jpg)
Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder.
A similar case was first reported in March 2016, when numerous victims confirmed in the BleepingComputer forums that their devices were breached using TeamViewer to encrypt files with the Surprise ransomware.
"As TeamViewer is a widely spread software, many online criminals attempt to log on with the data of compromised accounts, in order to find out whether there is a corresponding TeamViewer account with the same credentials," explained the software vendor at the time.
A new report from Huntress shows that cybercriminals haven't abandoned these old techniques, still taking over devices via TeamViewer to try and deploy ransomware.
While Huntress hasn't been able to attribute the attacks with certainty to any known ransomware gangs, they note that it is similar to LockBit encryptors created using a leaked LockBit Black builder.
This sample is detected as LockBit Black but does not use the standard LockBit 3.0 ransomware note, indicating it was created by another ransomware gang using the leaked builder.
News URL
Related news
- OmniVision discloses data breach after 2023 ransomware attack (source)
- Panera warns of employee data breach after March ransomware attack (source)
- Ohio Lottery ransomware attack impacts over 538,000 individuals (source)
- Ascension redirects ambulances after suspected ransomware attack (source)
- Singing River Health System: Data of 895,000 stolen in ransomware attack (source)
- Windows Quick Assist abused in Black Basta ransomware attacks (source)
- Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks (source)
- MediSecure e-script firm hit by ‘large-scale’ ransomware data breach (source)
- Aussie cops probe MediSecure's 'large-scale ransomware data breach' (source)
- LockBit says they stole data in London Drugs ransomware attack (source)