May 28, 2023

Ransomware operators are teaming up to exchange software and infrastructure to further accelerate the operation of leakage and extortion that harms the victims of such attacks. One such ransomware is Nefilim Nick named Nemty threatens victims to reveal the contents in public through its platform Corporate Leaks located in TOR

In the incident reported by research team , A ransomware attack from Nefilim locked up more than 100 systems stemmed from the unregulated account compromised of an employee who died three months ago. The attackers traveled silently through the network, stole the domain admin keys, then located and filtered GB’s of data prior to unleashing any malware that exposes the existence of such data. The account was obviously held deliberately as it was used for utilities,

Nefilim ransomware replaces the initial files with encrypted copies, nearly all the big ransomware, making recovery difficult without either a decryption key or a recent backup.

The latest victim of the attack was compromised by exploiting vulnerable versions of the Citrix Software, after which the actors gained access to the domain key or the domain admin account using Mimikatz.Ransomware is the final payload in a longer attack.Identifying and restricting the access to foreign invaders is a must .

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
Buhti Ransomware Dissection

Buhti Ransomware Dissection

May 26, 2023
%d bloggers like this: