Forensics , Fraud Management & Cybercrime , Fraud Risk Management
Prolific Ransomware Can 'Spread Automatically' Inside Networks, CERT-FR Warns Mathew J. Schwartz (euroinfosec) • March 1, 2021 Ryuk ransom note (Source: Coveware, Malwarebytes)Prolific Ryuk ransomware has a new trick up its sleeve. The developers behind the notorious strain of crypto-locking malware have given their attack code the ability to spread itself between systems inside an infected network.
See Also: Live Webinar | SolarWinds Breach: If Cyber Companies Can Get Hit, Do You Stand A Chance?
"A Ryuk sample with worm-like capabilities - allowing it to spread automatically within networks it infects - was discovered during an incident response handled by ANSSI in early 2021," according to a Ryuk report issued Thursday by CERT-FR, the French government's computer emergency readiness team that's part of the National Cybersecurity Agency of France, or ANSSI.
Specifically, the worm-like behavior is achieved "through the use of scheduled tasks," via which "the malware propagates itself - machine to machine - within the Windows domain," CERT-FR says. "Once launched, it will thus spread itself on every reachable machine on which Windows RPC accesses are possible." Remote procedure calls are a mechanism for Windows processes to communicate with one another.
Updating Ryuk with this capability is notable because it's a type of human-operated ransomware, meaning that afte ..
Support the originator by clicking the read the rest link below.
