Cybersecurity vendor Sophos has revealed how using a 'crack' version of a data visualization tool was the cause of a major ransomware attack that cost the European research institute a week’s work and a lot of money.
A student working at a European biomolecular research institute was allowed to use expensive data visualization software. The student was on the hunt for a free version of a data visualization software tool, but the license was most likely too expensive– so as a workaround, the student eventually elected to find a cracked version instead.
The crack triggered a malware warning from Microsoft Defender, which he not only ignored but also decided to disable the antivirus tool, as well as the firewall. Thirteen days later a remote desktop protocol (RDP) connection was registered on the institute’s network using the student’s credentials and the incident response team from Sophos learned that the crack was actually info-stealing malware.
“A feature of RDP is that a connection also triggers the automatic installation of a printer driver, enabling users to print documents remotely. This allowed the Rapid Response investigation team to see that the registered RDP connection involved a Russian language printer driver and was likely to be a rogue connection. Ten days after this connection was made, the Ryuk ransomware was launched,” Sophos explained.
The malware was in use by a malicious third-party for a few days, harvesting keystrokes, stealing browser cookies, clipboard data, and such. While Sophos did not go into details: how much money the operators asked for, or whether or not the institute paid the ransom, it did say that the organiz ..
Support the originator by clicking the read the rest link below.
