Sophos Victim to Nefilim Ransomware Attack

Sophos Victim to Nefilim Ransomware Attack

Threats have changed how the typical ransomware assault works: Instead of encrypting the data and demanding ransom in return for decryption, certain attacks include data recovery as well. This constitutes a double threat to organizations, who face not only the danger that their sensitive documents may become revealed to the media, but also lose access to essential archives. Few Ransomware operators are also teaming up to exchange software and infrastructure to further accelerate the operation of leakage and extortion. Nefilim has evolved in 2020 to ransomware strains, here if the victims do not pay the ransom. 

Nefilim threatens to reveal information to the public; it has its own leaks platform called Corporate Leaks and is located in the TOR node. The Nefilim ransomware blends data theft with encryption. Nefilim primarily targets unsecured applications like Remote Desktop Protocol (RPD) and virtual desktop systems and leave them vulnerable. It is one of the increasing numbers of ransomware families in addition to Doppel Paymer and others that participate in so-called 'secondary extortion,' including assaults mixing encryption with theft of data and the possibility of media disclosure. 

Recently, in an incident a ransomware attack from Nefilim locked up more than 100 systems stemmed from the unregulated account compromise of an employee who died three months ago. Though the victim company, Sophos, had kept the account active because it was used for several services. Sophos respondents tracked the initial intrusion on a high-level access admin account that had been infiltrated by attackers more than four weeks before launching the ransomware. Sophos further stated that the attackers traveled silently through the network, stole the domain admin keys, and located and filtered hundreds of GB ..

Support the originator by clicking the read the rest link below.