2 hours for Ryuk to encrypt an enterprise with ZeroLogon unpatched

Share on facebook
Share on twitter
Share on linkedin
Breaking News

In a recent article by “The DFIR Report” the company outlined a timeline in which it took a mere 2 hours for ransomware operators to take over an entire enterprise and encrypt all its assests.

Like a lot of cases of successful breaches, everything began from a phishing email containing a link to a google drive hosted file which executed the “Bazaar” malware, from there the attackers used the conventional discovery and C2C tools like CobaltStrike and AdFind which eventually lead to a successful exploitation of the ZeroLogon vulnerability in Microsoft domain controllers. From this point forward, it was a speedy deployment of the Ryuk ransomware across the entire network and the successful encryption of all assets within less than an hour.

Once again, this proves the immense importance of security awareness trainings to prevent phishing and swift security patching of critical vulnerabilities like ZeroLogon.


News Site: thedfirreport.com

Sign up for our Newsletter

We are sorry to hear you have a problem, but we are here to help!

Our Hot Line is ready to provide
immediate assistance 24/7

Calling from israel?
+972 9376 1868

Calling from anywhere else?
+44 238 214 6966