"This Company Didn't Spot the Flaw in Their Network. But Three Ransomware Gangs Did"
According to cybersecurity researchers at Sophos, an unspecified organization fell victim to three different ransomware gangs in a short period of time. The unnamed victim was infected with three types of ransomware, LockBit, Hive, and BlackCat, with each cybercriminal gang encrypting files and leaving their own ransom demand. According to the incident analysis, the first sign of suspicious activity occurred on December 2nd, 2021, when an unknown attacker, possibly an initial access broker, established a Remote Desktop Protocol (RDP) session on the organization's domain controller for nearly an hour. It is unclear whether the multiple attacks were coordinated or if they were three separate attacks that happened to exploit the same vulnerabilities to gain access to the network, but researchers describe the attacks as a side effect of operating in an increasingly crowded and commoditized marketplace, which is something that can make things more difficult for victims of attacks. The best way to avoid becoming a victim in the first place is to enforce strong passwords and multi-factor authentication (MFA) across the network. As demonstrated by the incident, RDP and cloud services can provide cybercriminals with an easy way into networks because using legitimate credentials allows them to go undetected. Many users continue to use simple and easy-to-guess passwords. Researchers urge organizations to protect accounts from being breached and exploited by cybercriminals by enforcing the use of more complex passwords and implementing MFA. This article continues to discuss the targeting of one organization by three different ransomware gangs at the same time and how organizations can protect themselves from ransomware attacks.
ZDNet reports "This Company Didn't Spot the Flaw in Their Network. But Three Ransomware Gangs Did"