New Spirals ransomware can lock down an entire network in under 24 hours
India, July 16 -- A newly documented ransomware family called Spirals moved from initial access to data theft and network wide encryption in less than 24 hours. The incident is a wake up call for enterprise defenders since the response window may now be measured in hours instead of days.
The attack hit an IT services company in South Asia after an internet facing Microsoft Internet Information Services IIS server was compromised. The attackers uploaded an ASP.NET web shell, escalated privileges, enabled Remote Desktop Protocol, created a local account, and tried to steal credentials from the Security Account Manager database and the Local Security Authority Subsystem Service process.
Once inside, the operator used Windows Management Ins...
Click here to read full article from source
To read the full article or to get the complete feed from this publication, please
Contact Us.