🔥[Breaking blog] Ransomware Advisory:#Log4Shell Exploitation for Initial Access & Lateral Movement
1⃣Log4Shell |2⃣Discovery: Conti Becomes The First Sophisticated Crimeware Group Weaponizing Log4j2 |3⃣Early Warning: Ransomware Exploitation of Vuln
advintel.io/post/ransomwar…
🤯Today is the largest ransomware case by impact on a Friday! >200 orgs
📌REvil affiliate "sub:8254" - watch for changing logged-on user's pass & config to automatically login on reboot as "DTrump4ever"
It is recommended to immediately isolate Kaseya VSA!
h/t @malwrhunterteam
🛡Tomorrow at 10am ET we release probably one of the largest unique discoveries/service ever of its kind.
The discovery is tied to a number of high-profile breaches & ransomware cases across the globe.
It will illuminate old breaches for which never figured out initial access.
🔥Welcome to a new era...Introducing #MountLocker#Ransomware | Domain “Worm” Feature
🏘️First corporate ransomware for "pros" w/ LDAP domain queries for Active Directory enumeration
LDAP ActiveDS API NetGetDCName➡️ADsOpenObject(…“(objectClass=computer)“)
h/t @malwrhunterteam
2021-03-23:🆕 #REvil#Ransomware Smart Tactics to Bypass EDR/AV
Probably Inspired by #Snatch Earlier
WinExec API:
1⃣bootcfg /raw /a /safeboot:network /id 1
2⃣bcdedit /set {current} safeboot network
🛡️Ensure security product is running in "safe mode" as it is not often the case.