CERT NZ Releases Advisory on Ransomware Campaign

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



CERT NZ Releases Advisory on Ransomware Campaign [ 
https://www.us-cert.gov/ncas/current-activity/2020/06/18/cert-nz-releases-advisory-ransomware-campaign ] 06/18/2020 
10:10 AM EDT 
Original release date: June 18, 2020

The New Zealand Computer Emergency Response Team (CERT NZ) has released an advisory on a ransomware campaign leveraging 
remote access technologies. Malicious cyber actors are targeting organizations networks through remote access tools, 
such as Remote Desktop Protocol and virtual private networks, to exploit unpatched vulnerabilities and weak 
authentication.

After gaining access, cyber actors use various toolsincluding mimikatz, PsExec, Cobalt Strike, and Nefilim 
ransomwarefor privilege escalation, lateral movement, persistence, and data exfiltration and encryption. Due to the 
level of access gained before deploying ransomware, the issue cannot be resolved by simply restoring data from backup.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT NZ 
Advisory, Active Ransomware Campaign Leveraging Remote Access Technologies [ 
https://www.cert.govt.nz/it-specialists/advisories/active-ransomware-campaign-leveraging-remote-access-technologies/ ], 
for more information and mitigations as well as indicators of compromise associated with Nefilim ransomware. CISA also 
encourages organizations to review the following resources for more information on protecting against and responding to 
ransomware.


  * CISA Resource Page: Ransomware [ https://www.us-cert.gov/Ransomware ] 
  * CISA Insights: Ransomware Outbreak [ 
https://www.us-cert.gov/sites/default/files/2019-08/CISA_Insights-Ransomware_Outbreak_S508C.pdf ] 
  * CISA Security Tip: Protecting Against Ransomware [ https://www.us-cert.gov/ncas/tips/ST19-001 ] 

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]