CERT mailing list archives
CERT NZ Releases Advisory on Ransomware Campaign
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Thu, 18 Jun 2020 16:34:22 +0000
Cybersecurity and Infrastructure Security Agency Logo National Cyber Awareness System: CERT NZ Releases Advisory on Ransomware Campaign [ https://www.us-cert.gov/ncas/current-activity/2020/06/18/cert-nz-releases-advisory-ransomware-campaign ] 06/18/2020 10:10 AM EDT Original release date: June 18, 2020 The New Zealand Computer Emergency Response Team (CERT NZ) has released an advisory on a ransomware campaign leveraging remote access technologies. Malicious cyber actors are targeting organizations networks through remote access tools, such as Remote Desktop Protocol and virtual private networks, to exploit unpatched vulnerabilities and weak authentication. After gaining access, cyber actors use various toolsincluding mimikatz, PsExec, Cobalt Strike, and Nefilim ransomwarefor privilege escalation, lateral movement, persistence, and data exfiltration and encryption. Due to the level of access gained before deploying ransomware, the issue cannot be resolved by simply restoring data from backup. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT NZ Advisory, Active Ransomware Campaign Leveraging Remote Access Technologies [ https://www.cert.govt.nz/it-specialists/advisories/active-ransomware-campaign-leveraging-remote-access-technologies/ ], for more information and mitigations as well as indicators of compromise associated with Nefilim ransomware. CISA also encourages organizations to review the following resources for more information on protecting against and responding to ransomware. * CISA Resource Page: Ransomware [ https://www.us-cert.gov/Ransomware ] * CISA Insights: Ransomware Outbreak [ https://www.us-cert.gov/sites/default/files/2019-08/CISA_Insights-Ransomware_Outbreak_S508C.pdf ] * CISA Security Tip: Protecting Against Ransomware [ https://www.us-cert.gov/ncas/tips/ST19-001 ] This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ https://www.dhs.gov/privacy-policy ] policy. body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: #333333; } ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- CERT NZ Releases Advisory on Ransomware Campaign US-CERT (Jun 18)