Threat Management

Ryuk ransomware operation updates hacking techniques

Security researchers from Advanced Intelligence found that Ryuk ransomware attackers have changed their hacking techniques, according to BleepingComputer. Cyberattacks this year were more focused on compromising RDP connections that are already exposed in order to access a target network, researchers said. The attackers also use the BazaCall campaign and spear phishing to distribute the malware. Once they have access to a network, Ryuk attackers would look for valuable resources on the exposed domain and then find the company’s financial details, which will be used to set the ransom payment.

Researchers also discovered other methods employed by the attackers, including the use of KeeThief, an open-source tool that extracts KeePass password manager credentials. The tool is used by the attackers to steal a local IT administrator’s credentials in order to bypass endpoint detection response and other defenses, said AdvIntel CEO Vitali Kremez.

Other hacking strategies involve deploying a portable version of Notepad++ and CrackMapExec, an open-source penetration tool.
Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.