Security researchers from Advanced Intelligence found that Ryuk ransomware attackers have changed their hacking techniques, according to BleepingComputer
. Cyberattacks this year were more focused on compromising RDP connections that are already exposed in order to access a target network, researchers said. The attackers also use the BazaCall campaign and spear phishing to distribute the malware. Once they have access to a network, Ryuk attackers would look for valuable resources on the exposed domain and then find the company’s financial details, which will be used to set the ransom payment.
Researchers also discovered other methods employed by the attackers, including the use of KeeThief, an open-source tool that extracts KeePass password manager credentials. The tool is used by the attackers to steal a local IT administrator’s credentials in order to bypass endpoint detection response and other defenses, said AdvIntel CEO Vitali Kremez.
Other hacking strategies involve deploying a portable version of Notepad++ and CrackMapExec, an open-source penetration tool.