Strategy, Threat intelligence

Ryuk ransomware operation updates hacking techniques

April 17, 2021
Security researchers from Advanced Intelligence found that Ryuk ransomware attackers have changed their hacking techniques, according to BleepingComputer. Cyberattacks this year were more focused on compromising RDP connections that are already exposed in order to access a target network, researchers said. The attackers also use the BazaCall campaign and spear phishing to distribute the malware. Once they have access to a network, Ryuk attackers would look for valuable resources on the exposed domain and then find the company’s financial details, which will be used to set the ransom payment.

Researchers also discovered other methods employed by the attackers, including the use of KeeThief, an open-source tool that extracts KeePass password manager credentials. The tool is used by the attackers to steal a local IT administrator’s credentials in order to bypass endpoint detection response and other defenses, said AdvIntel CEO Vitali Kremez.

Other hacking strategies involve deploying a portable version of Notepad++ and CrackMapExec, an open-source penetration tool.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad