Posts tagged Ransomware

3 min COVID-19

The Healthcare Security Pro's Guide to Ransomware Attacks

In this blog, we discuss the best practices to defend against ransomware attacks in the healthcare industry.

5 min Ransomware

WannaCry, Two Years On: Current Threat Landscape

In this blog, we take a look at the current attacker landscape related to EternalBlue and ransomware, along with some lessons that have not been learned since WannaCry.

2 min Vulnerability Management

What WannaCry Taught Me About the Benefits of Agents in VM Programs

In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.

4 min Ransomware

Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010

A Petya-like ransomworm struck on June 27th 2017 and spread throughout the day, affecting organizations in several European countries and the US. It is believed that the ransomworm may achieve its initial infection via a malicious document attached to a phishing email, and that it then leverages the EternalBlue [https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue]and DoublePulsar [https://www.rapid7.com/security-response/doublepulsar/]exploits to spread laterally. Once in
4 min Microsoft

Petya-like Ransomware Explained

TL;DR summary (7:40 PM EDT June 28): A major ransomware attack started in Ukraine yesterday and has spread around the world. The ransomware, which was initially thought to be a modified Petya variant, encrypts files on infected machines and uses multiple mechanisms to both gain entry to target networks and to spread laterally. Several research teams are reporting that once victims' disks are encrypted, they cannot be decrypted [https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware
4 min Ransomware

Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose

*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available in Metasploit for testing your compensating controls and validating remediations. More info: EternalBlue: Metasploit Module for MS17-010 [/2017/05/20/metasploit-the-power-of-the-community-and-eternalblue]. Also removed steps 5 and 6 from scan instructions as they were not strictly necessary and causing issues for some customers. *Update 5/17/17: Unauthenticated remote checks have now been provided. For hosts that ar
6 min Ransomware

WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them (Port 445 Exploit)

WannaCry Overview Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding computers for ransom at hospitals, government offices, and businesses. To recap: WannaCry exploits a vulnerability in the Windows Server Message Block (SMB) file sharing protocol. It spreads to unpatched devices directly connected to the internet and, once inside an organization, those machines and devices behind the firew
4 min Ransomware

Wanna Decryptor (WNCRY) Ransomware Explained

Mark the date: May 12, 2017. This is the day the “ransomworm” dubbed “WannaCry” / “Wannacrypt” burst — literally — onto the scene with one of the initial targets being the British National Health Service [http://www.bbc.com/news/health-39899646]. According to The Guardian: the “unprecedented attack… affected 12 countries and at least 16 NHS trusts in the UK, compromising IT systems that underpin patient safety. Staff across the NHS were locked out of their computers and trusts had to divert em
4 min Microsoft

Attacking Microsoft Office - OpenOffice with Metasploit Macro Exploits

It is fair to say that Microsoft Office and OpenOffice are some of the most popular applications in the world. We use them for writing papers, making slides for presentations, analyzing sales or financial data, and more. This software is so important to businesses that, even in developing countries, workers that are proficient in an Office suite can make a decent living based on this skill alone. Unfortunately, high popularity for software also means more high-value targets in the eyes of an

6 min Ransomware

The Ransomware Chronicles: A DevOps Survival Guide

NOTE: Tom Sellers [https://www.rapid7.com/blog/author/tom-sellers/], Jon Hart [https://www.rapid7.com/blog/author/jon-hart/], Derek Abdine and (really) the entire Rapid7 Labs team made this post possible. On the internet, no one may know if you're of the canine persuasion, but with a little time and just a few resources they can easily determine whether you're running an open “devops-ish” server or not. We're loosely defining devops-ish as: * MongoDB * CouchDB * Elasticsearch for this post
5 min InsightIDR

5 Methods For Detecting Ransomware Activity

Recently, ransomware was primarily a consumer problem. However, cybercriminals behind recent ransomware attacks have now shifted their focus to businesses.

Popular Topics

Tags