Microsoft
security team is warning about human-operated ransomware attacks. Attacks were
reported in US, India and Iran.
In
this attacks PonyFinal, a Java-based ransomware, was deployed manually by
hackers.
Microsoft
said that a target for intrusion is usually system management server where using
a brute-force attack PonyFinal get credentials. After getting inside attackers deploys
a Visual Basic script that runs a PowerShell reverse shell to steal the local
data, after what attackers spread to other local systems and deploy PonyFinal
ransomware.
The
PonyFinal attack chain by Microsoft:
No comments:
Post a Comment