LockFile: Ransomware Uses PetitPotam Exploit On DC Servers
Indications are that the attackers gain access to victims' networks via Microsoft Exchange Servers, and then use the incompletely patched PetitPotam vulnerability to gain access to the domain controller, and then spread across the network.
It is not clear how the attackers gain initial access to the Microsoft Exchange Servers.
Victims are in the manufacturing, financial services, engineering, legal, business services, and travel and tourism sectors.
The attackers behind this ransomware use a ransom note with a similar design to that used by the LockBit ransomware gang and reference the Conti gang in the email address they use - contact@contipauper[.]com.
Featured Resources
blog
MITRE ATT&CK v18: New Detection Strategies and Analytics Redefine Cyber Defense
Amanda Kegley, Product Marketing ManagerYoni Harris, Senior Product Manager The latest release of the MITRE ATT&CK Framework v18.0 marks a significant change in how the
blog
Automated Vulnerability Remediation: A Step-by-Step Guide
The volume and pace of vulnerability disclosures outstrip the ability of cybersecurity teams to react to them manually. Automated remediation
blog
npm Under Siege: Worms, Toolchains and the Next Evolution of Supply Chain Attacks
Executive Summary npm is the primary package registry for JavaScript. It is a public marketplace where developers publish and install libraries