Getty Images

Ransomware operators shut down two manufacturing facilities of a European manufacturer after deploying a relatively new trunk that encrypts servers that control the manufacturer’s industrial processes, a Kaspersky Lab researcher said Wednesday.

The ransomware known as Cring was discovered in a January blog post. It falls back on networks by exploiting long-patched vulnerabilities in VPNs sold by Fortinet. The Directory Transfer Vulnerability tracked as CVE-2018-13379 could allow unauthenticated attackers to obtain a session file that contains the username and clear text password for the VPN.

On an initial visit, a live cring operator will conduct a clarification and use a customized version of the Mimikatz tool to extract the domain administrator’s credentials stored in server storage. Ultimately, the attackers use the Cobalt Strike framework to install Cring. To mask the ongoing attack …

Source link

Leave a Reply