Ransomware Blogs - Attivo Networks

Yanluowang Ransomware– Protecting Against Active Directory

October 18, 2021
Reading Time: 2 minutes
Written by: Venu Vissamsetty, VP of Security Research - Yanluowang is the latest targeted ransomware attack that enumerates Active Directory.  It uses tools like ADFind to perform domain reconnaissance, escalate domain privileges, and deploy ransomware across the organization. Active Directory provides managed domain services such ...
Read More

Leveraging MITRE Shield to Defend Against Ransomware

August 6, 2021
Reading Time: 3 minutes
Written by: Joseph R. Salazar, CISSP, CEH, EnCE - Ransomware attacks have evolved and grown in number.  Traditional ransomware sought to spread and encrypt as many endpoints as possible, but Ransomware 2.0 attacks employ advanced methods or have a human controller directing their activities. These ...
Read More

Kaseya VSA Supply Chain Ransomware Attack

July 6, 2021
Reading Time: 2 minutes
Written by: Joseph Salazar, Technical Marketing Engineer - A significant reminder of the SolarWinds attack, attackers have once again targeted a trusted software vendor, this time Kaseya, to compromise hundreds of businesses and deploy ransomware. There are reports that the REvil ransomware group was behind ...
Read More

Attivo Networks and the Conti Ransomware

June 11, 2021
Reading Time: 4 minutes
Written by: Joseph Salazar, Technical Marketing Engineer - In mid-May 2021, the FBI released a security report identifying at least 16 Conti ransomware attacks over the past year on healthcare and first-responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities. ...
Read More

Darkside Ransomware Attack and Domain Compromise

May 12, 2021
Reading Time: 2 minutes
Author: Venu Vissamsetty, V.P Security Research, Attivo Networks - Colonial Pipeline, one of the largest pipeline operators in the United States, had to shut down operations on May 8th, 2021 after becoming the victim of a ransomware attack. The FBI confirmed that the DarkSide ransomware ...
Read More

Stop DearCry Ransomware Exploits of Hafnium

March 16, 2021
Reading Time: 2 minutes
Author: Venu Vissamsetty, V.P Security Research, Attivo Networks -The recent Hafnium attacks drew attention to several Microsoft Exchange Server vulnerabilities, but other groups are taking advantage of these to launch ransomware attacks. Attackers are targeting enterprises exploiting the four recent Microsoft Exchange Server vulnerabilities (CVE-2021-26855, ...
Read More

Secure Your Shared Resources from Adversaries Exploiting SMB and Windows Admin Shares

January 29, 2021
Reading Time: 3 minutes
Vikram Navali, Senior Technical Product Manager - The tactics employed by adversaries are as varied as their motives. Some prefer spear-phishing, while others make use of malware, executing targeted attacks. However, the result is inevitably the same: getting unprivileged access to shared resources like files, ...
Read More

Microsoft Active Directory as a Prime Target for Ransomware Operators

December 9, 2020
Reading Time: 4 minutes
Written by: Joseph Salazar, Technical Marketing Manager & Juan Carlos Vázquez, Sales Manager -The Active Directory (AD) infrastructure remains critical in so-called “human-operated” ransomware campaigns and post-compromise extortion, which represents a significant threat to businesses and a detection challenge in the short time they have ...
Read More

Preventing SCCM Compromise and Deployment of Ransomware

November 9, 2020
Reading Time: 3 minutes
Author: Biju Varghese, Technical Product Manager - Adversaries are adopting creative methods in these COVID-19 epidemic conditions to gain access to company assets. Ransomware is one such creative digital form of extortion that affects companies of all sizes. One prevalent method adversaries use to compromise ...
Read More

Attivo Networks’ Effective Approach to Fight Ransomware

April 23, 2020
Reading Time: 6 minutes
Written by: Juan Carlos Vasquez and Joseph R. Salazar - Many reports about ransomware issues only cover recommendations around patching, backing up, user awareness, or compensating for legacy technologies such as IDS. However, they omit active defense-oriented approaches or techniques that genuinely provide the ability ...
Read More

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Get Started

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Sign up now

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise
Sign me up
Scroll to Top