Discover and read the best of Twitter Threads about #Ransomware

Most recents (24)

Es gibt das Grünbuch 2020 zur öffentlichen Sicherheit seit Dezember 2020 und es ist insgesamt recht gut geworden.

Aber ein paar Dinge sind mir doch sehr unklar geblieben... 1/x…
Was den Abschnitt #Cybercrime angeht fand ich das Ergebnis eher „geht so“ und da gibt es noch diverse Optimierungsmöglichkeiten. 2/x
Es wird das Thema Taskforces angebracht und dabei sowas erwähnt wie das „Gemeinsame Terrorismusabwehrzentrum (#GTAZ)“ oder das JIT. Aber nebenbei hat man das essentielle #NCAZ „vergessen“. 3/x
Read 10 tweets
#KRITIS Sektor #Medien und #Kultur

"Lieferschwierigkeiten bei ePaper/eMagazines"

Die #Ransomware hat die #Funke Mediengruppe ganz schön hart getroffen.

Dieses fiese 2021 Oo

Was alles fehlt? 1/5…
Na bei Onleihe eine ganze Liste an ePaper/eMagazines.

...folgende Liste betroffener Medien erhalten:

Auto Bild
Computer Bild
Rolling Stone
Sport Bild
Jüdische Allgemeine
Schweizer Landliebe
Schweizer Illustrierte
Le Temps 2/5
Schweizer Versicherung
Audio Video Foto Bild
Auto BILD Reisemobil
Auto Test
Bike Bild
BILD am Sonntag
BILD Bundesausgabe
Börse Online
Euro am Sonntag
Metal Hammer
Bild der Frau Schlank & Fit
Bild der Frau Gut Kochen & Backen
die aktuelle
Frau im Spiegel 3/5
Read 5 tweets
Un detalle muy importante sobre los ataques de #ransomware es que el foco se pone en la erradicación y en la recuperación (lógico pq tienes la casa patas arriba), pero se suele dejar aparcada una tarea fundamental: encontrar el vector de entrada (1/n)
El #ransomware no ha llegado solito a tu red, alguien lo ha puesto ahí. Los atacantes han pululado alegremente por tu red hasta encontrar privilegios suficientes como para poder desplegar Ryuk, Egregor, DoppelPaymer o cualquier otra hijoputez de moda en el momento (2/n)
Eso implica que, además del #ransomware, tienes al menos un par de agentes de CobaltStrike/Empire en tu infraestructura... que aunque cambies las credenciales de las cuentas privilegiadas, les siguen dando acceso a los atacantes (3/n)
Read 8 tweets
#uk #tier5 #lockdown #mondaythoughts.
The amount of companies in #London that suffer #CyberAttack|s is unprecedented.
#hackers were preparing for months. #scoping, network exploration, #SocialEngineering was employed months. #zoommeetings and #email led to bad communication.
#IT/#redteam/#BlueTeam|s etc are not in proper collaboration. People do not know what to do and what are their roles or which tools they need to use.
So far the #Ransomware demands are crazy and the worse is the #databreach leading to #intellectualproperty theft.
Due to #COVID19 #MutantStrain and #londonexodus, working from home has been intensified but lessons from the previous #lockdown on #secure access failures were not learned. #infosec community is still trying to survive.
People have no funds to invest in #cloud infrastructure.
Read 19 tweets
Maersk aprendió a raíz del incidente que todos conocemos en el 2017, que se consideraban en el "promedio" de compañías en seguridad... estas son lecciones aprendidas interesantes para los CxOs... cada quien decide que tomar y que no!
En este caso salieron adelante con la ayuda de su equipo y sus partners en un tiempo record... en México, desafortunadamente se aislan y no quieren compartir ni lo aprendido a raíz del incidente y muchos menos recibir ayuda cuando tienen la problemática...
Protectia nos comparte algunos aspectos importantes como lecciones aprendidas y el reto que implica tener una arquitectura "adecuada" para las necesidades de cada empresa.... diferentes "apetitos" al riesgo...
Read 22 tweets
RE: ransomware, I see a lot of folks overly focusing on atomic indicators for ransomware. Ransomware is very easy to write and deploy and when a sophisticated cybercriminal is ready to deploy it, will test it out on a single system before deploying it to all [01/xx] #Ransomware
What you should be focusing on is: 1) The precursors to ransomware, i.e. (not an exhaustive list) Emotet, TrickBot, Cobalt Strike, Empire. 2) Preparing and testing backups so you can recover fast in the event of a ransomware incident across your org. [02/xx]
3) Proactively preparing people (execs, lawyers, PR etc) internally in your org as to how you will handle a ransomware incident. What will you do if someone will attempt to extort your org to pay or else they release your data publicly? How will you respond? [03/xx]
Read 6 tweets
It’s our birthday! #CISAgov was established on November 16, 2018. From elections to COVID-19 to natural disasters and more, year two has been action-packed. Let’s take a trip down memory lane…
Informed by #cyber intelligence and real-world events, we issued several insight products, providing background on #cyber threats, #vulnerabilities, and mitigation activities: #InfoSec
One key insight was in in January when we warned partners about potential Iranian retaliation against U.S. organizations—and advised them on how to assess and strengthen their physical & cyber security. This is the kind of rapid information-sharing we aim for! #InfoSecurity
Read 15 tweets
Nueva víctima de #Egregor

Posible vector de acceso:
- RDP Expuesto a Internet
- También se habla de un INSIDER (?) 😬

OJO, en Chile otra empresa del RETAIL se encuentra infectada com #Emotet.

[#Ransomware] ALERTADOS el 15 oct. 2020 👇

#Egregor envía a imprimir automáticamente la nota de rescate.

#Maze habla por los parlantes indicando que tú equipo y datos han sido encriptados.
Read 5 tweets
To the "do it all" IT folks or new #SOC analysts that need a little help - a thread for you.

Cheat sheets and example queries for Endgame, CS Falcon, ATP, and CbR using a recent incident as the starting point.

cc: thanks to @AshwinRamesh94 for the query work
Yesterday we stopped a #ransomware attack at a customer where initial entry was a remote admin connection from a 3p IT provider

- Attacker had admin
- Connected to host via ConnectWise (RDP)
- Opened CMD shell to open PS download cradle to deploy SODINOKIBI from hastebin[d]com
The attacker ransomed 1 host - but by removing access 6 min after the attack started - stopped it from becoming a much bigger issue.

Let's walk through a question or two we asked along the way using different EDR tech....
Read 15 tweets
ok #hackerfam and #infosec crew! who want's the see some of the RDP honepot data? (it's only initial so it will change, plus i'm deploying more nodes) #cyber #security #RDP #fuckransomware #ransomware @LisaForteUK @Cv19Cyber
so let's start out with a quick technical config! Here we have out honeypot (a real server in an isolated environment) in the @pwnDefend lab!
We've hardened the config so there is 0 chance of successfull brute forcing the creds and there's no known vulns on the box! let's see who is poking us?
Read 11 tweets
Aïe... @SopraSteria est pris sous le feu d'une #cyberattaque. Le groupe indique prévoir de communiquer aujourd'hui sur le sujet. Selon nos sources, il s'agit d'une attaque de #ransomware. Plus d'informations à venir prochainement dans @LeMagIT
Voici les premiers éléments dont dispose @LeMagIT sur l’attaque de #ransomware contre @SopraSteria. Cet article sera mis à jour à mesure que de nouveaux éléments nous parviennent.…
Read 7 tweets
Tú no lo sabes, pero tienes dentro a un grupo de #ransomware que no puede progresar pq has bastionado bien. Están jodidos, pero no son tontos, y en lugar de hacer ruido se han quedado hibernando hasta que salga esa PoC que les permita elevar privilegios y liártela parda 1/n.
El bastionado tan solo te da TIEMPO y OPORTUNIDAD. Un atacante determinado al final encontrará "ese" sistema sin parchear, "ese" fichero con las pass en un .txt... El objetivo del bastionado es denegar/degradar la capacidad del atacante, forzándole a salir de su "zona de comfort"
... y de esa forma obligándoles a hacer cosas q no están acostumbrados. Y ahí entra la pareja del bastionado: La DETECCIÓN. Cuanto más ruido hagan los atacantes, más oportunidades tendremos de detectarlos, pero hay que tener una estrategia de detección con cobertura y profundidad
Read 5 tweets
Dringende Warnung vor Hintertüren in #Citrix-Systemen

VPN-Gateways, die..Elektronischen Amtsverkehr, Ministerien, Supermarkketten usw. schützen, ist mit Schadsoftware verseucht. #Ransomware-Erpresser greifen nun ein Netz nach dem anderen an. 1/x
Nach der gewaltigen #Sicherheitslücke in #Citrix-Einwahlsystemen #Shitrix zu Jahresbeginn kommen..die Folgen..deutschen Sicherheitsberater @HiSolutions haben aktuell eine Reihe von Verschlüsselungsangriffen entdeckt, die über damals installierte Hintertüren geführt wurden. 2/x
Laut @HiSolutions verweisen die Spuren auf ordinäre Verschlüsselungserpresser, die Standard-Schadsoftware einsetzen, sobald sie einmal Zugang haben. Ihre Vorgehensweise ist alles andere als raffiniert... 3/x
Read 5 tweets
# of #ransomware deaths because hospitals triage their IT networks over that of a dying patient: 1

# of #HeartAttack deaths because hospitals restricted treatment for non-COVID patients:… Image
# of #ransomware deaths because hospitals triage their IT networks over that of a dying patient: 1

# of #cancer diagnoses delayed because hospitals restricted treatment for non-COVID patients:… Image
# of #ransomware deaths because hospitals triage their IT networks over that of a dying patient: 1

# of #KidneyDisease deaths because dialysis centers restricted treatment during COVID lockdowns:…
Read 6 tweets
So I’ve seen quite a bit on the #German #hospital #ransomware incident... my first view: it’s complex, my second: I’m gonna read more. My third: something is wrong with the wider system than the governance of a single hospital... that one could have been many..
Hopefully 🙏 the experiance of myself and the team @Cv19Cyber and other frends like @ctileague and other formal state services can help more people but I said this from the start earlier in the year.. this stuff is highly complex and difficult. Just saying ‘just patch’ is ..
A very simplistic statment to make about complex systems (not the technology). Doing this stuff right from the start is hard, fixing up and improving technical debt is even harder!
Read 3 tweets
Do you think German authorities should arrest the CIO of Duesseldorf University Clinic for the crime of NEGLIGENT HOMICIDE in the case of a patient who died in a #ransomware attack?
If the #ransomware attacker(s) who committed CYBER MURDER in a German hospital are serving duty in a nation-state military ... should we extradite them to The Hague to stand trial for a CYBER WAR CRIME?
Under what circumstances may a hospital TURN AWAY a dying patient when it has the ABILITY to save them?
Read 3 tweets
Let's talk reality.

COVID creates this very situation: your closest hospital can't take more patients so you ambulance to a distant hospital and there you die.

Hurricanes create this very situation: flooding destroys your closest hospital's emergency generators and...
Let's continue to talk reality

Women die ALL THE DAMN TIME because hospital ERs won't take them seriously

Here's a story from THIS year where... oh hell, just read the headline:
Let's CONTINUE to talk reality.

Black people in general die needlessly in hospital ERs. Here's CCTV footage of a Black woman who died in ER. She laid dead for HOURS.

A nurse got fired for manipulating her ER records in a coverup.
Read 9 tweets
Happening now: @CISAKrebs kicking off the 3rd annual @CISAgov Cybersummit... the background, written on the wall, "3P Voter" emphasizing the message CISA is increasingly pushing out for #Election2020 that voters must be prepared, participating and patient Image
.@CISAKrebs closes out his remarks w/anecdote about Marvel's Avengers, and then says, "Remember, super heroes wear masks"

#COVID19 Image
Worrisome #Ransomware trend - ransomware groups forming "#cartels" & working together to make money - a major shift change, @FBI's Jonathan Holmes tells @CISAgov's CyberSummit
Read 3 tweets
Grad dem Thomas vom civitec-CERT auf den #InternetSecurityDays vom @eco_de
am zuhören 👌

"#Sicherheitsvorfälle die nie passiert sind - Aus dem Alltag eines kommunalen #CERT"
#ISDD2020 Image
Da auch Thomas gerade von #Citrix #Shitrix erzählt... passt grad so schön - ja, leider 🙄
Na sowas.

Thomas vom civitec-CERT erzählt auf den #InternetSecurityDays vom @eco_de doch tatsächlich, dass #Ransomware ein gängiges Problem bei #Kommunen ist, das aber selten öffentlich wird, weil da gerne verheimlicht wird.
#ISDD2020 Image
Read 4 tweets
#Ransomware-Angriffe als Folge von #Shitrix

@Jedi_meister & @KainsRache von @HiSolutions

Monate nach kritischer Sicherheitslücke in #Citrix ADC und #NetScaler werden immer mehr Fälle bekannt.

Lücke früh ausgenutzt aber jetzt erst lukrative Verwendung!…
#Shitrix: Was kann der Gesetzgeber aus dem #Citrix-Vorfall lernen und für #KRITIS Betreiber verbessern?

Mit politische Forderungen von der @AG_KRITIS 👌…
Die @AG_KRITIS hat (so wie auch das @certbund) echt oft darüber berichtet und gewarnt :/

Schaut mal rein...
Read 5 tweets
#KRITIS Sektor #Gesundheit

#Uniklinik Düsseldorf nach #Ransomware-Angriff weitgehend lahmgelegt

"der oder die #Erpresser verlangen #Lösegeld in Höhe von 100 Bitcoins, das sind umgerechnet rund 870.000 Euro" uFF 1/3,…
Weia :/

"Bisher konnte lediglich die #Telefonanlage wiederherstellt werden" 2/3

"Obwohl #Krankenhäuser zur kritischen Infrastruktur #KRITIS gezählt werden, kommen #Ransomware-Angriffe auf diese immer wieder vor." 3/3
Read 3 tweets
Mañana a las 7:40am me invitaron a @telefenoticias para hablar sobre #Ransomware y el ataque sufrido por @Migraciones_AR , sus posibles consecuencias y repercusiones 👾🛬⛴ .
Ahora que hice el anuncio serio y sereno puedo reconocer que llamé a mi vieja, mi abuela y mis amigos para decirles que me invitaron a @telefe ,muy contento
La nota se pasó para mañana 🙃, gracias si alguien estaba del otro lado haciendo banca 🔜
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!