Discover and read the best of Twitter Threads about #ransomware

Most recents (24)

It’s our birthday! #CISAgov was established on November 16, 2018. From elections to COVID-19 to natural disasters and more, year two has been action-packed. Let’s take a trip down memory lane…
Informed by #cyber intelligence and real-world events, we issued several insight products, providing background on #cyber threats, #vulnerabilities, and mitigation activities: cisa.gov/insights #InfoSec
One key insight was in in January when we warned partners about potential Iranian retaliation against U.S. organizations—and advised them on how to assess and strengthen their physical & cyber security. This is the kind of rapid information-sharing we aim for! #InfoSecurity
Read 15 tweets
Nueva víctima de #Egregor
CENCOSUD 🇨🇱🇦🇷

Posible vector de acceso:
- RDP Expuesto a Internet
- También se habla de un INSIDER (?) 😬

OJO, en Chile otra empresa del RETAIL se encuentra infectada com #Emotet.

[#Ransomware] ALERTADOS el 15 oct. 2020 👇
Interesante...

#Egregor envía a imprimir automáticamente la nota de rescate.

#Maze habla por los parlantes indicando que tú equipo y datos han sido encriptados.
Read 5 tweets
To the "do it all" IT folks or new #SOC analysts that need a little help - a thread for you.

Cheat sheets and example queries for Endgame, CS Falcon, ATP, and CbR using a recent incident as the starting point.

cc: thanks to @AshwinRamesh94 for the query work
Yesterday we stopped a #ransomware attack at a customer where initial entry was a remote admin connection from a 3p IT provider

- Attacker had admin
- Connected to host via ConnectWise (RDP)
- Opened CMD shell to open PS download cradle to deploy SODINOKIBI from hastebin[d]com
The attacker ransomed 1 host - but by removing access 6 min after the attack started - stopped it from becoming a much bigger issue.

Let's walk through a question or two we asked along the way using different EDR tech....
Read 15 tweets
ok #hackerfam and #infosec crew! who want's the see some of the RDP honepot data? (it's only initial so it will change, plus i'm deploying more nodes) #cyber #security #RDP #fuckransomware #ransomware @LisaForteUK @Cv19Cyber
so let's start out with a quick technical config! Here we have out honeypot (a real server in an isolated environment) in the @pwnDefend lab!
We've hardened the config so there is 0 chance of successfull brute forcing the creds and there's no known vulns on the box! let's see who is poking us?
Read 11 tweets
Aïe... @SopraSteria est pris sous le feu d'une #cyberattaque. Le groupe indique prévoir de communiquer aujourd'hui sur le sujet. Selon nos sources, il s'agit d'une attaque de #ransomware. Plus d'informations à venir prochainement dans @LeMagIT
Voici les premiers éléments dont dispose @LeMagIT sur l’attaque de #ransomware contre @SopraSteria. Cet article sera mis à jour à mesure que de nouveaux éléments nous parviennent. lemagit.fr/actualites/252…
Read 7 tweets
Tú no lo sabes, pero tienes dentro a un grupo de #ransomware que no puede progresar pq has bastionado bien. Están jodidos, pero no son tontos, y en lugar de hacer ruido se han quedado hibernando hasta que salga esa PoC que les permita elevar privilegios y liártela parda 1/n.
El bastionado tan solo te da TIEMPO y OPORTUNIDAD. Un atacante determinado al final encontrará "ese" sistema sin parchear, "ese" fichero con las pass en un .txt... El objetivo del bastionado es denegar/degradar la capacidad del atacante, forzándole a salir de su "zona de comfort"
... y de esa forma obligándoles a hacer cosas q no están acostumbrados. Y ahí entra la pareja del bastionado: La DETECCIÓN. Cuanto más ruido hagan los atacantes, más oportunidades tendremos de detectarlos, pero hay que tener una estrategia de detección con cobertura y profundidad
Read 5 tweets
Dringende Warnung vor Hintertüren in #Citrix-Systemen

VPN-Gateways, die..Elektronischen Amtsverkehr, Ministerien, Supermarkketten usw. schützen, ist mit Schadsoftware verseucht. #Ransomware-Erpresser greifen nun ein Netz nach dem anderen an. 1/x
#Shitrix
fm4.orf.at/stories/300727…
Nach der gewaltigen #Sicherheitslücke in #Citrix-Einwahlsystemen #Shitrix zu Jahresbeginn kommen..die Folgen..deutschen Sicherheitsberater @HiSolutions haben aktuell eine Reihe von Verschlüsselungsangriffen entdeckt, die über damals installierte Hintertüren geführt wurden. 2/x
Laut @HiSolutions verweisen die Spuren auf ordinäre Verschlüsselungserpresser, die Standard-Schadsoftware einsetzen, sobald sie einmal Zugang haben. Ihre Vorgehensweise ist alles andere als raffiniert... 3/x
Read 5 tweets
# of #ransomware deaths because hospitals triage their IT networks over that of a dying patient: 1

# of #HeartAttack deaths because hospitals restricted treatment for non-COVID patients:

heart.org/en/news/2020/0… Image
# of #ransomware deaths because hospitals triage their IT networks over that of a dying patient: 1

# of #cancer diagnoses delayed because hospitals restricted treatment for non-COVID patients:

cancer.org/latest-news/co… Image
# of #ransomware deaths because hospitals triage their IT networks over that of a dying patient: 1

# of #KidneyDisease deaths because dialysis centers restricted treatment during COVID lockdowns:

kidney.org/coronavirus/di…
Read 6 tweets
So I’ve seen quite a bit on the #German #hospital #ransomware incident... my first view: it’s complex, my second: I’m gonna read more. My third: something is wrong with the wider system than the governance of a single hospital... that one could have been many..
Hopefully 🙏 the experiance of myself and the team @Cv19Cyber and other frends like @ctileague and other formal state services can help more people but I said this from the start earlier in the year.. this stuff is highly complex and difficult. Just saying ‘just patch’ is ..
A very simplistic statment to make about complex systems (not the technology). Doing this stuff right from the start is hard, fixing up and improving technical debt is even harder!
Read 3 tweets
Do you think German authorities should arrest the CIO of Duesseldorf University Clinic for the crime of NEGLIGENT HOMICIDE in the case of a patient who died in a #ransomware attack?
If the #ransomware attacker(s) who committed CYBER MURDER in a German hospital are serving duty in a nation-state military ... should we extradite them to The Hague to stand trial for a CYBER WAR CRIME?
Under what circumstances may a hospital TURN AWAY a dying patient when it has the ABILITY to save them?
Read 3 tweets
Let's talk reality.

COVID creates this very situation: your closest hospital can't take more patients so you ambulance to a distant hospital and there you die.

Hurricanes create this very situation: flooding destroys your closest hospital's emergency generators and...
Let's continue to talk reality

Women die ALL THE DAMN TIME because hospital ERs won't take them seriously

Here's a story from THIS year where... oh hell, just read the headline:
amp.usatoday.com/amp/4446314002
Let's CONTINUE to talk reality.

Black people in general die needlessly in hospital ERs. Here's CCTV footage of a Black woman who died in ER. She laid dead for HOURS.

A nurse got fired for manipulating her ER records in a coverup.
Read 9 tweets
Happening now: @CISAKrebs kicking off the 3rd annual @CISAgov Cybersummit...

...in the background, written on the wall, "3P Voter" emphasizing the message CISA is increasingly pushing out for #Election2020 that voters must be prepared, participating and patient Image
.@CISAKrebs closes out his remarks w/anecdote about Marvel's Avengers, and then says, "Remember, super heroes wear masks"

#COVID19 Image
Worrisome #Ransomware trend - ransomware groups forming "#cartels" & working together to make money - a major shift change, @FBI's Jonathan Holmes tells @CISAgov's CyberSummit
Read 3 tweets
Grad dem Thomas vom civitec-CERT auf den #InternetSecurityDays vom @eco_de
am zuhören 👌

"#Sicherheitsvorfälle die nie passiert sind - Aus dem Alltag eines kommunalen #CERT"
#ISDD2020 Image
Da auch Thomas gerade von #Citrix #Shitrix erzählt... passt grad so schön - ja, leider 🙄
Na sowas.

Thomas vom civitec-CERT erzählt auf den #InternetSecurityDays vom @eco_de doch tatsächlich, dass #Ransomware ein gängiges Problem bei #Kommunen ist, das aber selten öffentlich wird, weil da gerne verheimlicht wird.
#ISDD2020 Image
Read 4 tweets
#Ransomware-Angriffe als Folge von #Shitrix

@Jedi_meister & @KainsRache von @HiSolutions

Monate nach kritischer Sicherheitslücke in #Citrix ADC und #NetScaler werden immer mehr Fälle bekannt.

Lücke früh ausgenutzt aber jetzt erst lukrative Verwendung!
hisolutions.com/detail/ransomw…
#Shitrix: Was kann der Gesetzgeber aus dem #Citrix-Vorfall lernen und für #KRITIS Betreiber verbessern?

Mit politische Forderungen von der @AG_KRITIS 👌
ag.kritis.info/2020/01/26/shi…
Die @AG_KRITIS hat (so wie auch das @certbund) echt oft darüber berichtet und gewarnt :/

Schaut mal rein...
ag.kritis.info/tag/citrix/
Read 5 tweets
#KRITIS Sektor #Gesundheit

#Uniklinik Düsseldorf nach #Ransomware-Angriff weitgehend lahmgelegt

"der oder die #Erpresser verlangen #Lösegeld in Höhe von 100 Bitcoins, das sind umgerechnet rund 870.000 Euro" uFF 1/3
winfuture.de/news,118238.ht…
Weia :/

"Bisher konnte lediglich die #Telefonanlage wiederherstellt werden" 2/3
DIES!

"Obwohl #Krankenhäuser zur kritischen Infrastruktur #KRITIS gezählt werden, kommen #Ransomware-Angriffe auf diese immer wieder vor." 3/3
Read 3 tweets
Mañana a las 7:40am me invitaron a @telefenoticias para hablar sobre #Ransomware y el ataque sufrido por @Migraciones_AR , sus posibles consecuencias y repercusiones 👾🛬⛴ .
Ahora que hice el anuncio serio y sereno puedo reconocer que llamé a mi vieja, mi abuela y mis amigos para decirles que me invitaron a @telefe ,muy contento
🤯🔥🥳🎊
La nota se pasó para mañana 🙃, gracias si alguien estaba del otro lado haciendo banca 🔜
Read 3 tweets
"#Chinese intelligence services have been very very active, as have the #Russia|ns" @CISAKrebs tells #BillingtonCyberSecurity
#Russia, #China, #Iran, others also active with #disinformation, pushing conspiracies like martial law takeovers, #5G towers spreading #COVID19 - "complete garbage" per @CISAKrebs
#cyber schemes moving more toward disrupting functionality as opposed to compromising data, per @CISAKrebs
Read 13 tweets
Ongoing concerns about #ransomware attack on US elections

"The reason ransomware attacks are a realistic threat is because after planting the #malware, it could then be activated at a precise moment" per @NJOHSP update
njhomelandsecurity.gov/at-a-glance/8-…
"Even for states conducting elections entirely by mail, though it [#ransomware] might not affect getting accurate votes, it could still impact vote-tallying systems" per @NJOHSP about #Election2020
Contacted about the update, @NJOHSP says its "At A Glance" update is a compilation from multiple sources, including news agencies, government press releases, etc, & "does not reflect the opinion of NJOHSP or the State of New Jersey"
Read 4 tweets
As the ransomware used on Garmin did not have known weaknesses or decryptors, Garmin probably negotiated with them. They might have paid the full $10 mil though.

#cybersecurity #ransomware #security #CISO #CISOthoughts

bleepingcomputer.com/news/security/…
And the provided decryption software included a number of security software that would help Garmin reduce the potential of another ransomware attack.
It is always good to have a customer centric focus, and even if you are peddling malware, it still behooves you to act professionally. These malware service providers are very professional. 10/10. Would pay again. 😂🙈😎
Read 15 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!