Kaspersky crimeware report: ransomware propagation and driver abuse



AI generated Image

Although it fits in the broader trend we are seeing these days—more and more functionality embedded in ransomware to reduce reliance on other tools—there is no self-spreading, as it is no longer necessary to use tools like Mimikatz. ARP requests made by Play ransomwareOnce an SMB resource is found, the ransomware establishes a connection, and tries to mount it, and to spread and execute itself in the remote system. For example, there is no leak site and victims have to contact the criminals via the email address in the ransom note.

Source read time: 3 min - securelist.com

Also offered in: Nederlands

More news for you