Kaspersky crimeware report: ransomware propagation and driver abuse
In our series of security blog posts, we look at some of the latest ransomware-related news.
Although it fits in the broader trend we are seeing these days—more and more functionality embedded in ransomware to reduce reliance on other tools—there is no self-spreading, as it is no longer necessary to use tools like Mimikatz. ARP requests made by Play ransomwareOnce an SMB resource is found, the ransomware establishes a connection, and tries to mount it, and to spread and execute itself in the remote system. For example, there is no leak site and victims have to contact the criminals via the email address in the ransom note.
Source read time: 3 min - securelist.com
Also offered in: Nederlands