LockCrypt Ransomware Spreading via RDP Brute-Force Attacks [source: alienvault]

by CIRT Team

We previously reported on SamSam ransomware charging high ransoms for infected servers. But SamSam isn’t the only ransomware out there charging eye-watering amounts to decrypt business servers.

Initial reports of a new variant of ransomware called LockCrypt started in June of this year. In October we saw an increase in infections.

LockCrypt doesn’t have heavy code overlaps with other ransomware. We’ve seen evidence that the attackers likely started out with easier-to-deploy “ransomware as a service” before re-investing in their own ransomware.

We have seen small businesses infected with LockCrypt in the US, UK, South Africa, India and the Philippines.

Initial Compromise

One target reported they were infected via RDP brute-forcing from a compromised mail server. The attackers then manually killed business critical processes for maximum damage.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping