LockCrypt Ransomware Spreading via RDP Brute-Force Attacks [source: alienvault]

We previously reported on SamSam ransomware charging high ransoms for infected servers. But SamSam isn’t the only ransomware out there charging eye-watering amounts to decrypt business servers.

Initial reports of a new variant of ransomware called LockCrypt started in June of this year. In October we saw an increase in infections.

LockCrypt doesn’t have heavy code overlaps with other ransomware. We’ve seen evidence that the attackers likely started out with easier-to-deploy “ransomware as a service” before re-investing in their own ransomware.

We have seen small businesses infected with LockCrypt in the US, UK, South Africa, India and the Philippines.

Initial Compromise

One target reported they were infected via RDP brute-forcing from a compromised mail server. The attackers then manually killed business critical processes for maximum damage.

For more, click here.

Recommended Posts

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping

সাইবার-নিরাপত্তা-সূচকে-এগিয়েছে-বাংলাদেশ

30 Jun 2021 - CIRT In Media, News Clipping

Lazarus supply‑chain attack in South Korea [welivesecurity]

22 Nov 2020 - CIRT In Media, News Clipping