Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

The Ryuk threat actors have struck again, moving from sending a phishing email to complete encryption across the victim’s network in just five hours.

That breakneck speed is partially the result of the gang using the Zerologon privilege-escalation bug (CVE-2020-1472), less than two hours after the initial phish, researchers said.

The Zerologon vulnerability allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Microsoft. It was patched in August, but many organizations remain vulnerable.

Read more…
Source: ThreatPost