The Ryuk threat actors have struck again, moving from sending a phishing email to complete encryption across the victim’s network in just five hours.
That breakneck speed is partially the result of the gang using the Zerologon privilege-escalation bug (CVE-2020-1472), less than two hours after the initial phish, researchers said.
The Zerologon vulnerability allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Microsoft. It was patched in August, but many organizations remain vulnerable.
Read more…
Source: ThreatPost