• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • News
  • Tutorials
  • Ransomware TV

Ransomware Found Existing in an Organization for Almost a Year!

July 31, 2018Simeon Georgiev

Recently, an organization that intends to be anonymous contacted a ransomware removal service to gain further insights about a ransomware that infected their systems. Thus, the contacted officials started working with the organization and after the early proceedings, it was deduced that the ransomware had been present since last year’s October. The news came as a shock for the organization as they expected the ransomware to be only a recent threat. The ransomware is expected to be belonging to either Dharma or Crysis’ variant.

RDP Strategy

Ransomware removal analysts found the cybercriminals use Remote Desktop Protocol (RDP) for nefarious purposes. RDP is a Microsoft tool that is used by network engineers and system administrators. A Russian IP was found to be at the center of the ransomware as cybercriminals used RDP to link the organization’s systems with its remote servers. Activities related to RDP stretched for at least seven days long.

Most of the processes that were initiated by the cyber attack occurred before the infection of the ransomware and another system of the organization was also targeted. When ransomware attacked the organization, on that day the last RDP link was found to be originating from Asia in Russia while in the next hour, another link was seen that originated in Europe in Sweden. After the creation of these links, it took cybercriminals less than a minute to add malicious files to the system of the organization.

Ransomware removal experts have noticed similar strategies in the past year through which organizations have been exploited and cybercriminals have been racking up profits through their data as they demand ransom or sell their data to third-parties on the dark web. Companies that have been targeted range from small to large scale, while both the private and governmental sector has been equally ravaged.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: simeon10georgiev@gmail.com
Previous post Spider Ransomware Strikes Back Next post EndureData Releases a Solution for Ransomware Removal and Recovery

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

BitPaymer Ransomware Traced Back to Dridex Developers

February 1, 2018Simeon Georgiev
BitPaymer Ransomware Traced Back to Dridex Developers

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • Ways to Catch Cybercriminals
  • What Expertise is Required to Deal with Ransomware Removal?
  • Tips to Prevent Ransomware Attacks on Your Device
  • Ways to Store Your Data Securely
  • Software Available to Save Yourself from a Ransomware Attack

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.