An nameless reader writes:
An investigation by means of Sophos has exposed a brand new, lazy however efficient ransomware assault the place hackers brute force passwords on computers with [Microsoft’s] Remote Desktop Protocol enabled, use off-the-shelf privilege escalation exploits to make themselves admins, flip off safety device after which manually run fusty previous variations of ransomware.
They even delete the restoration recordsdata created by means of Windows Live backup — and ensure they are able to additionally scramble the database. “Because they’ve used their sysadmin powers to rig the system to be as insecure as they can, they can often use older versions of ransomware, perhaps even variants that other crooks have given up on and that are now floating around the internet ‘for free’.”
Most of the assaults hit small-to-medium corporations with 30 or fewer staff, since “with small scale comes a dependence on external IT suppliers or ‘jack-of-all-trades’ IT generalists trying to manage cybersecurity along with many other responsibilities. In one case a victim was attacked repeatedly, because of a weak password used by a third-party application that demanded 24-hour administrator access for its support staff.”