-
SAMAS RansomWorm: The Next-Gen Ransomware That Stole $450,000
By Javelin | March 8, 2017
How is Samas RansomWorm different from normal ransomware?
Whereas traditional ransomware only encrypts the machine the attacker is controlling, RansomWorm spreads inside throughout the entire network to encrypt every server and computer—and the backups.
[gs_lp_like_post] 0 responses -
Detecting Pass-The- Ticket and Pass-The- Hash Attack Using Simple WMI Commands
By Javelin | February 9, 2017
PTH and PTT attacks are commonly known methods that attackers use for their lateral movement in a domain environment. We’ve seen them for a long time in the industry, but the constant pursuit after the detection of those attack methods isn’t over yet.
They’re really hard to detect because these attacks leverages legitimate Active Directory operations in order to achieve their goals, which is eventually – getting higher permissions inside the domain environment context, and being able to move laterally into more sensitive and desirable locations.
[gs_lp_like_post] 0 responses
