Weekly Intelligence Summary 30 October 2020

October 30, 2020

After a short hiatus, the “Ryuk” ransomware variant is back with upgrades, including the ability to fully encrypt data in just five hours. A victim would need to respond to such an attack within one hour to stop it, according to security researchers. Ryuk’s operators have been exploiting the recently identified Zerologon vulnerability, which has enabled privilege escalation and access to a domain controller without the attackers having to target a high-privilege user in their initial phishing email. Previously, Ryuk was thought to have been replaced by the “Conti” ransomware variant, but instead the souped-up Ryuk will almost certainly prevail as a threat into the mid-term future (between three months and one year).

Previous Video
Demystifying the Dark Web - Digital Shadows Webinar
Demystifying the Dark Web - Digital Shadows Webinar

The dark web is a mysterious unknown for many organizations. Unfortunately, gaining visibility into these l...

Next Report
Weekly Intelligence Summary 23 October 2020
Weekly Intelligence Summary 23 October 2020

A ruthless, ever-evolving cyber-threat group, “FIN11”, has been discovered deploying “Clop”: ransomware tha...

Want To Try Our Digital Risk Protection Tool?

Get Started Free