Cert2Connect

Buzzing On Christmas Eve Trigona Ransomware In 3 Hours

Researchers discovered a cyberattack incident where Trigona ransomware was deployed within 3 hours of initial access. The intrusion began with the threat actor gaining access to an exposed RDP host using legitimate credentials for the default Administrator account. They deployed a toolkit including batch scripts and the SoftPerfect Netscan tool for network reconnaissance. The threat actor identified network shares explored documents and initiated lateral movement by establishing an RDP connection to a file server. Then they copied their toolkit to the server staged Rclone disabled Windows Defender and exfiltrated data to Mega. Then the actor accessed file share servers disabled Windows Defender and staged the ransomware payload on each of the hosts they had access to. After that the Trigona payload was executed propagating itself across the network via the SMB protocol.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak