This attack is the ultimate form of Remote Desktop Protocol (RDP) compromise. RDP is one of the most common ways to deploy ransomware because cybercriminals can compromise administrator accounts and systems that control entire organizations. As CrySis encrypts a computer, it also removes all of the automatic backups, so users can’t use them to restore files. Inception: First detected in February 2016; took a few months to spread; Attack vector: Remote Desktop Protocol (RDP)
The worldwide Accellion #cyberattacks appear to have originated from the infamous Clop #ransomware gang. https://wbrt.io/2P5E1Ln
Our #BrightCloud Threat Intelligence associated the IP address of the SolarWind's Orion update with a botnet in the summer of last year.
A properly configured security tool using our #threatintelligence data would have blocked comms with the C&C server. https://wbrt.io/3aQsjv7