Aug 302017

I mentioned this ransomware incident the other day, but now Catalin Cimpanu has a really good article with much detail about the ransomware and ransom demands, etc. You can read his report on BleepingComputer.

Catalin’s article answers one question I had posed about the NHS Lanarkshire incident – the ransomware is believed to be installed by attackers performing brute-force attacks on exposed RDP endpoints and then moving laterally on the network, installing Bit Paymer manually on each compromised system.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>