fromTheregister
2 days agoSharePoint attackers add Velociraptor to ransomware tools
The ransomware gang caught exploiting Microsoft SharePoint zero-days over the summer has added a new tool to its arsenal: Velociraptor, an open-source digital forensics and incident response app not previously tied to ransomware incidents. In August, Cisco's Talos incident response team dealt with a ransomware attack in which the criminals deployed Warlock, LockBit, and Babuk ransomware to encrypt VMware ESXi virtual machines and Windows servers, and used Velociraptor to maintain stealthy access while they encrypted the victim organization's files. "Talos assesses with moderate confidence that this activity can be attributed to the group Storm-2603," Talos' researchers Michael Szeliga, Aliza Johnson, and Jaeson Schultz said in a Thursday threat report.
Information security