Palo Alto Networks is investigating a ransomware attack involving ToolShell vulnerabilities in Microsoft SharePoint. A ransom note was left by the attackers, claiming files were encrypted with 4L4MD4R ransomware, warning that any decryption attempts would result in file deletion. Additionally, the attackers employed PowerShell commands to disable real-time monitoring in Windows Defender and successfully bypassed certificate validation to facilitate their intrusion.
The hackers left the victim a ransom note on Sunday claiming they had encrypted files using the 4L4MD4R ransomware. The note warned that any attempt to decrypt the files would result in their deletion.
The hackers used PowerShell commands to disable real-time monitoring in Windows Defender, according to Palo Alto Networks researchers. The intruders also bypassed certificate validation.
Collection
[
|
...
]