A "RobbinHood" ransomware attack earlier this week crippled networks used by Baltimore's city government.
Security researcher Vitali Kremez said RobbinHood appears to focus exclusively on files on a single system, apparently infecting individual computers through psexec and/or domain controller compromise.
Kremez added that this suggests the attacker must have already secured administrative-level access to a system on the network, "due to the way the ransomware interacts with C:\Windows\Temp directory."
RobbinHood also relies on having a public RSA key present on the targeted computer so it can encrypt files.
Baltimore Mayor Bernard Young said Wednesday he was uncertain how long the city's systems would be offline. "There is a backup system with the IT department," Young said, "but we can't just go and restore because we don’t know how far back the virus goes.”
From Ars Technica
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA
No entries found