Posts tagged Ransomware

7 min Ransomware

The Ransomware Task Force: A New Approach to Fighting Ransomware

The Institute for Security and Technology put together a comprehensive Ransomware Task Force (RTF) to identify new approaches to shift the dynamics of ransomware and reduce opportunities for attackers.

3 min Ransomware

Decrypter FOMO No Mo’: Five Years of the No More Ransom Project

The amazing No More Ransom Project celebrates its fifth anniversary today and so we just wanted to take a moment to talk about what it has accomplished and why you should tell all your friends about it.

3 min Research

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks.

3 min Ransomware

Ransomware Payments and Sanctions - U.S. Treasury Advisory

The U.S. Department of Treasury issued an advisory warning that paying ransoms to cybercriminal groups risks violating sanctions. Rapid7 has previously recommended that victims not pay ransom, and urges organizations to focus on ransomware prevention and recovery.

3 min COVID Health

The Healthcare Security Pro's Guide to Ransomware Attacks

In this blog, we discuss the best practices to defend against ransomware attacks in the healthcare industry.

2 min Incident Response

4 Key Lessons from the Citycomp Data Breach

On April 30, 2019 Motherboard reported on a combined data breach and extortion attempt against Citycomp, a network and internet infrastructure firm based in Germany.

4 min Medical

Top 5 Threats Healthcare Organizations Face and How to Combat Them

Looking to protect your healthcare organization from cyber-threats? Here are the top five threats to look out for and tips on how to outsmart attackers.

3 min Penetration Testing

7 Funny and Punny Halloween Costume Ideas for Tech and Cybersecurity Pros

Stuck on what to be this year? Here are some of our favorite Halloween costume ideas for tech and cybersecurity professionals.

3 min Project Heisenberg

No More Tears? WannaCry, One Year Later

WannaCry, one year later, and what happened to the SMB target environment.

4 min Ransomware

Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010

A Petya-like ransomworm struck on June 27th 2017 and spread throughout the day, affecting organizations in several European countries and the US. It is believed that the ransomworm may achieve its initial infection via a malicious document attached to a phishing email, and that it then leverages the EternalBlue [https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue]and DoublePulsar [https://www.rapid7.com/security-response/doublepulsar/]exploits to spread laterally. Once in

4 min Microsoft

Petya-like Ransomware Explained

TL;DR summary (7:40 PM EDT June 28): A major ransomware attack started in Ukraine yesterday and has spread around the world. The ransomware, which was initially thought to be a modified Petya variant, encrypts files on infected machines and uses multiple mechanisms to both gain entry to target networks and to spread laterally. Several research teams are reporting that once victims' disks are encrypted, they cannot be decrypted [https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware

4 min Ransomware

Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose

*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available in Metasploit for testing your compensating controls and validating remediations. More info: EternalBlue: Metasploit Module for MS17-010 [/2017/05/20/metasploit-the-power-of-the-community-and-eternalblue]. Also removed steps 5 and 6 from scan instructions as they were not strictly necessary and causing issues for some customers. *Update 5/17/17: Unauthenticated remote checks have now been provided. For hosts that ar

6 min Research

WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them (Port 445 Exploit)

WannaCry Overview Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding computers for ransom at hospitals, government offices, and businesses. To recap: WannaCry exploits a vulnerability in the Windows Server Message Block (SMB) file sharing protocol. It spreads to unpatched devices directly connected to the internet and, once inside an organization, those machines and devices behind the firew

5 min Microsoft

Wanna Decryptor (WNCRY) Ransomware Explained

Mark the date: May 12, 2017. This is the day the “ransomworm” dubbed “WannaCry” / “Wannacrypt [https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/Wannacrypt.A!rsm] ” burst — literally — onto the scene with one of the initial targets being the British National Health Service [http://www.bbc.com/news/health-39899646]. According to The Guardian [https://www.theguardian.com/society/2017/may/12/hospitals-across-england-hit-by-large-scale-cyber-attack] : the “

4 min Microsoft

Attacking Microsoft Office - OpenOffice with Metasploit Macro Exploits

It is fair to say that Microsoft Office and OpenOffice are some of the most popular applications in the world. We use them for writing papers, making slides for presentations, analyzing sales or financial data, and more. This software is so important to businesses that, even in developing countries, workers that are proficient in an Office suite can make a decent living based on this skill alone. Unfortunately, high popularity for software also means more high-value targets in the eyes of an at