UnixDevel Posted February 20 Report Posted February 20 Summary According to BleepingComputer, a ransomware attack that occurred starting 0n February 11 forced 100 hospitals across Romania to take their systems offline. BackMyData ransomware, which took credit for it, belongs to the Phobos family. The malware embedded an AES key that is used to decrypt its configuration containing whitelisted extensions, files, and directories, a public RSA key that is used to encrypt AES keys used for files’ encryption, and other information. Persistence is achieved by creating an entry under the Run registry key and copying the malware to the Startup folder. The ransomware encrypts the local drives as well as the network shares. It deletes all Volume Shadow Copies and runs commands to disable the firewall. Full Article https://cybergeeks.tech/a-technical-analysis-of-the-backmydata-ransomware-used-to-attack-hospitals-in-romania/ 1 Quote
Nytro Posted February 20 Report Posted February 20 1 hour ago, UnixDevel said: Persistence is achieved by creating an entry under the Run registry key and copying the malware to the Startup folder Hardcore malware, 2002. 1 Quote
itlstl Posted March 2 Report Posted March 2 Am inteles de la niste cunostinte ca e plin de win7 si xp...mai ales la cabinetele mai mici, dispensare de comuna si tot asa. evident fara AD, userul e si admin. long live cloudul guvernamental. Quote
Nytro Posted March 2 Report Posted March 2 Din punctul meu de vedere poate sa fie si Windows 95 cat timp e patched pentru RCE sau nu e expus in Internet si cine are grija de ele nu descarca Midget_Porn.avi.exe Principiul KISS (Keep It Simple Stupid) ar ajuta destul de mult, dar la noi nu e nici macar awareness. 1 Quote
