UnixDevel Posted February 20 Report Share Posted February 20 Summary According to BleepingComputer, a ransomware attack that occurred starting 0n February 11 forced 100 hospitals across Romania to take their systems offline. BackMyData ransomware, which took credit for it, belongs to the Phobos family. The malware embedded an AES key that is used to decrypt its configuration containing whitelisted extensions, files, and directories, a public RSA key that is used to encrypt AES keys used for files’ encryption, and other information. Persistence is achieved by creating an entry under the Run registry key and copying the malware to the Startup folder. The ransomware encrypts the local drives as well as the network shares. It deletes all Volume Shadow Copies and runs commands to disable the firewall. Full Article https://cybergeeks.tech/a-technical-analysis-of-the-backmydata-ransomware-used-to-attack-hospitals-in-romania/ 1 Quote Link to comment Share on other sites More sharing options...
Nytro Posted February 20 Report Share Posted February 20 1 hour ago, UnixDevel said: Persistence is achieved by creating an entry under the Run registry key and copying the malware to the Startup folder Hardcore malware, 2002. 1 Quote Link to comment Share on other sites More sharing options...
itlstl Posted March 2 Report Share Posted March 2 Am inteles de la niste cunostinte ca e plin de win7 si xp...mai ales la cabinetele mai mici, dispensare de comuna si tot asa. evident fara AD, userul e si admin. long live cloudul guvernamental. Quote Link to comment Share on other sites More sharing options...
Nytro Posted March 2 Report Share Posted March 2 Din punctul meu de vedere poate sa fie si Windows 95 cat timp e patched pentru RCE sau nu e expus in Internet si cine are grija de ele nu descarca Midget_Porn.avi.exe Principiul KISS (Keep It Simple Stupid) ar ajuta destul de mult, dar la noi nu e nici macar awareness. 1 Quote Link to comment Share on other sites More sharing options...
