Palo Alto Networks investigating ransomware threat related to SharePoint exploitation Cybersecurity Dive
p
Let Cybersecurity Dives free newsletter keep you informed straight from your inbox
ppppResearchers said an unidentified hacker demanded a ransom after an intrusion linked to the SharePoint flawppResearchers from Palo Alto Networks say they are investigating a ransomware attack related to the recently disclosed ToolShell vulnerabilities in Microsoft SharePoint ppThe hackers left the victim a ransom note on Sunday claiming they had encrypted files using the 4L4MD4R ransomware The note warned that any attempt to decrypt the files would result in their deletionppThe hackers used PowerShell commands to disable realtime monitoring in Windows Defender according to Palo Alto Networks researchers The intruders also bypassed certificate validationppIf successfully executed the malware encrypts files and displays a ransom note that identifies itself as 4L4MD4R ransomware with a demand for payment in Bitcoin and several alternative cryptocurrencies said Andy Piazza senior director of threat intelligence at Palo Alto Networks Unit 42ppThe company is still investigating the identity of the attacker and whether they have deployed ransomware against other targetsppOn Thursday researchers from Shadowserver reported 17000 Sharepoint instances that were exposed on the internet 840 of which still had the critical vulnerability tracked as CVE202553770 which hackers have been exploiting for weeks ppShadowserver said at least 20 of those vulnerable servers contained webshells suggesting the presence of hackers ppIn July researchers said there were at least 300 known compromises worldwide including at key US government agencies ppThe ransomware attempt tied to a SharePoint attack marks another worrisome dimension to the ongoing attack campaign Microsoft researchers previously warned that the SharePoint vulnerability had attracted the interest of Chinabacked hackersppPalo Alto Networks researchers said the ransomware attack appeared to be unrelated to nationstate activity Researchers from Google and other firms previously warned of opportunistic attacks targeting vulnerable SharePoint instances ppGet the free daily newsletter read by industry expertsppPhoto illustration Industry Dive Joe ReadleGetty Images Brandon BellGetty ImagesppGovernment officials and security leaders are hoping the nations need for cyber resilience will stand on bipartisan cooperation and transcend partisan politics regardless of the election results ppJPMorgan ChaseppIn an open letter Patrick Opet said thirdparty vendors need to embrace secure development practices over speed to market ppSubscribe to Cybersecurity Dive for top news trends analysisppGet the free daily newsletter read by industry expertsppPhoto illustration Industry Dive Joe ReadleGetty Images Brandon BellGetty ImagesppGovernment officials and security leaders are hoping the nations need for cyber resilience will stand on bipartisan cooperation and transcend partisan politics regardless of the election results ppJPMorgan ChaseppIn an open letter Patrick Opet said thirdparty vendors need to embrace secure development practices over speed to market ppThe free newsletter covering the top industry headlinesp
Let Cybersecurity Dives free newsletter keep you informed straight from your inbox
ppppResearchers said an unidentified hacker demanded a ransom after an intrusion linked to the SharePoint flawppResearchers from Palo Alto Networks say they are investigating a ransomware attack related to the recently disclosed ToolShell vulnerabilities in Microsoft SharePoint ppThe hackers left the victim a ransom note on Sunday claiming they had encrypted files using the 4L4MD4R ransomware The note warned that any attempt to decrypt the files would result in their deletionppThe hackers used PowerShell commands to disable realtime monitoring in Windows Defender according to Palo Alto Networks researchers The intruders also bypassed certificate validationppIf successfully executed the malware encrypts files and displays a ransom note that identifies itself as 4L4MD4R ransomware with a demand for payment in Bitcoin and several alternative cryptocurrencies said Andy Piazza senior director of threat intelligence at Palo Alto Networks Unit 42ppThe company is still investigating the identity of the attacker and whether they have deployed ransomware against other targetsppOn Thursday researchers from Shadowserver reported 17000 Sharepoint instances that were exposed on the internet 840 of which still had the critical vulnerability tracked as CVE202553770 which hackers have been exploiting for weeks ppShadowserver said at least 20 of those vulnerable servers contained webshells suggesting the presence of hackers ppIn July researchers said there were at least 300 known compromises worldwide including at key US government agencies ppThe ransomware attempt tied to a SharePoint attack marks another worrisome dimension to the ongoing attack campaign Microsoft researchers previously warned that the SharePoint vulnerability had attracted the interest of Chinabacked hackersppPalo Alto Networks researchers said the ransomware attack appeared to be unrelated to nationstate activity Researchers from Google and other firms previously warned of opportunistic attacks targeting vulnerable SharePoint instances ppGet the free daily newsletter read by industry expertsppPhoto illustration Industry Dive Joe ReadleGetty Images Brandon BellGetty ImagesppGovernment officials and security leaders are hoping the nations need for cyber resilience will stand on bipartisan cooperation and transcend partisan politics regardless of the election results ppJPMorgan ChaseppIn an open letter Patrick Opet said thirdparty vendors need to embrace secure development practices over speed to market ppSubscribe to Cybersecurity Dive for top news trends analysisppGet the free daily newsletter read by industry expertsppPhoto illustration Industry Dive Joe ReadleGetty Images Brandon BellGetty ImagesppGovernment officials and security leaders are hoping the nations need for cyber resilience will stand on bipartisan cooperation and transcend partisan politics regardless of the election results ppJPMorgan ChaseppIn an open letter Patrick Opet said thirdparty vendors need to embrace secure development practices over speed to market ppThe free newsletter covering the top industry headlinesp
