Fog ransomware attacks use employee monitoring tool to break into business networks
techradar.com
- Fog ransomware was seen using Syteca, a legitimate employee monitoring tool, to log keys and grab passwords
- It also used open-source tools for payload dropping and file exfiltration
- The attack was "atypical", researchers claim
Fog ransomware operators have expanded their arsenal to include legitimate and open source tools. This is, most likely, to avoid being detected before deploying the encryptor.
Security researchers from Symantec were recently brought in to investigate a Fog ransomware infection, and determined the hackers used Syteca, a legitimate employee monitoring tool, during the attack.
This program, previously known as Ekran, records screen activity and keystrokes, and hasn’t been seen abused in attacks before now.
"Several" accounts compromised
By logging keystrokes and tracking passwords, the attackers were able to access additional systems, map out the network, and then successfully deploy the encryptor.
To drop Syteca, Fog used Stowaway, an open-source, multi-hop proxy ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE