Call Anytime 24/7
+91 9663445445
Mail Us For Support
info@aadit.net
Office Address
Bengaluru, India.
Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?
Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?
Call Anytime 24/7
Crypt Ghouls, a nascent threat actor, has been linked to a series of cyber attacks on Russian businesses and government agencies using ransomware with the aim of disrupting business operations and financial gain. This group’s toolkit includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, AnyDesk, PsExec, and more.
Key Points: Ransomware Details:
• Crypt Ghouls used the well-known ransomware LockBit 3.0 and Babuk.
• Their toolkit includes a variety of utilities for exploiting vulnerabilities and maintaining remote access.
Exploitation by Ransomware Group:
• Initial breaches were traced to VPN connections from IP addresses associated with a Russian hosting provider and a contractor’s network.
• The attackers used compromised VPN credentials to gain unauthorized access.
Target Audience:
• Government agencies, and companies in mining, energy, finance, and retail sectors in Russia.
• Organizations with vulnerable remote access systems and unpatched security flaws.
Impact and Risks:
• Successful exploitation leads to encryption of system data, including data in the Recycle Bin, to inhibit recovery.
• The ransomware disrupts operations and demands ransom via a link in the Session messaging service.
Defense Strategies:
• Regularly update and patch VPN and other remote access systems.
• Monitor for suspicious activity and strengthen remote access defenses.
