An online leak site run by hive threat actors, accessible through a .onion address, targets ransomware victims with the intention of ‘naming and shaming’ them. In addition, the malware operators practice double extortion, which involves stealing sensitive corporate data from a victim organization before encrypting the disk. In the event a victim does not pay for a decryption key, cyberattackers will plaster their name across the leak site and set a timer before the data is exposed. It exacerbates the pressure and allows the attackers more opportunities for extortion.
Research by the Varonis Forensics Team has shown that by stealing the domain administrator NTLM hash without needing to crack the password, the operator can reuse it via a Pass-The-Hash attack and take control of the domain admin account. In other words, Pass-The-Hash techniques can fool a target system into launching authenticated sessions on a network without the need to crack a password.
What is the status of your Exchange Servers? Do your Exchange servers have the latest security patches?
Do you consider passwordless authentication?
Does your organization have a zero-trust architecture in place, continuously monitoring and validating that users and their devices have the appropriate privileges?
