I discovered the following files downloaded to the server: Now we can look at the tools the attackers used and try to understand their techniques. Maybe they forgot to encrypt it on their way out?Įither way, this oversight provides us with an interesting opportunity. If the attackers wanted to keep their foothold, it would make sense to encrypt this server last. The attacker’s tools were downloaded to the server, so it appears they used this server to stage their attack. It’s not clear why, but the first server the attackers compromised was not encrypted with ransomware. In this article, we will look at some of the tools used by the attackers. This is a follow up to my previous article in which we looked at Ransomware attack.
0 kommentar(er)
