Exam 1 Current Events Flashcards
Baby’s Death: What happened?
-Health records inaccessible
-Wireless tracking system for tracking staff was down
-In Labor + Delivery Unit, staff cut off from heart monitors
Baby’s Death: Why? // Who?
Ransomware // Unknown. Potentially Ryuk gang (Russia)
Hive Ransomware: How it works
Uses multiple mechanisms to compromise corporate networks, making it harder for defenders to mitigate.
It noted that these include phishing emails with malicious attachments to gain initial access and the hijacking of Remote Desktop Protocol (RDP) to move laterally.
Then it drops a hive.bat script into the directory, which enforces an execution timeout delay of one second in order to perform clean-up after the encryption is finished
A second file, shadow.bat, is dropped into the directory to delete shadow copies, including disc backup copies or snapshots, without notifying the victim and then deletes the shadow.bat file.
The ransom note, dropped into every impacted directory, warns that if encrypted files are modified, renamed or deleted, they can’t be recovered. In the spirit of modern ransomware operations, which are highly professionalized, there’s also a live chat link to a ‘sales department,’ accessible through a TOR browser, for further communication.
Ross Sim Hack: How? // Why?
Porting a number — Switching carriers
Vishing / Social Engineering / Whaling / Impersonation / Spear Phishing
