back to article Imagine surviving a wiper attack only for ransomware to scramble your restored files

Organizations hit earlier by the HermeticWiper malware have reportedly been menaced by ransomware unleashed this month against transportation and logistics industries in Ukraine and Poland. Though there is an overlap in victims, it's unclear whether this Prestige ransomware and HermeticWiper are controlled by the same …

  1. Potemkine! Silver badge

    There's a free tool (in its basic version) to help harden an AD: PingCastle. It audits your install and gives advices to strengthen the AD security.

    == Bring us Dabbsy back! ==

  2. Mike 137 Silver badge

    The real crux

    "It's not yet clear how victims' networks were compromised by the extortionists to run their file-scrambling malware."

    It would be most informative if the primary vector were explained more often (it hardly ever is), but I suspect that javascript has something to do with it if any attack is widespread. When will it sink in that running unvalidated code from untrusted sources is fundamentally dangerous? And when will web devs stop forcing us to do this unnecessarily in order to view their "wonderful creations"?

    Ironically, even the UK government's National Cyber Security Centre web site is entirely a javascript app. You can't even see the emergency contact phone number with scripting disabled.

  3. Pascal Monett Silver badge

    Russia invaded Ukraine in February

    We're in October, and the war is still going on.

    I think it is clear than the military might of Russia is not what it used to be.

  4. Dave Null

    I'd imagine once the Yttrium APTs are in your system, they plant and engineer a bunch of future vectors for follow up attacks.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like