REvil ransomware hits 200 companies in MSP supply-chain attack

by jnichols35on 7/2/2021, 8:49:41 PM with 2 comments
  • by afrcncon 7/2/2021, 9:32:54 PM

    dupe: https://news.ycombinator.com/item?id=27716383

  • by steffanAon 7/2/2021, 10:02:27 PM

    Good tech details here about the attack.

    Also interesting "politically charged" Windows Registry keys and password changes:

    "For example, a sample [VirusTotal] installed by BleepingComputer adds the HKLM\SOFTWARE\Wow6432Node\BlackLivesMatter key to store configuration information from the attack.

    Advanced Intel's Vitali Kremez told BleepingComputer that another sample is configuring the device to launch REvil Safe Mode with a default password of 'DTrump4ever.'"