When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Cybercriminals are targeting hybrid cloud platforms with a worrying newransomwarestrain,Microsoftsecurity researchers have revealed.
When it attacks, Storm-0501 looks for poorly protected, over-privileged accounts.
The next step is to establish persistence and allow unabated lateral movement throughout the infrastructure.
The final step is the introduction of ransomware.
However, in some of the more recent attacks, the group used a ransomware variant called Embargo.
Embargo is a relatively new strain, developed in Rust.
In the cases Microsoft analyzed, Storm-0501 leveraged compromised Domain Admin accounts and deployed Embargo via scheduled tasks.
The ransomware binaries names that were used were PostalScanImporter.exe and win.exe.
The extensions of the encrypted files were .partial, .564ba1, and .embargo.
