This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies By closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Home » “Ghost” account credentials facilitate ransomware attacks
The Sophos Rapid Response team published findings from its investigations into recent ransomware attacks that reveal a failure to keep close tabs on “ghost” account credentials of recently deceased employees can give cybercriminals a discreet foothold to launch an attack.
In one of the attacks analyzed, Nefilim ransomware (also known as Nemty) targeted an organization with a combination of data theft and encryption, impacting more than 100 systems. The Sophos Rapid Response team traced this attack back to an initial intrusion about four weeks earlier using a compromised admin account with high level access. This account belonged to an employee who had sadly passed away around three months prior, which allowed the cybercriminals to quietly steal the credentials, move through the network, and exfiltrate hundreds of GB of data, before unleashing the ransomware.