Cephalus, a newly recognized ransomware group, targets organizations worldwide by exploiting weaknesses in Remote Desktop Protocol (RDP) access. Utilizing stolen RDP credentials, the group executes sophisticated attacks that involve breaching networks, exfiltrating sensitive data, and deploying ransomware designed for specific victims. Their business model is focused on financial gain, opting for credential-based attacks on organizations lacking multi-factor authentication (MFA).
The ransomware, which is developed in Go, boasts advanced evasion techniques, such as disabling security protections and employing a complex encryption architecture that combines AES and RSA cryptography. Cephalus further increases pressure on victims by showcasing stolen data in ransom notes, which significantly enhances compliance with their demands. To mitigate risks, organizations are urged to enforce MFA on RDP access, maintain strong credential hygiene, and ensure they have reliable backups isolated from production networks.
👉 Pročitaj original: Cyber Security News
