Lynx ransomware has become a significant cybersecurity threat, utilizing compromised Remote Desktop Protocol credentials for network intrusions. The attackers execute sophisticated strategies, including extended reconnaissance phases to identify valuable targets. These intrusions commence with valid credentials obtained through various means such as infostealers or data breaches, eliminating the need for brute force attempts.
The methodology is alarming, with attackers spending days mapping infrastructure and establishing backdoors prior to deploying the ransomware. During attacks, critical backup infrastructures are destroyed before the ransomware is triggered, significantly hindering recovery efforts. The use of temporary file-sharing services for data exfiltration further exemplifies the threat’s evolution, leading to a double extortion dilemma for victims.
Overall, the attack timeline indicates approximately 178 hours from initial compromise to ransomware encryption, which is designed for maximum disruption. This calculated approach enhances the attackers’ chances of success by ensuring no recovery options remain for the affected organizations, thereby transforming Lynx into a highly effective extortion mechanism.
👉 Pročitaj original: Cyber Security News
