Ransomware via employee ghost accounts
Sophos Rapid Response Team reports two attacks by the Nefilim ransomware, in which the accounts of retired employees were used for attacks. Sophos is releasing new insights into attacks investigated by its Rapid Response Team. The article “Nefilim Ransomware Attack Uses 'Ghost' Credentials” describes how unsupervised ghost accounts enabled two cyberattacks, one of which affected the Nefilim ransomware. Four weeks unnoticed in the system Nefilim, also known as Nemty ransomware, combines data theft with encryption. The target attacked by Nefilim had more than 100 systems affected. Sophos experts were able to identify the original attack...