Research company Censys shared information on a potential ransomware command and control center with one of the network’s hosts possibly located in Ohio.
The research shows two Russian-based hosts that included a combination of Acunetix, a vulnerability tester, and DeimocC2, a command and control tool that can be used on compromised devices after they are exploited.
The ransomware variant, MedusaLocker, which CSA issued an alert for earlier this month, has also been connected to the host through research of historical data. The Ohio host was running the DeimosC2 tool as recently as July 6 and additional software found indicated it may serve as a proxy in the network.
The research from Censys appears to have uncovered an ongoing ransomware campaign that may be tied to MedusaLocker or a variant of MedusaLocker.
Findings from the network do not indicate that the hosts have attacked anyone yet, but the host is “definitely capable of it,” according to Censys director of federal applications.
MedusaLocker has targeted Remote Desktop Protocol Vulnerabilities to launch ransomware attacks and has hit the public healthcare industry with attacks, among others.
With dangerous ransomware so close to home, it’s important to have a clear understanding of your network’s potential vulnerabilities that allow you to stay ahead of threats. Contact us to get a complete picture of your network with a SecuLore™ CyberBenchmark.
Stay up to date on cyber attacks in your area with our cyber attack archive.
Our cyber experts provide tips and techniques for responding to and recovering from ransomware attacks. Watch our webinar on ransomware prevention and response for free today.