SamSam_Ransomware  - SamSam Ransomware - Samsam Ransomware infected thousands of LabCorp systems via brute force RDP contained the attack within 50 minutes, says they’re at about 90-percent operational capacity

It’s all over the news. Steve Ragan at CSO has the best “executive summary”:

“LabCorp, one of the largest clinical labs in the U.S., said the attack that forced their offline was contained quickly and didn’t result in a data breach.

However, in the brief time between detection and mitigation, the ransomware was able to encrypt of systems and several hundred production servers.

The wider public first learned about the LabCorp incident on Monday, when the company disclosed it via an 8-K filing with the SEC. Since then, as recovery efforts continue, the company said they’re at about 90-percent operational capacity.

According to sources familiar with the investigation, the Samsam attack at LabCorp started at midnight on July 13.

The LabCorp SOC (Security Operation Center) immediately took action after that first system was encrypted, alerting IR teams and severing various links and connections.

These quick actions ultimately helped the company contain the spread of the infection and neutralize the attack within 50 minutes. However, before the attack was fully contained, 7,000 systems and 1,900 servers were impacted. Of those 1,900 servers, 350 were production servers.”

Below is a link to the whole story. Here are five things to do about this right away. Don’t let this happen to you.

Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here