Ryuk in 5 Hours
The Ryuk threat actors went from a phishing email to domain wide ransomware in 5 hours. They escalated privileges using Zerologon (CVE-2020-1472), less than 2 hours after the initial phish. They used tools such as Cobalt Strike, AdFind, WMI, and PowerShell to accomplish their objective.
DISCLAIMER: The solutions presented on this page are the property of ACME LABS Sp. z o.o. and are subject to legal protection in Poland and abroad, on the basis of intellectual and industrial property rights.