{"id":7539,"date":"2021-06-04T20:25:03","date_gmt":"2021-06-05T03:25:03","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7539"},"modified":"2023-04-05T12:40:10","modified_gmt":"2023-04-05T19:40:10","slug":"fivehands-ransomware-attack-analysis-and-risk-based-approach-to-prevention","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/fivehands-ransomware-attack-analysis-and-risk-based-approach-to-prevention\/","title":{"rendered":"FiveHands Ransomware Analysis: Can a Risk-Based Approach Help Prevent Future Attacks?"},"content":{"rendered":"
\nDid you know FiveHands Ransomware is using the same tactics as the DarkSide group?<\/h2>\n<\/blockquote>\n
Early this year, threat actors exploited a vulnerability (CVE-2021-20016)<\/a> even before the vendor could publish it on the National Vulnerability Database (NVD) and attacked an organization and stole information. A new ransomware family, FiveHands, played a major role in the exploit.<\/p>\n
With attackers rapidly weaponizing vulnerabilities, organizations that depend on the NVD to manage their prioritization and patching cadence are likely to be adversely affected.<\/p><\/blockquote>\n
The FiveHands ransomware group used publicly available tools to unobtrusively penetrate weak points and access credentials. Researchers have found that the tactics employed by the group are similar to the methods used by the DarkSide group, namely, encrypting a target\u2019s data, stealing some of it, and threatening to leak the same online if the ransom is not paid.<\/p>\n
Vulnerability Analysis of CVE exploited by FiveHands Ransomware Group<\/h3>\n
It has been found that a security flaw in SonicWall Virtual Private Network (VPN) SMA100 served as the first attack vector. This allowed the attackers behind FiveHands to infiltrate internal systems by submitting a specially crafted query. The attack occurred within a few days of the CVE becoming publicly available in the NVD.<\/p>\n
<\/p>\n
A Timeline Analysis of CVE-2021-20016<\/em><\/span><\/p>\n