The Federal Bureau of Investigation issued a flash alert on May 20, 2021 detailing the impact of Conti Ransomware Attack on Healthcare networks. The alert stated that at least 16 healthcare and first responder networks had been exploited in the attacks. For additional details, see the flash alert here. Per the alert, threat actors can gain access to a targeted network in a variety of manners. Those include malicious email links, attachments, and stolen Remote Desktop Protocol credentials, as well as weaponized Word documents embedded with PowerShell scripts.
The AgileBlue SOC-as-a-Service has a wide-ranging ruleset that includes Indicators of Attack for that will alert users to a potential Conti Ransomware threat, including rules related to RDP access and a variety of indicators related to PowerShell scripts. Ready to protect your company? Contact us.