Not So Itsy Bitsy Spider

Challenge:

Recent reporting indicates that a prominent ransomware operator, known as WIZARD SPIDER, was able to deploy Ryuk ransomware in an environment within 5 hours of compromise.

What recent, critical vulnerability was exploited in this environment to gain elevated privileges?

The flag will be in the following format: CVE-XXXX-XXXX

Solution:

Performing a Google search for WIZARD SPIDER Ryuk ransomware deployed in 5 hours returned a result for a ThreatPost article titled, Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack that describes how “…Ryuk threat actors have struck again, moving from sending a phishing email to complete encryption across the victim’s network in just five hours” The article goes on to detail why the threat actors were able to move so quickly, “…[the] breakneck speed is partially the result of the gang using the Zerologon privilege-escalation bug (CVE-2020-1472)”

The accepted flag was, CVE-2020-1472

Published:

Updated:

Leave a comment