The cyber extortionists exploit a known vulnerability in a Windows graphics driver. They then manipulate drivers of anti-virus software. This way, the BlackByte group can access systems of its victims undisturbed.
A security function blocks third-party printer cartridges. HP is retrofitting the function to some printers via a firmware update. So far, only customers in Belgium, Italy, Spain and Portugal are receiving compensation.
Groups LockBit, Hive and BlackCat compromised the network within about two weeks. Apparently, they each use the same hacked RDP connection. Only after the third attack the company approached Sophos for help.
Unknown persons penetrate the company's network. Beforehand, they hacked the Google account of a Cisco employee and obtained VPN access data. The ransomware group Yanluowang claims responsibility for the attack.