Watch a Hacker Install Ransomware

19 326
Published on 12 Sep 2019, 14:22
Cybercriminals are zeroing in on managed service providers, or MSPs, that handle computer systems for small businesses and local governments. This video shows a hacker installing ransomware on the computer of an MSP’s client. Read our story:

Some important context from our story:
Remote management tools used by MSPs are like “golden keys to immediately distribute ransomware,” said Kyle Hanslovan, CEO of cybersecurity firm Huntress Labs. “Just like how you’d want to push a patch at lightning speed, it turns out you can push out ransomware at lightning speed as well.”

The hacker also may spread the ransomware manually, infecting computers one at a time using software that normally allows MSP technicians to remotely view and click around on a client’s screen to resolve an IT problem, Hanslovan said. One Huntress client had the “record session” feature of this software automatically enabled. By watching those recordings following the attack, Huntress was able to view exactly how the hacker installed and tracked ransomware on the machines.

Sign up for ProPublica’s weekly newsletter:
Follow ProPublica on Twitter:
Follow ProPublica on Facebook:
11 hours – 253:54
Pinpoint Weather 12