S-RM

S-RM encountered a sophisticated ransomware attack initiated by the Akira group, involving the exploitation of IoT devices, specifically an insecure webcam, to bypass EDR tools and encrypt files on the network. This innovative tactic allowed the attackers to overcome security measures and establish persistent access through AnyDesk.exe and lateral movement via RDP. The incident required a response team to address the breach and implement new security strategies. The data exfiltration and encryption caused considerable disruption to the company's operations, likely affecting its finances and reputation due to the sophisticated nature of the attack.

Source: https://cybersecuritynews.com/akira-attacking-windows-server-via-rdp-evades-edr/

"id": "s-r226031025",
"linkid": "s-rm",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"