CATO Networks

MAY 15, 2017

But what makes the attack so unusually virulent is how it exploits a vulnerability in the Windows SMB protocol. SMB is used by Windows machines for sharing files and the ransomware uses SMB to spread to other vulnerable devices on a network. Once installed, the ransomware encrypts the files on the machine.

SMB 52

SMB Cloud Server Firewall 52

CATO Networks

JUNE 29, 2017

Like WannaCry, NotPetya leverages the SMB protocol to move laterally across the network, an EternalBlue exploit attributed to the National Security Agency (NSA) and leaked by the Shadow Brokers hacking group last April. The machine is then forced to reboot, encrypting the files and locking the computer. A total of 3.8

SMB 52

SMB Cloud Encryption Email 52

CATO Networks

DECEMBER 16, 2024

Executive Summary Modern ransomware attacks have evolved beyond simple encryption to deploy sophisticated double extortion tactics. Threat actors now systematically exfiltrate sensitive data before encrypting systems, ensuring leverage even when victims have robust data backups.

SMB 40

SMB IP Address SASE Protocol 40

CATO Networks

MARCH 20, 2017

Windows SMBv3 Denial of Service Zero-Day One issue that was not covered widely in the news is a zero-day attack discovered in Microsoft Windows SMBv3, the popular enterprise protocol for file and printer sharing. The POC was able to generate the so called Blue Screen of Death on Windows clients that connects into a compromised SMB server.

SMB 52

SMB Server Access Point JavaScript 52

CATO Networks

FEBRUARY 16, 2023

Double Extortion: Double extortion ransomware both steals and encrypts sensitive and valuable data on an infected system. Cybercriminals can use these credentials with the remote desktop protocol (RDP) or virtual private networks (VPNs) to access and deploy malware on systems.

SASE 52

SASE Encryption SMB Email 52