Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising
18-May-24
A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP.
WinSCP and Putty are popular Windows utilities, with WinSCP being an SFTP client and FTP client and Putty an SSH client.
System administrators commonly have higher privileges on a Windows network, making them valuable targets for threat actors who want to quickly spread through a network, steal data, and gain access to a network’s domain controller to deploy ransomware.
