CrazyHunter: The Rising Threat of Open-Source Ransomware

Description

A ransomware attack on Mackay Memorial Hospital in Taiwan highlights the growing use of publicly available offensive tools by threat actors. The CrazyHunter ransomware, built using the Prince Ransomware builder from GitHub, encrypted over 600 devices across two hospital branches. The attack, likely initiated via a USB device, employed various tools for defense evasion, encryption, and lateral movement. The threat actor used a vulnerable Zemana driver to disable security products, utilized the Prince Ransomware builder for file encryption, and leveraged SharpGPOAbuse for lateral movement. The incident demonstrates the increasing accessibility of cyber attack tools, enabling even less skilled actors to launch sophisticated attacks. This trend poses significant challenges for attribution and defense against ransomware threats.