Spirals ransomware encrypts corporate networks rapidly
🛡️Researchers report a June intrusion where the new Spirals ransomware actor moved from initial access to data theft and encryption in under 24 hours. After compromising a publicly exposed IIS server and uploading an ASP.NET web shell, the attacker bypassed UAC, enabled RDP, created local accounts, and harvested credentials. They disabled security and backup services, used multiple lateral movement and remote-access tools, and deployed a Rust-based payload named bitsadmin.exe to encrypt files and drop a ransom note.
