{"id":46375,"date":"2022-04-26T10:36:00","date_gmt":"2022-04-26T10:36:00","guid":{"rendered":"http:\/\/54b1a834-8fc0-4359-a80b-ea111ce24f65"},"modified":"2022-04-26T10:36:00","modified_gmt":"2022-04-26T10:36:00","slug":"inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/","title":{"rendered":"Inside a ransomware incident: How a single mistake left a door open for attackers"},"content":{"rendered":"<div class=\"share-bar-wrapper\">\n<div class=\"full-byline\">\n<div class=\"author-avatars\"> <a rel=\"author\" class=\"thumb author-modal-open\" data-component=\"authorModal\" data-author-modal-options=\"{&quot;selector&quot;:&quot;danny-palmer-modal&quot;,&quot;hoverSelector&quot;:&quot;.full-byline&quot;}\" href=\"https:\/\/www.zdnet.com\/meet-the-team\/uk\/dannypalmerzdnet\/\"> <span class=\"img \"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\" class alt=\"Danny Palmer\" height=\"50\" width=\"50\"><\/span> <\/a> <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<p>A security vulnerability that was left unpatched for three years allowed a notorious cyber-criminal gang to breach a network and plant ransomware.&nbsp;<\/p>\n<p>The BlackCat <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web\/\" target=\"_blank\" rel=\"noopener\">ransomware attack<\/a>&nbsp;against the undisclosed organisation took place in March 2022 and has been <a href=\"https:\/\/www.forescout.com\/blog\/alphv-breaking-down-the-complexity-of-the-most-sophisticated-ransomware\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">detailed by cybersecurity researchers at Forescout<\/a> who investigated the incident.&nbsp;<\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/blackcat-ransomware-targeting-us-european-retail-construction-and-transportation-orgs\/\" target=\"_blank\" rel=\"noopener\">BlackCat ransomware<\/a> \u2013 also known as ALPHV \u2013 is becoming one of the most active ransomware groups currently, to the extent that <a href=\"https:\/\/www.zdnet.com\/article\/fbi-this-ransomware-written-in-the-rust-programming-language-has-hit-at-least-60-targets\/\" target=\"_blank\" rel=\"noopener\">the FBI has released an alert<\/a> about it, warning how the group has compromised at least 60 victims around the world.&nbsp;<\/p>\n<p><strong><strong>SEE:&nbsp;<\/strong><a href=\"https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/#link=%7B%22linkText%22:%22Cybersecurity:%20Let's%20get%20tactical%20(ZDNet%20special%20report)%22,%22target%22:%22_blank%22,%22href%22:%22https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/%22,%22role%22:%22standard%22,%22absolute%22:%22%22%7D%23link=%7B%22role%22:%22standard%22,%22href%22:%22https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/%23link=%7B%22linkText%22:%22Cybersecurity:%20Let's%20get%20tactical%20(ZDNet%20special%20report)%22,%22target%22:%22_blank%22,%22href%22:%22https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/%22,%22role%22:%22standard%22,%22absolute%22:%22%22%7D%22,%22target%22:%22%22,%22absolute%22:%22%22,%22linkText%22:%22%3Cstrong%3ECybersecurity:%20Let's%20get%20tactical%20(ZDNet%20special%20report%3C\/strong%3E%22%7D\"><strong>Cybersecurity: Let&#8217;s get tactical<\/strong><\/a><strong>&nbsp;(ZDNet special report)<\/strong><\/strong><\/p>\n<p>While BlackCat has a reputation for running a sophisticated ransomware operation, it was a simple technique that allowed malicious cyber criminals to gain initial access to the network \u2013 exploiting an SQL injection vulnerability in an internet-exposed unpatched and end-of-life SonicWall SRA appliance.&nbsp;<\/p>\n<p>A security patch has been available to fix the vulnerability since 2019, but it hadn&#8217;t been applied in this case, providing cyber criminals with an <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-cyber-criminals-are-still-exploiting-years-old-vulnerabilities-to-launch-attacks\/\" target=\"_blank\" rel=\"noopener\">easy entry point into the network<\/a>. &nbsp;<\/p>\n<p>From there, the attackers were able to gain access to usernames and passwords, using them to gain access to ESXi servers, where the ransomware payload was ultimately deployed. &nbsp;<\/p>\n<p>BlackCat deploys several techniques not used by other ransomware groups designed to make attacks successful. For starters, the ransomware is written in the Rust programming language, which is unusual for <a href=\"https:\/\/www.zdnet.com\/article\/what-is-malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software\/\" target=\"_blank\" rel=\"noopener\">malware<\/a> and makes it more difficult to detect and examine.&nbsp;<\/p>\n<p>The ransomware also uses a unique binary for each victim, based around information found in the target environment. The unique binary makes it more difficult to identify attacks as the code used in each campaign will be slightly different. &nbsp;<\/p>\n<p>&#8220;A unique binary that is not general for each victim makes the detection harder,&#8221; Daniel dos Santos, head of security research at Forescout, told ZDNet. &nbsp;<\/p>\n<p>In the case of the March 2022 incident, the attack was partially successful. BlackCat ransomware successfully encrypted servers and files, but the attack wasn&#8217;t able to spread to other parts of the network because it had been segmented. While the attackers could control one area of the network, they couldn&#8217;t move into other sections.&nbsp;<\/p>\n<p>&#8220;The segmentation was actually well done in this case and that&#8217;s why it was contained,&#8221; said dos Santos, who added that this attack using BlackCat <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-as-a-service-is-the-new-big-problem-for-business\/\" target=\"_blank\" rel=\"noopener\">ransomware-as-a-service<\/a> appeared to have been carried out by a cyber criminal who was still learning how to conduct attacks properly.&nbsp;<\/p>\n<p>&#8220;The impression we got is that the affiliate that was running the actual malware wasn&#8217;t very experienced&#8221;.&nbsp;<\/p>\n<p><strong>SEE: <\/strong><a href=\"https:\/\/www.zdnet.com\/article\/google-were-spotting-more-zero-day-bugs-than-ever-but-hackers-still-have-it-too-easy\/#link=%7B%22linkText%22:%22Google:%20We're%20spotting%20more%20zero-day%20bugs%20than%20ever.%20But%20hackers%20still%20have%20it%20too%20easy%22,%22target%22:%22_blank%22,%22href%22:%22https:\/\/www.zdnet.com\/article\/google-were-spotting-more-zero-day-bugs-than-ever-but-hackers-still-have-it-too-easy\/%22,%22role%22:%22standard%22,%22absolute%22:%22%22%7D\"><strong>Google: We&#8217;re spotting more zero-day bugs than ever. But hackers still have it too easy<\/strong><\/a><\/p>\n<p>However, despite the inexperience of the attacker, some servers were still infected with malware. While no ransom was paid, and the network segmentation reduced the impact of the attack, the whole incident could have been avoided if some basic cybersecurity hygiene advice had been followed.&nbsp;<\/p>\n<p>Those steps would have included&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/this-one-change-could-protect-your-systems-from-attack-so-why-dont-more-companies-do-it\/\" target=\"_blank\" rel=\"noopener\">applying the relevant security updates<\/a> to fix a vulnerability that was first disclosed in 2019.&nbsp;<\/p>\n<p>&#8220;The biggest lesson here is patch the network infrastructure \u2013 whatever is facing the internet, it&#8217;s always important for it to be fully patched,&#8221; said dos Santos.&nbsp;<\/p>\n<p>It&#8217;s also recommended that organisations <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-even-when-the-attackers-are-in-your-network-its-not-too-late-to-fight-back\/\" target=\"_blank\" rel=\"noopener\">monitor their networks<\/a> for external access from known IP addresses or unusual patterns of behavior. In addition, businesses should&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/best-backup-software\/\" target=\"_blank\" rel=\"noopener\">backup their servers regularly<\/a>. Then, if something happens, the network can be restored to a recent point without needing to pay a ransom.&nbsp;<\/p>\n<h3><strong>MORE ON CYBERSECURITY<\/strong><\/h3>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>There are many things you can do to protect yourself against cyberattacks &#8211; but if you still don&#8217;t do the basics, then it&#8217;s easy pickings for cyber criminals.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-46375","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Inside a ransomware incident: How a single mistake left a door open for attackers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Inside a ransomware incident: How a single mistake left a door open for attackers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-26T10:36:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Inside a ransomware incident: How a single mistake left a door open for attackers\",\"datePublished\":\"2022-04-26T10:36:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/\"},\"wordCount\":617,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/d31db2eb85c51031247ce810263a83caae1ca2c5\\\/2020\\\/02\\\/06\\\/6f24b751-729c-4ed9-9fae-979667f1d3b3\\\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/\",\"name\":\"Inside a ransomware incident: How a single mistake left a door open for attackers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/d31db2eb85c51031247ce810263a83caae1ca2c5\\\/2020\\\/02\\\/06\\\/6f24b751-729c-4ed9-9fae-979667f1d3b3\\\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2022-04-26T10:36:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/d31db2eb85c51031247ce810263a83caae1ca2c5\\\/2020\\\/02\\\/06\\\/6f24b751-729c-4ed9-9fae-979667f1d3b3\\\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/d31db2eb85c51031247ce810263a83caae1ca2c5\\\/2020\\\/02\\\/06\\\/6f24b751-729c-4ed9-9fae-979667f1d3b3\\\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Inside a ransomware incident: How a single mistake left a door open for attackers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Inside a ransomware incident: How a single mistake left a door open for attackers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/","og_locale":"en_US","og_type":"article","og_title":"Inside a ransomware incident: How a single mistake left a door open for attackers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-04-26T10:36:00+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Inside a ransomware incident: How a single mistake left a door open for attackers","datePublished":"2022-04-26T10:36:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/"},"wordCount":617,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/","url":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/","name":"Inside a ransomware incident: How a single mistake left a door open for attackers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","datePublished":"2022-04-26T10:36:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Inside a ransomware incident: How a single mistake left a door open for attackers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46375"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46375\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}