<\/a><\/figure>\n\n\n\n<\/gwmw><\/gwmw>The attackers used several tools, including the Tor network for reconnaissance and initial access, virtual private networks (VPNs) for lateral movement and data exfiltration, and virtual private server (VPS) endpoints for other aspects of the operation.<\/p>\n\n\n\n
Unit 42 researchers states that attackers did not encrypt the data before ransom, but rather they exfiltrated the data and threatened to leak it in a ransom note dropped in the compromised cloud storage container.<\/gwmw><\/p>\n\n\n\n