At least one ransomware threat actor has begun to use the recently disclosed PetitPotam NTLM relay attack method to gain control of the Windows domain on a variety of networks around the world.
The attacks appear to be the work of a new ransomware gang dubbed LockFile, which was first observed in July and bears some resemblance to other ransomware groups.
LockFile attacks have been reported mostly in the United States and Asia, with victims in the financial services, manufacturing, engineering, legal, business services, travel, and tourist industries.
To Read More: BleepingComputer