Don’t know, and at the end of the day don’t care! Tend to think it was thru something stuffed into a file that was compressed or set in as part of some sort of log evidence, WAS, LOW or whatever and when expanded out to view or process it had an executable code with bit locker or something stupid like that to encrypt all their files, least that’s how I would have done it. That way you can sell the victim the key. But also know that many networks have been brought down by sending links that appear legitimate and the user clicks on it and if they have administrative privileges, or you send them some stupid animated file and if they are using a common windows application to open it the same thing can happen. Now is the time to review your security settings on your browser and email app and maybe turn a lot of that automatic junk off. You don’t need the stupid towers with the flashing lights or lightning bolts anyway. It’s always the human link that’s the weakest. Think I remember reading in the Ultra Secret or some book about enigma that before Bletchley broke the system many enigma cyphers were decoded by just setting the machine to “ABC” and that decoded lots. People are always the weakest link. Back in the early nineties when I had my first NT server, I stupidly did not set an administrator password and just kept the default “password” and later found that it had been hacked and was being used as a reggae FTP music serve, discovered that because it was accounting for a huge amount of traffic on and off campus. That was me being stupid.  I learned my lesson way back then. Deleted all their crap but later regrated doing that and wish I had swapped out all that reggae junk and replaced it with Merle Haggard tracks.

Think I should get extra points for tying something on the internet today to something involving WW2 radio!

 

Ray F/KA3EKH