Some major companies are being targeted by this dangerous new cybercrime campaign

Poor cybersecurity hygiene, including exposed environment variable files, long-lived credentials and the absence of least-privilege architecture, has led to multiple organizations being targeted by ransomware attacks, experts have warned.

A report from cybersecurity researchers at Unit 42 described how they observed the cloud operations of a successful extortion campaign that leveraged exposed environment variable (.ENV) files containing sensitive data such as login credentials.