The REvil ransomware gang is back, a new botnet is discovered and Formbook malware rises.
Welcome to Cyber Security Today. It’s Monday September 13th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Bad news on the ransomware front: The REvil ransomware gang is definitely back. There was some uncertainty about that last week when after two months of silence the data leak and payment websites of the gang were re-activated. No new victims were listed at that point. However, on Saturday the Bleeping Computer news service reported the gang has published screenshots of stolen data of a new victim. Why the gang was away isn’t clear. Some security researchers suspected that REvil was worried about being tracked by police after news spread internationally of its attack on Kaseya during the summer. A post on a criminal website suggested the gang worried that one of its members had been arrested, so it turned its servers off. A more recent post claimed the gang just wanted a break. It doesn’t matter. No matter who the gang is IT and security leaders have to be ready for ransomware attacks.
A new botnet that launches huge denial of service attacks has been discovered. A Russian cybersecurity firm called Qrator and the Yandex search engine believe more than 200,000 compromised network devices such as routers, gateways and switches are involved. One of the victims was Yandex. Dubbed the Meris botnet, many of the compromised devices are manufactured by a Latvian company called MikroTik. MicroTik says many of the devices were compromised in 2018 when its RouterOS operating system had a vulnerability. That vulnerability was quickly patched. But MikroTik says device operators have to change their passwords as well as apply the patch. On the other hand the Qrator/Yandex report says many of the compromised devices have newer versions of the MikroTik operating system.
A denial of service attack is like someone pounding on a company’s front door, except the front door is a website. Crooks launch denial of service attacks on victim companies to make their websites unavailable, then demand payment to stop. Huge attacks by this botnet have been launched…