Security News in Review: Ryuk Ransomware Develops Self-Replication Capabilities


News in Review 2021-03-06

In this week’s edition of our roundup of the cybersecurity news, you’ll find reporting on a new trend of ransomware gangs turning to virtual machines, several high-severity vulnerabilities in the Linux kernel being resolved, and some new capabilities in the Ryuk ransomware. 

Read on for the latest Security News in Review, and let us know if we missed anything. 

Ransomware hackers turn to virtual machine software to boost extortion schemes — Ransomware gangs have started to evolve their attack strategies from directly being written for Microsoft Windows machines to targeting the hypervisor that manages virtual machines. This is shown by some recent code designed to affect ESXi, a hypervisor software, with the goal being to infect the hypervisor and propagate their code to virtual machines. 

Ryuk ransomware develops worm-like capabilities, France warns — According to an analysis from the French National Agency for the Security of Information Systems, the Ryuk ransomware has developed worm-like self-replicating capabilities. From a functional perspective, this means that the ransomware can propagate without human interaction. The addition of new capabilities to Ryuk will be of special interest to the healthcare sector, where Ryuk was responsible for 75% of attacks. 

2021-consumer-healthcare-cybersecurity-threat-index

High severity Linux network security holes found, fixed — A set of five critical vulnerabilities in the Linux kernel’s virtual socket implementation were found and fixed recently. The vulnerabilities exist when Linux’s virtual socket multi-transport support is added, which is typically used to facilitate communication between virtual machines and their host. 

Microsoft Releases Out-of-Band Security Patches for Exchange Server — Microsoft released several out-of-band patches for multiple zero-day flaws that are actively being exploited in the wild. Organizations running Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 products should apply these patches right away. The patches relate to the on-premises versions of Exchange Server, and not to Exchange Online. 

Google Chrome update fixes another worrying security flaw — Google released Chrome version 89 recently to patch a…

Source…