Tag Archive for: 26th

The Week in Ransomware – March 26th 2021

/in


Ransomware

Ransomware attacks against the enterprise continue in the form of Accellion data leaks, full-fledged ransomware attacks, and more ransomware gangs targeting Microsoft Exchange.

Early in the week, it was discovered that a threat actor was deploying the Black Kingdom Ransomware on Microsoft Exchange servers. By the end of the week, Microsoft estimates that approximately 1,500 exchange servers were targeted in this group’s attack.

The Clop ransomware gang has continued to leak data stolen in Accellion attacks, with this week’s victims being energy giant Shell, the University of Miami, and the University of Colorado.

We also saw an increase in standard encrypting ransomware attacks targeting enterprise victims, such as Sierra Wireless, Stratus, and insurance giant CNA.

On a different note, Danny Palmer wrote an interesting piece on how a company handled a recent ransomware attack and did not pay the ransom. 

Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @Ionut_Ilascu, @demonslay335, @jorntvdw, @PolarToffee, @malwrhunterteam, @FourOctets, @struppigel, @LawrenceAbrams, @malwareforme, @Seifreed, @DanielGallagher, @serghei, @VK_Intel, @fwosar, @CrowdStrike, @BrettCallow, @MalwareTechBlog, @MsftSecIntel, @fbgwls245, @siri_urz, @Amigo_A_, @dannyjpalmer, @campuscodi, @ValeryMarchive, and @alexscroxton.

March 21st 2021

New Pay2Decrypt variant

S!Ri found a new Pay2Decrypt variant that appends the .aes extension.

March 22nd 2021

Microsoft Exchange servers now targeted by Black Kingdom ransomware

Another ransomware operation known as ‘Black Kingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.

Energy giant Shell discloses data breach after Accellion hack

Energy giant Shell has disclosed a data breach after attackers compromised the company’s secure file-sharing system powered by Accellion’s File Transfer Appliance (FTA).

New Dharma ransomware variant

Jakub Kroustek found a new Dharma ransomware variant that appends the .bqd2 extension.

March 23rd 2021

Ransomware attack shuts down Sierra Wireless IoT maker

Sierra Wireless, a world-leading IoT (Internet of Things) solutions…

Source…

The Week in Ransomware – February 26th 2021

/in


Ransomware

The number of attacks had slowed down after the winter holidays, but after the past two weeks, it’s evident that the ransomware attacks are back at full speed.

Over the past two weeks, we had some significant attacks, including attacks on Discount Car and Truck Rentals, an alleged attack on Kia Motors/Hyundai, UL, TietoEVRY, Ecuador’s Ministry of Finance, and its largest bank, Banco Pichincha.

A recent ransomware attack at Automatic Funds Transfer Services (AFTS) also led to a series of data breach notifications from US cities that used them as a payment processor.

Finally, Mandiant reported that recent Accellion FTA breaches had been conducted by hackers affiliated with the Clop ransomware operation.

In a win for law enforcement, an operation between the USA, France, and Ukraine has led to numerous Egregor members’ arrests, practically shutting down the ransomware operation.

On the technical side, we learned that Ryuk now has worm-like functionality allowing it to spread to other Windows devices.

Contributors and those who provided new ransomware information and stories this week include: @jorntvdw, @PolarToffee, @DanielGallagher, @LawrenceAbrams, @demonslay335, @VK_Intel, @BleepinComputer, @Ionut_Ilascu, @malwareforme, @fwosar, @Seifreed, @struppigel, @serghei, @malwrhunterteam, @FourOctets, @chum1ng0, @cyb5r3Gene, @Mandiant, @CISecurity, @JakubKroustek, @coveware, @fbgwls245, @c3rb3ru5d3d53c, @Amigo_A_, @petrovic082, @siri_urz, and @1ZRR4H.

February 13th 2021

CD Projekt’s stolen source code allegedly sold by ransomware gang

A ransomware gang who says they stole unencrypted source code for the company’s most popular games and then encrypted CD Projekt’s servers claims to have sold the data.

Leading Canadian rental car company hit by DarkSide ransomware

Canadian Discount Car and Truck Rentals has been hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data.

Tortoise ransomware decryptor released

Cerberus released a decryptor for the Tortoise Ransomware.

February 14th 2021

Egregor ransomware affiliates arrested by Ukrainian, French police

A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests…

Source…

This Week In Techdirt History: September 20th – 26th

/in

Five Years Ago

This week in 2015, a major scandal began when Volkswagen was accused of using software to cheat emissions tests. The White House was backing away from attacks on encryption, and it turned out that the FBI, CIA and much of the military were not doing basic email encryption — but in India things were going in the opposite direction. The monkey selfie saga began a new chapter with PETA filing a lawsuit on behalf of the monkey, and then an even bigger copyright bombshell hit when a judge ruled that Warner Chappell doesn’t hold the copyright on happy birthday. Plus the world got a new famous villain with a sudden hike in drug prices introducing everyone to a man named Martin Shkreli.

Ten Years Ago

This week in 2010, Intel was threatening to break out the DMCA anti-circumvention lawsuits against anyone using the recently-leaked HDCP master key, state AGs were turning their attention to Backpage (which was gearing up to fight back), and movie studios were freaking out about fan pages. The MPAA was apparently fishing for censorship tools in ACTA by talking about Wikileaks, while the Senate was offering them a gift with a new bill that would enable global censorship of “pirate sites” (with a special loophole allowing the DOJ to avoid due process. And we saw a variety of interesting developments in various lawsuits: one judge was entertaining the notion of implied licenses in a Righthaven lawsuit while another was shutting down US Copyright Group subpoenas, a UK judge was similarly not impressed by copyright pre-settlement campaigns, and a judge in Spain smartly ruled that Google is not liable for user uploads.

Fifteen Years Ago

This week in 2005, there was a mess of internet jurisdiction cases in Canada with one ruling being overturned on appeal while another court muddied the waters with a ruling based on the overturned ruling. Hollywood was pouring money into an ill-fated attempt to build better DRM technology, which could be described as them calling their own bluff. Following the Supreme Court’s decision in their case, Grokster was scrambling to sell to a “legit” company, as were several other file-sharing software providers. And one judge in a RIAA lawsuit thankfully recognized that parents aren’t liable for their kids downloading music.

Techdirt.

This Week In Techdirt History: July 26th – August 1st

/in

Five Years Ago

This week in 2014, we saw a judge slam a sheriff for an attack on Backpage that raised serious first amendment questions, and a student succeed after an eight-year legal battle against a university over being expelled for speech. On the other side of the free speech coin, we saw the cops shut down a hologram concert because they didn’t like a rapper’s lyrics, James Woods sue a random Twitter user for $ 10-million, and of course Donald Trump continue his lawsuit against Univision (and that post contains our first mention of a certain lawyer, with the now-entertaining phrasing of “apparently, it’s some guy named Michael Cohen, who isn’t just out of his depth on stuff, but he appears to be actively making things worse.”)

We also saw a huge bombshell in the lawsuit over the copyright status of Happy Birthday, with new evidence showing the song is in the public domain that Warner Music quickly tried to muddy the waters around.

Ten Years Ago

This week in 2010, we wondered why the press was still blindly believing entertainment industry “studies”, and how there were new copyrights being claimed on work by an artist who died 70 years ago. Copyright was interfering with technology both old-old and new-old, disrupting the preservation of decaying player piano rolls as well as obsolete video games. And the new round of DMCA anti-circumvention exemptions surprised everyone by including phone jailbreaking, though it left out plenty of good suggestions too.

Fifteen Years Ago

This week in 2005, the anti-open-WiFi brigade was stirring up FUD about cantennas and the press was taking the bait. ISP Telus learned all about the Streisand Effect by blocking its customers from reaching websites supporting its employees in their union battle against the company, while offering weak excuses, and we were not exactly shocked to learn that Qualcomm founder Irwin Jacobs doesn’t like muni-WiFi. Canada put the final nail in the idea of an iPod tax, one UK court showed it wasn’t fooled by ridiculous claims of losses to software piracy, and yet another study showed that file sharers are the music industry’s best customers.

Techdirt.