Tag Archive for: FileSharing

Extortion spree feared after breach of file-sharing software

/in


NEW YORK CITY – Cybersecurity experts are bracing for a potential wave of extortion demands after a vulnerability was discovered in encrypted file-sharing software, a flaw that hackers have already used to target a string of high-profile victims, including British Airways and the BBC.

Several companies and a Canadian province said on Monday that they were dealing with breaches related to the secure file transfer product MOVEit from Progress Software Corp, according to statements from several of the affected entities. The vulnerability allowed hackers to steal files that companies had uploaded to MOVEit, according to Progress.

The flaw had prompted security alerts in recent days from the United States Department of Homeland Security, the United Kingdom National Cyber Security Centre, Microsoft Corp and Mandiant, a subsidiary of Alphabet’s Google Cloud. 

Progress released a patch for the software last week.

“When we discovered the vulnerability, we promptly launched an investigation, alerted MOVEit customers about the issue and provided immediate mitigation steps,” its spokesman John Eddy said in a statement.

Microsoft said the hackers responsible for the attacks on MOVEit servers also run the Clop extortion website. Clop is the name of a ransomware variant that has been deployed against companies and organisations around the world, and it also sometimes refers to the hacking gang that uses it.

Hackers affiliated with the group also steal data and threaten to publish it on its website if a ransom is not paid. 

The group has primarily targeted the health care and financial sectors and has existed since February 2019, according to Trend Micro. The same attackers were responsible for previous hacks of two other secure file transfer products developed by Accellion and Fortra, said Mr Allan Liska, senior intelligence analyst at cyber security firm Recorded Future. 

Publicly available data sources show there are thousands of vulnerable MOVEit servers that could have been affected by the software flaw, Mr Liska said. The criminal hackers are expected to begin contacting companies and demanding payment in cryptocurrency in exchange for not uploading the company’s…

Source…

CheckMate ransomware targets popular file-sharing protocol

/in


The CheckMate ransomware operators have been targeting the Server Message Block (SMB) communication protocol used for file sharing to compromise their victims’ networks.

Unlike most ransom campaigns, CheckMate, discovered in 2022, has been quiet throughout its operations. To the best of our knowledge, it doesn’t operate a data leak site.

That’s quite unusual for a ransomware campaign since many prominent gangs brag about big targets and post them as victims on their data leak sites. They do this to raise the pressure for a victim to pay the ransom.

Cybernews research has recently detected new CheckMate activity. It turns out the gang has been actively targeting weakly-protected SMB shares.

After gaining access to SMB shares, threat actors encrypt all files and leave a ransom note demanding payment in exchange for the decryption key.

Gang linked to Russia

The ransomware gang is known to be operating Kupidon, Mars, and CheckMate ransomware. All three types of malicious programs were discovered in 2021-22 and are believed to be of Russian origin.

According to Cybernews researchers, the impact of ransomware can be significant and wide-ranging. Risks to victims include:

  • Financial loss
  • Data loss
  • Disruption of business operations
  • Reputation damage
  • Spread of malware
  • Legal and regulatory consequences

While we don’t have enough information on the average ransom amount the gang demands from its victims, some publicly shared ransom notes indicate the group might be relatively modest. Typical amounts demanded are around $15,000 for the decryptor.

That’s a relatively small demand by usual standards. According to the recent report by the cybersecurity firm Coveware, average ransom payments during the last quarter of 2022 were over $400,000.

The Cybernews investigation identified crypto wallet addresses associated with the CheckMate operators and found thousands of incoming transactions in the first quarter of 2023. However, we can’t say with certainty that those transactions came from CheckMate’s victims.

CheckMate transactions

Last year, QNAP, a network-attached storage (NAS) vendor, warned customers about the CheckMate ransomware activity going after internet-exposed SMB…

Source…

Lenovo fixes hard-coded password in file-sharing utility

/in

Lenovo has patched several software flaws in a file-sharing utility, which could allow attackers to browse and make copies of files.

The flaws were found by Core Security, which described in an advisory a lengthy back and forth dialog with Lenovo starting in late October over the problems.

The affected application is SHAREit, which is designed to let people share files from Windows computers or Android devices over a local LAN or through a Wi-Fi hotspot that’s created.

SHAREit is preloaded on Lenovo devices, including its ThinkPad and IdeaPad notebooks and other mobile devices. The vulnerable SHAREit versions are the Android 3.0.18_ww and Windows 2.5.1.1 packages, Core Security said.

To read this article in full or to leave a comment, please click here

Network World Security

Dutch Government To Outlaw File-Sharing and Block The Pirate Bay (Ernesto/TorrentFreak)

/in

Ernesto / TorrentFreak:
Dutch Government To Outlaw File-Sharing and Block The Pirate Bay  —  Through the actions of anti-piracy outfit BREIN, The Netherlands has been in the news regularly in connection with file-sharing and copyright related cases.  —  The group was responsible for the demise …

Read more