Tag: Ransomware | Page 265

New Ransomware Group BianLian Activity Exploding

September 2, 2022/in Internet Security

A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since.

The threat actor already has twenty alleged victims across several industries (insurance, medicine, law and engineering), according to a research paper from US cybersecurity firm Redacted, published on September 1, 2022.

The majority of the victim organizations have been based in Australia, North America and the UK.

The research team has given no attribution yet but believes the threat actor “represents a group of individuals who are very skilled in network penetration but are relatively new to the extortion/ransomware business.”

BianLian uses a custom toolkit, including homemade encryptors and encryption backdoors. Both, as well as the command-and-control (C&C) software the hackers use, are written in Go, an increasingly popular programming language among ransomware threat actors.

Troublingly, the Redacted team of researchers has found evidence that BianLian is likely now trying to up their game.

“Starting in August, we observed what appeared to be a somewhat troubling explosion in the rate by which BianLian was bringing new [C&C] servers online. […] While we lack the insight to know the exact cause for this sudden explosion in growth, this may signal that they are ready to increase their operational tempo, though whatever the reason, there is little good that comes from a ransomware operator having more resources available to them,” warns the advisory.

A BianLian x64 ransomware sample: eaf5e26c5e73f3db82cd07ea45e4d244ccb3ec3397ab5263a1a74add7bbcb6e2
So it is another Go ransomware.
😂
“jack/Projects/project1/crypt28” pic.twitter.com/5mb8GScvGO

— MalwareHunterTeam (@malwrhunterteam) August 11, 2022

To gain initial access into victim networks, BianLian typically targets the ProxyShell vulnerability chain (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207), SonicWall VPN devices, or servers that provide remote network access via solutions such as Remote Desktop,

“After exploitation, they deployed either a webshell or a lightweight remote access solution such as ngrok as the follow-on payload,” the research paper reads.

Once in the network,…

Source…

5 common myths about ransomware

August 31, 2022/in Internet Security

Ransomware attacks are a near-daily threat to businesses of all sizes. In 2021, US businesses lost nearly $160 billion (opens in new tab) to ransomware attacks, and that number is expected to grow in the years ahead.

While many companies may be aware of the threat posed by ransomware, the vast majority are still vulnerable to attack. This is in part because companies easily fall for myths about ransomware, which leads to being underprepared for attacks.

In this article, we’ll debunk five common myths about ransomware that could be leaving your organization exposed to cybercrime.

Myth #1: It won’t happen to my organization

One of the most common myths about ransomware is that it only affects enterprise-scale businesses with huge cash flows or highly sensitive data. This couldn’t be further from the truth. In fact, small businesses with a hundred or fewer employees are three times as likely (opens in new tab) to face ransomware attacks as larger corporations.

From the perspective of cybercriminals, small businesses (and even individuals) are the perfect target. This is because they often don’t have large IT teams, nor advanced network monitoring software that enterprise-scale companies use. Small businesses may also be less likely to use identity management software (opens in new tab) that could help prevent an attacker from moving through their networks.

Even though cybercriminals might earn less money from a ransomware attack on a small business, the higher likelihood of success makes small businesses attractive targets.

Small business owners should never assume that they’re too small or too unknown to be the target of a ransomware attack. Every organization is a potential target, and it’s critical to take proactive steps to defend your network.

Myth #2: The ransom is the only cost of an attack

Another common myth about ransomware is that businesses can simply pay the ransom and make the whole thing go away. The ransom may be expensive, this reasoning goes, but it’s part of the cost of doing business.

The reality is that the costs of a ransomware attack can extend far beyond the ransom itself. First, there are costs related to work disruption. Even if your organization…

Source…

Baker & Taylor’s Systems Remain Offline a Week After Ransomware Attack

August 30, 2022/in Internet Security

A server outage has impacted library services company Baker & Taylor’s systems and applications, said the firm on Twitter on August 23, 2022. A day later, the firm confirmed it engaged outside third-party experts to fix the issue.

Baker & Taylor’s systems remained offline the following week, and on Monday, the company made an announcement on its website, confirming it was hit by a ransomware attack.

“Our team has been working around the clock to return to normal operations,” reads a message on Baker & Taylor’s website. “Our priority has been remediating our systems and ensuring they are sanitized.”

The library services provider also said that, as soon as its systems are sanitized, it will proceed to restore them, bring them back online, and return to operations in a phased approach.

“We expect disruptions to continue this week but are hopeful we can provide timelines for individual systems and applications as the week progresses.”

According to Justin Vaughan-Brown, VP of market insight at Deep Instinct, it has become more common to see ransomware attacks causing long-term disruption to businesses’ services and systems.

“Clearly, our current approach towards cybersecurity is not right,” Vaughan-Brown told Infosecurity Magazine.

“Downtime in services can be disastrous for a business, with it potentially affecting both customers and partners, which ultimately can lead to a loss of trust among users, and the enterprise taking a big financial hit. More worryingly, however, is the impact it can have on employees.”

Further, the executive said that in scenarios like this, security teams work relentlessly to get systems running again while also fearing the next potential ransomware attack.

“By shifting the mindset of security teams from mitigation to prevention, organizations can stop ransomware attacks before they breach the network and cause the downfall of systems and services,” Vaughan-Brown said.

“Libraries are a place of calmness and tranquillity; with a prevention-first approach, organizations can try and do the exact same with cybersecurity.”

The ransomware attack comes amidst a surge of similar threats targeting organizations…

Source…

Singapore faced more cybercrime, ransomware threats in 2021

August 30, 2022/in Internet Security

CNA – Firms and individuals in Singapore faced an increased number of cybercrime, phishing and ransomware threats last year, according to a report released by the Cyber Security Agency of Singapore (CSA) yesterday.

There were 137 ransomware cases in 2021, a 54 per cent jump from the 89 reported in 2020.

In a ransomware attack, hackers – or threat actors – use malicious software to encrypt files on a device, then demand ransom to undo their work.

The cases affected mostly small-and-medium enterprises (SMEs) from sectors such as manufacturing and IT, said CSA in its annual Singapore Cyber Landscape publication.

“The around-the-clock nature of these sectors’ operations did not provide for much time to patch their systems, thus potentially allowing ransomware groups to exploit vulnerabilities,” the agency added.

Ransomware groups targetting SMEs used a model known as “Ransomware-as-a-Service”, which makes sophisticated ransomware strains accessible to less technically adept cybercriminals.

This made it easier for amateur hackers to use existing infrastructure to distribute ransomware payloads, said CSA.

Phishing cases also rose by 17 per cent last year, with about 55,000 unique Singapore-hosted phishing URLs – with a “.sg” domain – observed.

In 2020, there were 47,000 such URLs identified.

Phishing refers to the practice of inducing people to reveal their personal information such as account passwords and credit card numbers.

Social networking firms made up more than half of the spoofed targets of phishing cases, said CSA.

“This was possibly driven by malicious actors’ exploitation of public interest in WhatsApp’s updated privacy policy announcement on users’ phone numbers being shared with Facebook,” the agency added.

Scammers also exploited the COVID-19 pandemic amid the Omicron variant outbreak in late 2021 to spoof government websites, said CSA.

The Singapore Police Force also reported cybercrime as a key concern, with 22,219 cases recorded last year – up 38 per cent from 16,117 cases in 2020.

Online scams made up the top cybercrime category in Singapore, accounting for 81 per cent of the cases. Of the rest, 17…

Source…

Tag Archive for: Ransomware