Tag Archive for: Ransomware

Can Fin Homes Falls 15% In Three Days After CEO Exit, Ransomware Attack

/in


On Tuesday, the scrip fell as much 6.7% reacting to the developments. In total, the stock has fallen over 15% in the last three sessions.

Jefferies termed Kousgi’s resignation as a “setback” as Can Fin delivered a healthy balance of growth and good asset quality, despite the pandemic.

“We await clarity around new CEO and his growth strategy. An external CEO may be viewed more favourably by investors. Uncertainty around upcoming management change would be an overhang , near-term, but core fundamentals stays healthy,” Jefferies said in a note dated Sept. 19, retaining ‘buy’ on the company.

Jefferies has a target price of Rs 730 apiece on Can Fin Homes, implying a potential upside of 15%. It sees strong demand for mid-ticket housing loans in salaried segment and competitive funding costs driving 18% loan CAGR over FY22-25.

Of the 15 analysts tracking the company, 13 maintain a ‘buy’ and two suggest a ‘hold’, according to Bloomberg data. The 12-month consensus price target implies an upside of 26.8%.

Source…

Emotet Botnet Started Distributing Quantum and BlackCat Ransomware

/in


Emotet Botnet

The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti’s official retirement from the threat landscape this year.

Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that’s capable of downloading other payloads onto the victim’s machine, which would allow the attacker to control it remotely.

Although the infrastructure associated with the invasive malware loader was taken down as part of a law enforcement effort in January 2021, the Conti ransomware cartel is said to have played an instrumental role in its comeback late last year.

CyberSecurity

“From November 2021 to Conti’s dissolution in June 2022, Emotet was an exclusive Conti ransomware tool, however, the Emotet infection chain is currently attributed to Quantum and BlackCat,” AdvIntel said in an advisory published last week.

Typical attack sequences entail the use of Emotet (aka SpmTools) as an initial access vector to drop Cobalt Strike, which then is used as a post-exploitation tool for ransomware operations.

The notorious Conti ransomware gang may have dissolved, but several of its members remain as active as ever either as part of other ransomware crews like BlackCat and Hive or as independent groups focused on data extortion and other criminal endeavors.

Emotet Botnet

Quantum is also a Conti spin-off group that, in the intervening months, has resorted to the technique of call-back phishing – dubbed BazaCall or BazarCall – as a means to breach targeted networks.

“Conti affiliates use a variety of initial access vectors including phishing, compromised credentials, malware distribution, and exploiting vulnerabilities,” Recorded Future noted in a report published last month.

AdvIntel said it observed over 1,267,000 Emotet infections across the world since the start of the year, with activity peaks registered in February and March coinciding with Russia’s invasion of Ukraine.

CyberSecurity

A second surge in infections occurred between June and July, owing to the use by ransomware groups such as Quantum and BlackCat. Data captured by the cybersecurity firm shows that the most Emotet-targeted country is…

Source…

The Storage Manager’s Quick-Guide to Ransomware Resiliency

/in


Part 1: Why Storage Managers Need to Prepare for the Ransomware Scourge

Certain parts of the enterprise are more concerned about ransomware than others. The security, networking, and help desk teams are very much in tune with the threat that ransomware poses on a daily basis.

Storage managers, however, don’t tend to pay as much attention based on the belief that their systems lie at the backend and don’t pose the same level of risk as other layers of IT. Research from Continuity, however, makes it clear that this is not the case. Any enterprise storage device has 15 vulnerabilities / security misconfigurations on average. 3 can be considered high or critical risk. Therefore, it is vitally important that storage managers understand the magnitude of the ransomware menace and what they need to do about it.

DevOps Experience 2022

Let’s begin with a few facts about ransomware. An Enterprise Strategy Group (ESG) study found that cybersecurity has replaced cloud and artificial intelligence (AI) as the top area for IT spending. With almost two-thirds of organizations intending to increase IT spending this year, 69% said they are spending more on security this year compared to last. Only 2% said they will pay less for cybersecurity in 2022 compared to 2021.

According to the study, 54% of respondents said the main driver of technology spending was the achievement of stronger cybersecurity and improved resiliency against cyberattacks. Why?

ESG discovered that 48% had been the victim of at least one successful ransomware attack. Two thirds of those attacked had paid a ransom to recover access to their data, applications, and systems.

Despite all the attention given to digital transformation, the transition to the cloud, and the need to deploy analytics and AI to extract real-time insights from organizational data, 22% of businesses named ransomware protection as their top business priority. Another 46% named it among their top five priorities.

These finding are corroborated by another research study by Arcserve and Dimension Research. It found that 50% of organizations worldwide had been targeted by ransomware. These attacks are continuing at a high frequency, yet most organizations are unprepared.

The…

Source…

Couple deletes Holiday Inn data for fun after ransomware attack fails

/in


A Vietnamese couple deleted Holiday Inn data from s computers after their ransomware attack failed, saying they did it for fun. 

The hackers, who contacted the BBC on Saturday, September 17, said they had deleted the data “for fun”.

According to the evidence provided by the pair they said they were able to access the computers of the Holiday Inn owners, International Hotels Group (IHG) with relative ease.

The group, which owns around 6,000 hotels, received numerous complaints in the week saying that people were having problems booking. The company initially responded by saying that the system was undergoing maintenance, before admitting that they were the subject of a hacking attempt.

Calling themselves TeaPea, the hackers used an encrypted Telegram message to contact the BBC. They provided images as evidence of the hack, images that the company has confirmed are genuine.

The images show that the hackers gained access to servers, emails and Microsoft Teams chats, but were unable to use that access to install ransomware as the company isolated servers before they could so.

Instead the couple who deleted the Holiday Inn data said: “Our attack was originally planned to be a ransomware but the company’s IT team kept isolating servers before we had a chance to deploy it, so we thought to have some funny [sic]. We did a wiper attack instead.

“We don’t feel guilty, really. We prefer to have a legal job here in Vietnam but the wage is an average $300 (€300) per month. I’m sure our hack won’t hurt the company a lot.”

IHG says customer-facing systems are returning to normal although disruptions continue to be experienced as the company works to rebuild the data. Although the hackers say they took no data that has yet to be confirmed by IHG.

The hackers said they gained access to IHG’s internal IT network by tricking an employee into downloading a malicious piece of software, which gave them access. After that, they were able to use weak passwords to access the systems.

A spokeswoman for IHG told the BBC that password vault details were secure. She went on to say they had to evade “multiple layers of security”, adding that “IHG employs a…

Source…