Tag Archive for: Recover

Babuk Ransomware Decryptor Updated to Recover Files Infected

/in


Hackers use ransomware to encrypt victims’ files and render them inaccessible until a ransom is paid. This forces the victims to pay a ransom to regain access to compromised systems and data.

This tactic leads to financial gains for the threat actors. While ransomware attacks can be conducted at scale and threat actors can target individuals, businesses, and organizations.

The Babuk ransomware decryptor has recently received an update from Avast cybersecurity researchers, Cisco Talos, and the Dutch Police to allow for the recovery of files infected with the most recent ransomware variant.

Document

Free Webinar

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Technical Analysis

Babuk ransomware initially emerged in early 2021, and it is known for the following key things:-

  • Targeting Windows systems
  • Encrypting files
  • Demanding ransom payments in exchange for decryption keys

Besides this, Babuk ransomware has gained immense attention for its Evolving tactics and the sophistication of its attacks.

Since its founding, the Avast security company has blocked over 5600 targeted attacks, the majority of which targeted individuals and organizations in the following nations:

  • Brazil
  • Czech Republic
  • India
  • The United States
  • Germany
Babuk attacks blocked by Avast since 2021 (Source – Avast)

The recently updated Avast Babuk decryption tool can restore the files the Tortilla Babuk variant has encrypted.

Babuk ransomware source code was released in Sept 2021 in the form of a ZIP file on a Russian hacking forum, which included the following 14 victim-specific private keys:-

The cybersecurity analysts affirmed that the decryptor creation was easy as the encryption scheme remained unchanged from their analysis 2 years prior and the sample that the researchers analyzed was named “tortilla.exe.”.

The Babuk encryptor is likely made from leaked sources and uses a single key…

Source…

Philippines state health org struggling to recover from ransomware attack

/in


The government organization that manages the universal healthcare system of the Philippines has struggled to recover from a ransomware incident that forced it to take several websites and portals offline.

On Friday morning, officials from the Philippine Health Insurance Corporation (PhilHealth) said they discovered an information security incident and immediately began an investigation into the situation with the help of several other government agencies. The government-owned entity provides a national health insurance program for the country’s 114 million citizens.

“While investigation is being undertaken, affected systems shall be temporarily shut down to secure our application systems. We appeal for the public’s understanding regarding the matter,” the organization said.

In an update on Monday, PhilHealth President and CEO Emmanuel Ledesma said access to Health Care Institution (HCI) member portals and e-claims “were disabled or unplugged immediately as part of the information security containment measures being implemented by PhilHealth.”

“Affected systems shall be restored at the soonest possible time after the completion of the needed configuration and reinforcement of existing information security measures. We are working to restore these systems on Monday, September 25, 2023,” the organization explained.

“PhilHealth’s Management assures the public that the incident is under control and that no personal information and medical information has been compromised or leaked.”

They added that healthcare facilities are still able to provide benefits to those who come and that PhilHealth is “doing its best to enable the affected systems to work on Monday, Sept 25, 2023.”

The Department of Information and Communication Technology (DICT) and several law enforcement agencies are conducting a forensic investigation into the situation.

While systems are down, members and dependents have to provide a photocopy of the member’s PhilHealth Identification Card (PIC) or Member Data Record (MDR) or any identified acceptable supporting documents.

Payments for services have to be made over the counter and cannot be done online. Healthcare facilities will “continue…

Source…

Lessons from a ransomware attack: How one healthcare CIO helped her company recover

/in


In the early-morning hours of Feb. 25, 2021, Terri Ripley got the call every chief information officer dreads: Her company, OrthoVirginia Inc., had been hit by a massive attack of the Ryuk ransomware that had shut down its entire computing fabric.

Although it would be 18 months before systems were fully restored, OrthoVirginia never shut down operations or abandoned patients. What it learned during the crisis is a lesson for any organization that might become an attack target. Today, that’s everyone.

Speaking at the Healthcare Information and Management Systems Society Inc.’s Healthcare Cybersecurity Forum in Boston this week, Ripley gave a blow-by-blow description of the events immediately following the attack, the critical choices that were made and how the company is insulating itself from future incidents.

OrthoVirginia is Virginia’s largest provider of orthopedic medicine and therapy, encompassing 105 orthopedic surgeons spread across the state. Its 25-person information technology organization had put cyber protections in place before the attack hit, but the pandemic was a curveball they didn’t anticipate.

“When COVID hit and we sent everybody home, some of those protections were not in place,” she said. “We put a lot of good measures in place, but we still got hit.”

System-wide shutdown

The attack took down servers, workstations, network storage and backups, but fortunately not electronic health records, which were hosted offsite. It encrypted the picture archiving and communication system that contains the X-rays vital to orthopedic surgery. The application and database needed to view the images were also hit and the internet protocol phones went down.

To make matters worse, OrthoVirginia’s chief cybersecurity expert was on vacation at the time. Knowing that ransomware attacks can be unpredictable, “we made the decision to shut everything down,” Ripley said. “That stopped the script from running so we were able to save the data files.”

Forensics would later determine that the attack was triggered by a remote worker clicking on a malicious link. The attackers were able to compromise the system administration password, tunnel through the…

Source…

US Department of Labor obtains judgment to recover $47K in back wages, damages after Louisiana security company denied overtime to 58 workers

/in


Sentinel Security Group Inc. assessed $7K in civil money penalties

SHREVEPORT, LA – While security workers sometimes face daunting challenges on the job in return for a median national wage of just $15.13 per hour, 58 industry workers are closer to getting wages owed to them by their Shreveport employer thanks to an action brought by the U.S. Department of Labor.

In May 2023, the department obtained a consent judgment in the U.S. District Court for the Western District of Louisiana, Shreveport Division, ordering Sentinel Security Group Inc. to pay $23,841 in back wages and an equal amount in liquidated damages to the affected employees.

The court’s action follows a 2021 lawsuit the department filed after the company refused to comply with the findings of the department’s Wage and Hour Division. Investigators determined Sentinel Security Group denied overtime to the affected employees by not combining hours employees worked at more than one location, in violation of the Fair Labor Standards Act’s overtime provision.

Sentinel Security Group deprived 58 workers of their overtime pay by ignoring their responsibilities under federal law,” said Wage and Hour Division Regional Administrator Betty Campbell in Dallas. “The recovery of back wages and damages will help these employees support themselves and their families.”

The department also filed a separate action in administrative court and obtained consent findings that require the company to pay $7,317 in civil money penalties for Sentinel’s repeat violations.

“Compliance with the law is not optional. Employers cannot repeatedly disregard the law, and the U.S. Department of Labor will take legal action when employers like Sentinel Security Group refuse to pay employees their rightful wages,” explained Regional Solicitor of Labor John Rainwater in Dallas. “This case’s resolution shows employers that there can be costly consequences for defying the laws.”

In fiscal year 2022, the Wage and Hour Division recovered more than $3.9 million for more than 4,600 people employed in guard services after over 600 investigations nationwide.

For more information about the FLSA and other laws enforced by the…

Source…