Tag: send | SpinSafe

Compromised backups send ransomware recovery costs soaring

April 12, 2024/in Internet Security

There’s a common misperception that to defeat ransomware attacks, organizations must simply back up their systems and data. Unfortunately, that’s not necessarily the case. Organizations must back up their systems and data, but they must also protect those backups as if their business survivability depended on it, because it likely does.

Consider a report from cybersecurity firm Sophos, published last month, revealing an alarming trend: Ransomware attackers increasingly target and compromise victims’ backups. And, in doing so, they are increasingly crippling the victim’s ability to recover maliciously encrypted files without having to pay the ransom demand.

Based on a survey of nearly 3,000 organizations hit by ransomware in the past year, the study found that a staggering 94% of respondents reported attempts by cybercriminals to compromise their backups during the attack. In specific sectors such as state and local government as well as media and entertainment, this figure soared to 99%.

Attackers know that when potential victims can simply recover their systems and data from backups, the attacker loses their leverage. However, by successfully compromising backups, the script is flipped: Victims lose any leverage they may have. And this drives the costs of ransomware relatively high. Data from Sophos’s survey shows that organizations whose backups were compromised faced the following:

63% higher rate of data encryption, 85% vs 52% if backups are not compromised.
More than double the median ransom demand at $2.3 million compared to $1 million if backups remain intact
67% paid the ransom, compared to just 36% if backups were available
A median ransom payment of $2 million is nearly double the $1.062 million paid by those with secure backups

Backups are the start

There is good news here: Lots of organizations are backing up their data. That’s a great start in the successful recovery from a ransomware attack. The bad news is that not enough organizations are protecting these backups from attack. Sophos found that attackers have very high success rates in some industries. For instance, the success rate of energy utilities’ backup compromises reached 79%. However, in IT/technology…

Source…

Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals

January 7, 2024/in Internet Security

Losing important work documents or albums with photographs of your family because you have unsuspectingly clicked on a malicious e-mail attachment can be very damaging and stressful. Now imagine that you have lost not only your data but also the very sensitive data of thousands of other people.

This is a threat that hospitals around the world are facing each day, with some of them ultimately falling victim.

Cybercriminals employing ransomware as part of their hacking campaigns are extorting users, demanding a hefty ransom in the form of cryptocurrency. They promise to give you a decryption key to recover your data, but you can never be certain whether the criminal will keep this promise. While some user may get lucky, others will not only lose their data but also their money.

Experts usually recommend not paying the ransom, as this also encourages the hackers to continue targeting more potential victims. The decryption keys for some ransomware variants are later made public, for example, thanks to authorities and their investigation. So even if you don’t pay the ransom, your chances of getting the data back are not completely over.

But in the case of hospitals or businesses, making the right decision can be much more difficult. Especially when the ransom is much higher and on top of that, the hackers are trying to improve their odds by other malicious activities.

Some hackers are threatening the hospitals with swatting, as The Register reports. A specific example is Seattle’s Fred Hutchinson Cancer Center which was hacked in November. The hospital confirmed for The Register that it “was aware of cyber criminals issuing swatting threats”, and that FBI and local police started an investigation.

Swatting is the tactic of contacting police with a false report, ultimately triggering a SWAT team to come to the targeted location, for example, the house of an innocent victim.

In a different case at Oklahoma’s Integris Health, the patients were targeted and threatened with having their data sold on the dark web.

These are just some of the extreme…

Source…

Russian hackers send emails with malware, taking advantage of national mobile operator Kyivstar’s outage

December 24, 2023/in Computer Security

Russian hackers are taking advantage of the outage at Kyivstar, one of Ukraine’s national mobile operators, to send out emails containing malware to Ukrainians using archive files named “Amount owed by subscriber”, “Request”, “Documents”, etc., the State Service of Special Communications has warned.

Source: State Service of Special Communications and Information Protection of Ukraine (SSSCIP) and the Government Computer Emergency Response Team (CERT-UA)

Quote from SSSCIP: “Hackers persist in exploiting issues that are bothering thousands of Ukrainians to spread malware. This time, experts from CERT-UA, the Governmental Computer Emergency Response Team of Ukraine, have uncovered a massive email campaign with the subject line ‘Amount owed under your Kyivstar contract’ and an attachment named ‘Amount owed by subscriber.zip’.

Ukrainians have received emails regarding ‘Amount owed under your Kyivstar contract’, which contained attachments in the form of an archive named ‘Amount owed by subscriber.zip’ with attached password-protected RAR archives.

Moreover, CERT-UA has detected the spreading of emails with the subject heading ‘Security Service of Ukraine (SSU) request” with an attachment named ‘Documents.zip’. It includes a password-protected RAR archive ‘Request.rar’ followed by an executable file, ‘Request.exe’. As in the previous case, opening the archive and running the file leads to exposure to a RemcosRAT remote access programme.”

Details: The mobile operator Kyivstar experienced a large-scale outage on the morning of 12 December.

The CERT-UA team detected a massive email distribution with the subject line “Amount owed under your Kyivstar contract” and the attachment “Amount owed by subscriber.zip” on 21 December.

The ZIP archive contains a two-part RAR-archive “Amount owed by subscriber.rar”, containing a password-protected archive bearing the same name. The latter includes a document with the macro “Customer debt.doc”.

Once activated, the macro code will download the file “GB.exe” to the computer and run it using the SMB protocol via the file explorer (explorer.exe).

On its part, this file is an SFX archive containing a BATCH script to download the executable file “wsuscr.exe” from…

Source…

Fake WordPress security alerts are being used to send malware

December 5, 2023/in Computer Security

If you are a WordPress site admin, be wary of incoming emails – one could be a phishing message looking to infect your site with malicious plugins.

This is the warning given out by WordPress security experts Wordfence and PatchStack, which have found WordPress site admins receiving emails impersonating the legitimate wordpress.com site.

In the emails, the admins were warned of a new (but actually bogus) remote code execution (RCE) flaw and were urged to immediately install a plugin to defend their site from hackers. The non-existent flaw is tracked as CVE-2023-45124, the fraudsters claim.

Injecting WordPress sites with ads

Gullible admins that click the “Download Plugin” button are then redirected to a fake landing page where they can review, and download, the “plugin”. The reviews are a mix of five-star, four-star, and even one-star ratings, to add legitimacy to the whole ordeal. The site also claims the plugin has had more than 500,000 downloads, and comes with reviews that are a mix of praise and critique.

The plugin does a number of malicious things to the infected WordPress instance. Firstly, it creates a hidden admin user, giving the attacker administrative privileges, but also exfiltrates important information about the website to the plugin’s operators, and downloads a backdoor that comes with file management features, an SQL client, a PHP console, and more. Finally, it tries to remain hidden and out of sight, which means admins need to manually search on the site’s root directory for it, in order to find and remove the malware.

While the malicious plugin’s end goal is still unclear at this time, researchers speculate that it could be used to inject unwanted ads on the compromised website. In some scenarios, plugins such as this one were used to redirect visitors to different sites, steal sensitive data, and more.

Via BleepingComputer

More from TechRadar Pro

Source…

Tag Archive for: send

Backups are the start