Category: ransomware

A suspected cyber attack of ransomware genre has reportedly downed the entire websites, apps, and internal systems of American Television service provider Dish Network for the past two days and information is out that it could take at least a week or so to restore back the services to normalcy.

It is unclear whether the attack was of malware variant as the IT staff of the Dish Network are still investigating the outage that reached its 4th day yesterday.

Dish.com and Dish Anywhere app is unreachable and a message displayed on the home page states teams are working 24×7 to resolve the incident.

The worst scenario of this incident is that the customers of Dish TV services are finding it hard to establish contact with the customer support teams as the malware seems to have disrupted the network to the core.

Erik Carlsson is yet to acknowledge the digital incident but assured via his social media account that timely updates on the attack will be provided on Tuesday this week.

As dish logins are failing to establish a server contact, customers cannot sign into TV channel apps such as MTV and Starz.

Meanwhile, research carried out by a hacker on a separate note has discovered PureCrypter Malware encrypting the database of several government entities leading to information steal and ransomware spread incidents.

And according to her update, Dish TV might have become a victim of the malware campaign.

Presently, no information is out regarding the ransomware group that struck the American Television services provider. But a suspicious finger is pointing at the LockBit Ransomware group.

 

The post Ransomware attack on Dish Network appeared first on Cybersecurity Insiders.

Dole, the online retailer that sells fresh fruits and vegetables, suffered a ransomware attack, disruption its operations and order full fulling to a large extent. Thus, with the latest, the Irish Mega Corp is the second largest company after JBS that was targeted by a ransomware spreading hacking group.

A statement posted on the Irish company’s website a few hours ago states that it recently experienced a security incident that is of file encrypting malware genre and has engaged third party experts to remediate the issue and security systems.

Dole Food Company has informed the law enforcement of fraudulent network intrusion and cooperating with the authorities to probe down the threat actors involved in the crime.

The Fruit giant that has about 38,000 employees with an annual revenue turnover of $6.5 billion has shut down its production plants in North America as a cautionary measure to block the spread of the malware. And the Texan grocery store is looking for an alternative to keep its shipments to grocery stores intact.

With the shut down entering its second day, customers are already complaining of a shortage of bananas, salads and some veggies in some of the major store shelves. As the shelf life of these foods is low, the American grocery store might incur losses ranging in millions.

However, the good part is that the business has an efficient disaster recovery plan in place and so as per the crisis management protocol it has taken the help of a manual backup program to restore the operations and so has indirectly hinted that it not going to bow down to the demands of hackers.

 

The post Dole suffers a ransomware attack appeared first on Cybersecurity Insiders.

A new variant of ransomware, named Nevada Group by some security researchers reportedly targeted about 5000 victims in US and Europe and this took place after the threat actors started exploiting a software vulnerability in Cloud Servers almost 3 weeks ago and demanded 2BTC or $50,000 to release a decryption key.

CISA and FBI have asked the victims not to reveal their identity until their investigation over the incident gets concluded. However, sources familiar with the incident state that the activity could be the work of China or Russia.

Meanwhile, IBM X Force Threat Intelligence has revealed in its ransomware 2023 report that the malware detection improved the previous year, however in the same year, hackers tried their best to innovate the malicious software so much that it’s proving as a silver bullet to mint money from the victim for sure…..strange, but true!

Another report compiled by security firm Trend Micro confirms that although only 10 percent of ransomware victims pay to the hackers, it is encouraging come to perpetuate as criminals get a boost on seeing millions in payment and that to make in crypto currency, a highly volatile currency standard.

In fact, in the year 2019, the Federal Bureau of Investigation, aka FBI, issued a global alert to ransomware victims, and urged them not to pay the hackers. As it not only encourages crime but also doesn’t guaranty a decryption key for sure, on a ransom payment.

Later it urged victims to pay only if there is no data recovery option left and warned users it can encourage crime and give a boost to hackers to strike the victim twice or thrice.

 

The post Nevada Ransomware Group targets 5000 victims in US and Europe appeared first on Cybersecurity Insiders.

All these days we have read about ransomware spreading groups stealing data and then threatening to release it online, if the victim fails to pay heed to their demands. But now a new file encrypting malware variant has emerged onto the block that demands ransom, based on the insurance cover.

HardBit 2.0 ransomware does so during negotiations and tries to find the exact amount to be covered with the cyber insurance and then demands ransom.

From Cyber Insurance POV, this seems like a scam stuck between the victim and those spreading the malware…. isn’t it?

Now, going with the details available to our Cybersecurity Insiders, the said group of criminals are spreading the said 2.0 version since November 2022 and the new version is being circulating on the internet from the Valentine’s day of this year.

Varonis, the information security analysis firm, discovered this in its survey and concluded that the said ransomware spreading gang is yet to host a data leak website, that hosts ransom details as soon as the victim fails to pay the demanded sum in BTC.

Information is out that the group demands virtual currency as Bitcoins, i.e., BTC, and has the potential to disable Windows Defender real time analytics and antagonize its file protection services.

Contrarily to other hacking groups, instead of writing encrypted data to the files and wiping off the original, HardBit overwrites the data with encrypted information- thus complicating the recovery process/s.

 

The post HardBit ransomware demands ransom based on insurance cover appeared first on Cybersecurity Insiders.

We all know that backup servers are only the sole saviors to an organization when a ransomware incident strikes their IT infrastructure. So, to avoid such troubles from file encrypting malware, the following are the steps to follow to protect backups from being corrupted with encryption-

Update- It is a known fact that back-up systems are the first to receive OS updates and so admins should subscribe to automatic updates for backup software.

Inbound ports should be disabled first, as hackers always try to exploit such vulnerabilities or login with stolen credentials. Thus, ports supporting data continuity processes must be left open and others need to be shut down.

Block outbound DNS Requests– Whenever a malware strikes a server, the first thing it does is to establish a connection with a command-and-control server. Thus, blocking DNS systems from receiving external queries must become a priority and done technically.

Blocking a backup server from Lightweight directory access protocol (LDAP) also makes sense as it blocks hackers from accessing usernames and passwords fraudulently.

Multi-factor authentication or biometric security implementation can help circumvent attacks to a large extent.

Backup and root accounts should have separate admins as it is not wise to put all eggs in one basket.

Using a hybrid backup environment makes complete sense, as offsite backups can be infiltrated easily. But cloud-based environments are not that easy to breach.

Privileges should be restricted and only be accessed by personnel who are designated to do so.

NOTE– Maintaining at least 3 copies of backups 1 offsite and 2 in the cloud not only prevents data disruption during digital attacks. But also helps to recover in the event of a catastrophe disaster like fire or flood accidents.

 

The post How to protect backup servers from ransomware appeared first on Cybersecurity Insiders.

First is the news about the compromise of a SAS network as hackers disrupted Scandinavian airlines computer network and accessed information related to thousands of customers. Karin Nyman, the in-charge spokesperson of SAS, stated that his company was working on remediating the effects of the digital attack and urged customers to stay away from the mobile app for now.

Second is the news that seems to be more interesting as a new hacking group from India has been discovered by the security researchers of Group-IB and the threat actors gang is named as “Side Winder”.

According to the experts of the Singapore-based cybersecurity firm the group of threat actors are from India and were super active between June and November 2021, thus attacking government, military and law enforcement organizations in Afghanistan, Pakistan, Bhutan, Bangladesh, Nepal and Sri Lanka.

Currently, there is no evidence that SideWinder aka Rattlesnake, Hardcore Nationalist and T-APT4 have any links to the Indian military or the government. However, as evidenced, the cyber threat group has so far managed to hack into the networks of over 71 organizations from different parts of Asia and, for now, seem to be primarily ignoring firms operating in the west for some specific reason.

Third is the news related to CLOP ransomware gang that has mass attacked 130 organizations in January this year. One such target is a US hospital network of Community Health Systems (CHS) having a network chain of 80 hospitals in 16 states. Investigations reveal hackers infiltrated the hospital network to steal personal records of over 1 million patients and the hack occurred when hackers exploited a zero-day flaw hidden on the file transfer software named GoAnyWhere MFT, developed by Fortra.

Fourth is the news related to a China sponsored hacking gang that started targeting South American diplomats through a ShadowPad Trojan known as PoisonPlug. Microsoft Threat analysis team discovered the campaign taken up by Dev-0147 treat team and confirmed that the criminals are interested in breaching database related to government agencies, NGOs and think tanks functioning in Europe and Asia for now.

Fifth is the news related to a report compiled by Kaspersky. The cybersecurity firm headquartered in Russia has concluded that 14% of Americans have witnessed ransomware attacks on schools while their children were studying. The study also covered that while the parent’s child was a student, the victimized schools made a ransom payment of $887,360 on an average and in the year 2021 was recorded as $996,000, witnessing a jump of 9%.

Last but not the least is the news related to Chinese devices being used in London. According to Fraser Sampson, of the UK, almost all the devices and drones manufactured in Beijing and being operated by Britain’s police forces should be labeled as spying machines. Meaning, the politicians and think tanks of Britain should be more worried about the devices operating just 7-8 feet above their heads, rather than focusing on flying objects in the sky.

Now the big question- is the technology improving our lives or making it more complicated?

 

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.