Category: ransomware

American Dental Association, shortly known as ADA, was reportedly hit by ransomware attack last week, disrupting its IT services to a certain extent and downing email chat and telephone services.

Currently, the association website is down and is popping up a message that its information systems were down because of a cybersecurity incident and will be back shortly.

A new ransomware known as the Black Basta has taken the claim of the incident and leaked about 2.8 gigabytes of data stolen from the servers of ADA to the dark web. And reports are in Black Basta is threatening to release more data out of the total 9GB files if their ransom demand wasn’t fulfilled on time.

Coming to the second news that was trending on Google and related to Ransomware is a report released by MalwareHunter Team that describes Onyx Ransomware gang as criminals who destroy large files instead of encrypting them until a ransom is paid.

Onyx Ransomware was known till date as one of the malware spreading gangs that locks up data from access until a ransom is paid. However, researchers from MalwareHunter’s team have detected now that Onyx deletes large files after infecting a server.

Concurringly, from the past few weeks that gang is found encrypting files that are smaller than 200MB and are found either deleting those larger than 200 MB or overwriting data on them with random data.

Third is a survey report released by Sophos claiming the year 2021 witnessed 66% of organizations falling prey to cyber attacks.

Sophos State of Ransomware 2022 compiled a report covering emerging insights from the world of ransomware. And concluded that file encrypting malware attacks were becoming complex, sophisticated, more impactful and hard to detect.

The only positive news in this report is the cost of remediation coming down to $1.85 million from $1.4 million.

Fourth is the news related to ransomware and trending on Google via the BleepingComputer website. It is related to Quantum Ransomware that has the potential to encrypt any large database within a time of 3 hours 44 minutes.

Cybersecurity researchers from DFIR Report discovered the encryption time of Quantum Ransomware that is found being distributed through a phishing email.

 

The post Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.

Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021.

Google:

2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of 28 detected in 2015 and especially stark when you consider that there were only 25 detected in 2020. We’ve tracked publicly known in-the-wild 0-day exploits in this spreadsheet since mid-2014.

While we often talk about the number of 0-day exploits used in-the-wild, what we’re actually discussing is the number of 0-day exploits detected and disclosed as in-the-wild. And that leads into our first conclusion: we believe the large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits.

Mandiant:

In 2021, Mandiant Threat Intelligence identified 80 zero-days exploited in the wild, which is more than double the previous record volume in 2019. State-sponsored groups continue to be the primary actors exploiting zero-day vulnerabilities, led by Chinese groups. The proportion of financially motivated actors­ — particularly ransomware groups — ­deploying zero-day exploits also grew significantly, and nearly 1 in 3 identified actors exploiting zero-days in 2021 was financially motivated. Threat actors exploited zero-days in Microsoft, Apple, and Google products most frequently, likely reflecting the popularity of these vendors. The vast increase in zero-day exploitation in 2021, as well as the diversification of actors using them, expands the risk portfolio for organizations in nearly every industry sector and geography, particularly those that rely on these popular systems.

News article.

Coca Cola, a world-renowned beverage brand, has admitted today that some of its systems were hit by a cyberattack that could be of ransomware variant. However, the company that owns Sprite did not confirm the incident as a file-encrypting malware attack as its staff was still investigating the cyber incident.

Stormous Ransomware has meanwhile released a statement that it has stolen about 161GB of data from Coca-Cola and is intending to sell the data as its ransom demands were put on the back burner by the IT staff of Coke, the carbonated soft drink manufacturer.

Stormous is a hacking group that is taking advantage of the ongoing war between Russia and Ukraine and is trying to make money through political agendas by supporting the Putin-led nation.

To date, the said ransomware group of hackers has cyber attacked the computer network of Ukraine’s Ministry of Foreign Affairs and the database of Epic Games stealing information related to over 33 million users to date.

Research launched by Check Point in Feb this year reveals Stormous relies more on scavenging operations by buying data stolen by other ransomware gangs like Conti.

This means the said group of cybercriminals makes its name by buying data from gangs offering Ransomware-as-a-service and then acts as if it has hacked the database of the victim and demands ransom ranging in the double digital figures of millions.

Note- Coke announced last month that it is withdrawing business from the Russian Federation because of its war with the Zelensky-led nation. And Stormous gang might have received orders from Kremlin to digitally hack Coke as retaliation for its announcement of trade withdrawal.

 

The post Stormous Ransomware targets Coca Cola appeared first on Cybersecurity Insiders.

BlueForce Inc has revealed on April 20th, 2022 that some fraudulent group of hackers has got hold of its data and was trying to threaten it. The company that serves as a defense contractor to government and private firms released a press statement on this note and said that a third party security firm has been pressed into service to investigate the incident.

From the third week of this month, BlueForce Inc started the process of digitally informing its customers and mentioned in the statement that hackers made access to its servers since May 4th, 2021 and might have stolen critical information.

Unconfirmed sources from the company say Conti Ransomware Group was behind the attack of stealing and encrypting the information from access.

Conti is a notorious gang of cyber criminals that is being probably funded by Russian intelligence to support the vision of Putin in the war against Ukraine. In the past two years, the gang took the threat to the next level by blackmailing the victim that they will sell the stolen data on the dark web and will tarnish the image of the company among its competitors, partners and investors leading stocks crash at the trading markets and fund crunch as most of the investors will back-off from the plan of investing more on the company from then-on.

Coming to BlueForce Inc business, it offers training programs, acquisition management, modeling and simulation, security sector reformation, civil-military relations, stability operations, information warfare, security sector reform, strategic communication, law enforcement and corrections, and exercise and experimentation.

 

The post Conti Ransomware gang strikes BlueForce Inc appeared first on Cybersecurity Insiders.

As soon as disks entered the data storage industry, many tape storage manufacturers thought to exit the storage business. The reason is as the market was moving towards faster tech like Solid State Storage(SSDs) that have now replaced hard disk drives in PCs and other computing applications.

Now, the trend seems to have changed as companies involved in the business of Linear Tape-Open(LTO) are seeing a surge in business sales. As this storage medium is not connected to the internet and is offline, it cannot be infected with ransomware…hmm, as of now.

The year 2021 witnessed a storage capacity sale of 150 million terabytes, which was 35% more when compared to the sales of the year 2019. In the year 2020, the sale of the compressed capacity was just over 100 exabytes.

Stronger data protection measures, allergic to cyber threats, reliable, cost-effective, high-capacity availability, and conducive to long-term data archival needs are making the storage makers like HP Enterprise, IBM and Quantum Corporation register an increase in sales- as per a report from Sweclockers, a Sweden-based technology magazine.

What makes tape storage averse to cyber attacks?

Well, it’s simple! Such storage media needs physical access; which means cannot be accessed from remote servers via the internet. So, the technology acts as an air-gap in keeping the information stored securely, as a hacker needs to break into a data center and access the tape media and take much time to steal data. And it is a tedious process to copy data from these media and destroy it.

However, the only disadvantage is that it needs a lot of space to store tape drives and maintain data inventory.

So, is this a silver bullet for those searching for storage media that can keep hackers at bay?

Well, to a certain extent, we can say. But as every technology has its own pros and cons, tape storage media is also filled with subjective analysis and so all depends on the application for which we are using it.

 

The post Can Tape Storage block ransomware attacks appeared first on Cybersecurity Insiders.

FBI has issued a ransomware attack alert to the agriculture sector in the United States as the current time seems to be the busiest for the said sector. Hackers are planning to hit a big blow to the agriculture sector to create production and supply shortages across the United States.

As the law enforcement alerted the critical infrastructures like power, water and transit from malware attacks, the hackers might have shifted their focus towards the agriculture sector. One is because other sectors are following healthy cyber hygiene that is strong to breach. And two, because of the reality that the agri-sector doesn’t bother much about cyber attacks and so is showing laxity.

Most of the production and supply chain in the agriculture sector is operated through machines and any impact on their digital functions can lead to chaos in economical, social, and political aspects.

So, the FBI is warning the Cybersecurity forces managing the agriculture industry to stay vigilant about the risks linked to ransomware attacks.

As planting and harvesting season is rampant across the states that generate green produce, cyber crooks might target cooperatives as they will be ready to pay a ransom in large amounts to keep their play active in agriculture productions.

In the year 2021, ransomware targeted cooperatives that manage the agricultural produce from farms to- table, affecting production to a negligible extent.

But this year, sophistication-driven hacking gangs such as BlackCat Ransomware group are on the prowl of weak targets and are seeming to make big money from the farming sector.

So, all the farms that produce greens and those in the meat industry are being urged to bolster their defensive line against the cyber threats currently lurking in the cyber landscape.

BlackCat ransomware aka ALPHV is a threat group that first steals data from the database and then encrypts it. It’s seen mostly targeting cloud databases and demands Bitcoins or Monero as ransom.

 

The post FBI issues ransomware alert to the agriculture sector in the United States appeared first on Cybersecurity Insiders.