The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations today that attackers deploying Zeppelin ransomware might encrypt their files multiple times. The two federal agencies also shared tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help security professionals detect and block attacks using this ransomware strain. “The FBI has observed instances where Zeppelin actors executed their malware multiple times within a victim’s network, resulting in the creation of different IDs or file extensions, for each instance of an attack; this results in the victim needing several unique decryption keys,” a joint advisory published today revealed. Detected by the FBI...
Continue reading
In recent attacks, the AvosLocker ransomware gang has started focusing on disabling endpoint security solutions that stand in their way by rebooting compromised systems into Windows Safe Mode. This tactic makes it easier to encrypt victims’ files since most security solutions will be automatically disabled after Windows devices boot in Safe Mode. And their new approach appears to be quite effective since the number of attacks attributed to the particular group is rising. Encrypting in ‘Safe Mode’ AvosLocker operators leverage PDQ Deploy, a legitimate deployment tool for automating patch management, to drop several Windows batch scripts onto the target machine, which helps them to lay the ground for the attack,...
Continue reading
Ransomware is an increasingly prevalent issue, with hackers using the latest software vulnerabilities to take over PCs, encrypt your data and demand payment for releasing it. Windows 10 comes with built-in protection against ransomware, based on Windows Defender. The feature, which can be found in the Windows Security app, uses Controlled Folder Access to prevent untrusted apps from modifying your files. By default, the following folders are protected, but you can easily add more. c:Users<username>Documents c:UsersPublicDocuments c:Users<username>Pictures c:UsersPublicPictures c:UsersPublicVideos c:Users<username>Videos c:Users<username>Music c:UsersPublicMusic c:Users<username>Favorites See Microsoft’s short video on enabling the feature below: https://mspoweruser.com/wp-content/uploads/2021/07/ransomware-protection-windows-10.mp4 Original Article
Continue reading
Illustration by Alex Castro / The Verge Just in time to ruin the holiday weekend, ransomware attackers have apparently used Kaseya — a software platform designed to help manage IT services remotely — to deliver their payload. Sophos director and ethical hacker Mark Loman tweeted about the attack on Friday, and reported that affected systems will demand $44,999 to be unlocked. A note on Kaseya’s website implores customers to shut off their VSA servers for now “because one of the first things the attacker does is shutoff administrative access to the VSA.” On Saturday, Kaseya issued another update, saying that it had been advised by its outside experts that “customers...
Continue reading
A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility. Hitting vulnerable Microsoft Exchange server Incident responders at cybersecurity company Sophos discovered the new Epsilon Red ransomware over the past week while investigating an attack at a fairly large U.S. company in the hospitality sector. The researchers found that the threat actor breached the enterprise network by exploiting unpatched vulnerabilities in on-premise Microsoft Exchange server. Andrew Brandt, principal researcher at Sophos, says in a...
Continue reading
Attackers are using a new strain of ransomware to target unpatched Exchange servers. What you need to know A strain of ransomware called DearCry is being used to target unpatched Exchange servers. Microsoft has released patches for Exchange servers, but some organizations have not patched systems yet. Check Point Research reports that exploitation attempts doubled every 2-3 hours over a recent 24-hour period. While Microsoft has rolled out emergency patches to address vulnerabilities on its Exchange server software, many systems remain unpatched. Attackers are now increasingly going after unpatched systems. A strain of ransomware called DearCry is being utilized by attackers to target unpatched on-premises Exchange servers (via ZDNet). Microsoft...
Continue reading
The original Hafnium server hacks were likely espionage-motivated, but now the predicted second wave driven clearly by criminal intent has started. Microsoft has confirmed hackers are attacking unpatched Exchange servers and installing the Dearcry ransomware on some occasions. The Dearcry ransomware then attempts to prevent Windows Update from running and installing a fix for the vulnerability. The next step is encrypting your files and then delivering a ransom note on your desktop. While Microsoft has released a patch more than 10 days ago, Palo Alto Networks noted that 80,000 older servers are still unpatched. “I’ve never seen security patch rates this high for any system, much less one as widely...
Continue reading
Despite the initial release bugs and compatibility issues, Cyberpunk 2077 lived up to its hype. At the time of writing this article, the Polish gaming studio CD Projekt SA has sold over 13 million copies of the game. Sadly, someone took advantage of the Cyberpunk 2077 hype train and developed a fake mobile version of the game. In this article, we have shared everything that you need to know about the mobile version of Cyberpunk 2077. Cyberpunk 2077 Mobile: Beware Presently, Cyberpunk 2077 is only available for Google Stadia, Xbox One, PlayStation 5, Xbox Series X and Series S, and Microsoft Windows. Taking into consideration the present generation of mobile...
Continue reading
Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. Sangoma is a voice over IP hardware and software provider known for the popular open-source FreePBX PBX phone system that allows organizations to create cheap corporate phone system on their network. Yesterday, the Conti ransomware gang published over 26 GB of data on their ransomware data leak site that was stolen from Sangoma during the recent cyberattack. This leaked data includes files related to the company’s accounting, financials, acquisitions, employee benefits and salary, and legal documents. Sangoma data leak Today, Sangoma confirmed that the ransomware attack resulted in a data breach after...
Continue reading
2020 has seen cybercriminals step up their efforts to exploit the surge of people working from home, as well as seeking to exploit news and information about the pandemic. This is a notoriously difficult area to predict, but what do experts think we’ll see happening in 2021? Liviu Arsene, global cybersecurity researcher at Bitdefender expects to see more attacks on firmware, “As competition in the cybercrime world tightens, malware operators will increasingly focus on burying their creations deeper into compromised systems. Attacks against firmware, previously thought of as extremely complex and difficult to achieve, will likely become mainstream in 2021. Abuse of tools like RwEverything might lead to a significant...
Continue reading
