Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Week in Ransomware – September 3rd 2021 – Targeting Exchange

The Week in Ransomware – September 3rd 2021 – Targeting Exchange

Over the past two weeks, it has been busy with ransomware news ranging from a gang shutting down and releasing a master decryption key to threat actors turning to Microsoft Exchange exploits to breach networks.

The biggest news is the Ragnarok ransomware operation shutting down and releasing a master decryptor on their site. Using the released keys, Emsisoft was able to create its own decryptor.

We have also seen ransomware gangs, such as LockFile and Conti, begin to use the recently disclosed Microsoft Exchange ProxyShell vulnerabilities.

The FBI and CISA have also been busy, releasing advisories warning of ransomware attacks over holiday weekendsgangs targeting food and agriculture organizationsinformation about the 1% group, and IOCs for the Hive Ransomware.

A threat actor released the complete source code for the Babuk Ransomware, allowing any wannabe threat actor to start their own ransomware operation. Unfortunately, this leak will lead to many threat actors worldwide creating their own Ransomware-as-a-Service.

Also Read: 5 ways on how to destroy documents securely to prevent data breach

Finally, leaked Conti training material and a Pysa data exfiltration script have given us insight into how ransomware gangs conduct their attacks and what data they are targeting.

Contributors and those who provided new ransomware information and stories this week include: @VK_Intel@fwosar@struppigel@malwrhunterteam@PolarToffee@Ionut_Ilascu,

The FBI and CISA have also been busy, releasing advisories warning of ransomware attacks over holiday weekendsgangs targeting food and agriculture organizationsinformation about the 1% group, and IOCs for the Hive Ransomware.

A threat actor released the complete source code for the Babuk Ransomware, allowing any wannabe threat actor to start their own ransomware operation. Unfortunately, this leak will lead to many threat actors worldwide creating their own Ransomware-as-a-Service.

Finally, leaked Conti training material and a Pysa data exfiltration script have given us insight into how ransomware gangs conduct their attacks and what data they are targeting.

Contributors and those who provided new ransomware information and stories this week include: @VK_Intel@fwosar@struppigel@malwrhunterteam@PolarToffee@Ionut_Ilascu@BleepinComputer@demonslay335@LawrenceAbrams@jorntvdw@FourOctets@DanielGallagher@Seifreed@serghei@malwareforme@vxunderground@AltShiftPrtScn@thepacketrat@TalosSecurity@GossiTheDog@pcrisk@fbgwls245@ddd1ms, and @darktracer_int.

August 21st 2021

Microsoft Exchange servers being hacked by new LockFile ransomware

A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.

August 23rd 2021

FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020

The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020.

Nokia subsidiary discloses data breach after Conti ransomware attack

SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems.

New STOP ransomware variant

PCRisk found a new STOP ransomware variant that appends the .orkf extension.

New Dharma ransomware variant

PCRisk found a new Dharma ransomware variant that appends the .dts extension.

August 24th 2021

Ransomware gang’s script shows exactly the files they’re after

A PowerShell script used by the Pysa ransomware operation gives us a sneak peek at the types of data they attempt to steal during a cyberattack.

New BlackKingdom ransomware variant

dnwls0719 found a BlackKingdom variant that appends the .svyx extension.

Black Kingdom

August 26th 2021

Ragnarok ransomware releases master decryptor after shutdown

Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware.

FBI shares technical details for Hive ransomware

The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks.

New Dharma ransomware variants

PCRisk found new Dharma ransomware variants that appends the .6ix9and .TCYO extensions.

New Phobos ransomware variant

PCRisk found a new Phobos ransomware variant that appends the .PERDAK extension.

Also Read: 6 Ways to Protect Your Business From Employee Data Theft

August 27th 2021

Boston Public Library discloses cyberattack, system-wide technical outage

The Boston Public Library (BPL) has disclosed today that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage.

New Dharma ransomware variant

PCRisk found a new Dharma ransomware variant that appends the .RZA extension.

New HQ_52_42 ransomware

dnwls0719 found a new ransomware called HQ_52_42 that appends the .HQ_52_42 extension.

HQ_52_42

August 28th 2021

New SanwaiWare 2021 ransomware

dnwls0719 found a new ransomware called SanwaiWare 2021 that appends the .sanwai extension.

SanwaiWare 2021

August 30th 2021

New STOP ransomware variant

PCRisk found a new STOP ransomware variant that appends the .lqqw extension.

New Loki Locker ransomware

dnwls0719 found a new ransomware called Loki Locker that appends the .Loki extension.

Loki Locker

August 31st 2021

FBI, CISA: Ransomware attack risk increases on holidays, weekends

The FBI and CISA urged organizations not to let down their defenses against ransomware attacks during weekends or holidays in a joint cybersecurity advisory issued earlier today.

September 1st 2021

LockBit gang leaks Bangkok Airways data, hits Accenture customers

Bangkok Airways, a major airline company in Thailand, confirmed it was the victim of a cyberattack earlier this month that compromised personal data of passengers.

BlackMatter x Babuk : Using the same web server for sharing leaked files

In this post, we mentioned the fact of BlackMatter and Babuk using the same web server for sharing the leaked files.

September 2nd 2021

Translated Conti ransomware playbook gives insight into attacks

Almost a month after a disgruntled Conti affiliate leaked the gang’s attack playbook, security researchers shared a translated variant that clarifies any misinterpretation caused by automated translation.

FBI warns of ransomware gangs targeting food, agriculture orgs

The FBI says ransomware gangs are actively targeting and disrupting the operations of organizations in the food and agriculture sector, causing financial loss and directly affecting the food supply chain.

September 3rd 2021

Conti ransomware now hacking Exchange servers with ProxyShell exploits

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits.

Babuk ransomware’s full source code leaked on hacker forum

A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum.

Babuk, BlackMatter, and Groove share the same data leak site

DarkTracer found that all three ransomware groups are utilizing the same Tor data leak site. They are not believed to be affiliated, other than possible being part of the same cartel.

Mount Locker, Astro Team, and XING Locker share same Tor site

DarkTracer found that Astro Team, Mount Locker, and XING Locker are sharing the same Tor network infrastructure. Astro Team and MountLocker are believed to be affiliated with each other.

Get ready for new ransomware variants based on Babuk

Dmitry Smilyanets noted that threat actors worldwide will likely launch their own ransomware operations based on the leaked Babuk ransomware source code.

New STOP ransomware variant

PCRisk found a new STOP ransomware variant that appends the .efdc extension.

That’s it for this week! Hope everyone has a nice weekend!

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us