ransomware – Cybersecurity Today

Compromised Exchange Servers Sending Emails to Infect Computers with IcedID Malware

IcedID Info-Stealing Malware Continues to Spread

Compromised Microsoft Exchange servers are sending out emails that appear to be a part of an email chain’s conversation to lure the un-suspecting user into opening an attached password protected archive or .zip file, along with the included password on open the file, resulting in infecting the user’s computer. From this point IcedID phones home with command-and-control techniques and then it can be utilized for a number of different ways to continue to exploit the infected computer. Due to the age of IcedID malware there is quite a bit of researched patterns and information of how it infects a computer.

More details:

The Register – https://www.theregister.com/2022/03/29/icedid_microsoft_exchange_phishing/

The Hacker News – https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html

BleepingComputer – https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/

Ransomware Gangs and Hackers Voice Their Chosen Side Between Russia and Ukraine

Events like these truly show how much war has evolved in the cyber realm.

BleepingComputer – “Ransomware gangs, hackers pick sides over Russia invading Ukraine”: https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/

49ers Dealing With Blackbyte Ransomware Cyber Attack

The San Francisco 49ers are dealing with a cyber attack from the ransomware as a service operation Blackbyte.

For more detail: https://www.bleepingcomputer.com/news/security/nfls-san-francisco-49ers-hit-by-blackbyte-ransomware-attack/

BazaCall Campaigns

“BazaCall: Phony call centers lead to exfiltration and ransomware” via Eric Avena | Microsoft Security Blog

“Our continued investigation into BazaCall campaigns, those that use fraudulent call centers that trick unsuspecting users into downloading the BazaLoader malware, shows that this threat is more dangerous than what’s been discussed publicly in other security blogs and covered by the media. Apart from having backdoor capabilities, the BazaLoader payload from these campaigns also gives a remote attacker hands-on-keyboard control on an affected user’s device, which allows for a fast network compromise. In our observation, attacks emanating from the BazaCall threat could move quickly within a network, conduct extensive data exfiltration and credential theft, and distribute ransomware within 48 hours of the initial compromise.”

More detail: https://www.microsoft.com/security/blog/2021/07/29/bazacall-phony-call-centers-lead-to-exfiltration-and-ransomware/

Now HelloKitty Ransomware targets VMWare Servers

“Linux version of HelloKitty ransomware targets VMware ESXi servers” via Lawrence Abrams | Bleeping Computer

“The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware’s ESXi virtual machine platform for maximum damage.

As the enterprise increasingly moves to virtual machines for easier backup and resource management, ransomware gangs are evolving their tactics to create Linux encryptors that target”…

More detail: https://www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/

How to enable Ransomware protection in Windows 10

Ransomware is an increasingly prevalent issue, with hackers using the latest software vulnerabilities to take over PCs, encrypt your data and demand …
How to enable Ransomware protection in Windows 10

Great Ransomware Defense Guide to Start with.

“Ransomware Defense: Top 5 Things to Do Right Now” via Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.
— Read on threatpost.com/ransomware-defense-top-5-tips/167536/

Ransomware attack hikes the price on decryption

“REvil is increasing ransoms for Kaseya ransomware attack victims” via Lawrence Abrams

“The REvil ransomware gang is increasing the ransom demands for victims encrypted during Friday’s Kaseya ransomware attack.

When conducting an attack against a business, ransomware gangs, such as REvil, typically research a victim by analyzing stolen and public data for financial information, cybersecurity insurance policies, and other information.

Using this information, the number of encrypted devices, and the amount of stolen data, the threat actors will come up with a high-ball ransom demand that they believe, after negotiations, the victim can afford to pay.”

More detail here: https://www.bleepingcomputer.com/news/security/revil-is-increasing-ransoms-for-kaseya-ransomware-attack-victims/