Weekly Ransomware Roundup June 06 - 10, 2022

Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud.

Vice Society Ransomware Claims Attack on Italian City of Palermo

The Vice Society ransomware group has claimed responsibility for the recent ransomware-attack on the city of Palermo in Italy, which has caused a large-scale service outage. The cyberattack rendered internet-relying services unavailable, impacting 1.3 million people and many tourists visiting the city. Vice Society has claimed they were behind the attack on Palermo by posting an entry on their dark web data leak site, threatening to publish all stolen documents if a ransom is not paid. Read more

Iranian Hackers Target Energy Sector with DNS Backdoor

The Iranian Lycaeum APT hacking group, also known as Hexane or Spilrin, is using a new .NET-based DNS backdoor hijacking to conduct attacks on companies in the energy and telecommunication sectors. DNS hijacking is a redirection attack that relies on DNS query manipulation to take a user who attempts to visit a legitimate site to a malicious clone hosted on a server under the threat actor's control. Any information entered on the malicious website, such as account credentials is shared directly with the threat actor. Read more

Hello XD Ransomware Dropping Backdoor While Encrypting Data

Cybersecurity researchers have reported increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption. The malware's author has created a new encryptor that features custom packing for detection avoidance and encryption algorithm changes. The ransomware operators are also using an open-source backdoor named MicroBackdoor to navigate the compromised system, exfiltrate files, execute commands, and wipe traces. When executed, Hello XD attempts to disable shadow copies to prevent system recovery and then encrypts files, adding the .hello extension to file names. Read more

NAS Security: What to Expect and How to Secure your NAS

With cybercriminals continuously coming up with new ways to target your NAS, making sure that your file storage and sharing environment is safe is an ever-growing challenge for SMBs, SMEs, and large enterprises alike. What NAS security challenges should you expect in 2022? And how can you secure your NAS from these threats? Read more

Confluence Servers Hacked to Deploy AvosLocker Ransomware

Ransomware gangs are now targeting a recently patched remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances. By performing mass scans on various networks, AvosLocker threat actors search for vulnerable machines and deploy the ransomware. If successfully exploited, the OGNL injection vulnerability (CVE-2022-26134) enables unauthenticated attackers to take over unpatched servers remotely by creating new admin accounts and executing arbitrary code. Read more

Qbot Malware Uses Windows MSDT Zero-Day in Phishing Attacks

A critical Windows zero-day vulnerability, known as Follina is being exploited in ongoing phishing attacks to infect recipients with Qbot malware. The TA570 Qbot affiliate uses malicious Microsoft Office .docx documents to infect recipients with Qbot. The attackers use hijacked email thread messages with HTML attachments which will download ZIP archives containing IMG files. Inside the IMG, the targets will find DLL, Word, and shortcut files. While the shortcut file directly loads the Qbot DLL file already present in the IMG disk image, the blank .docx document will reach out to an external server to load an HTML file that exploits the Follina flaw to run PowerShell code which downloads and executes a different Qbot DLL payload. Read more

70TB - $7,995 Air-Gapped & Immutable Veeam, Rubrik, CommVault, site recovery Backup & DR appliance

70TB expandable up to 4PB Air-gaped & Immutable Veeam, Rubrik, CommVault, Site Recovery, Backup and DR appliance with Object Lockdown Technology for Ransomware protection for $7,995.

8-bay 2U Rackmount unit with 5x14TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and Native S3 cloud object storage.

All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are included.

For more information, demos, and quotes, contact StoneFly sales.?