Giacomo Lanzi
The most dangerous Ransomware in 2020
The ransomware (or cyber extortion) threat is on the rise. In 2020, there was a spike in the number of reported incidents and the number of hackers attempting to extort money from organizations. It is important that every organization does all it can to combat these criminals and being informed is a key element. In this article we see the most dangerous ransomware of 2020.
2020 is drawing to a close and perhaps it is not surprising, given the world situation, that there has been a significant spike in ransomware attacks, especially in the first quarter. In that period, according to some sources, it peaked at 25% compared to the previous quarter.
The most dangerous ransomware
Maze
According to an FBI consultant for the private sector, “Unknown cyber actors have targeted several US and international companies with the Maze ransomware since early 2019. Maze encrypts data on an infected computer’s file system and its shares of network file. Once the victim has been compromised, but before the encryption event, the actors extract the data. “
“After the encryption event, the cybercriminals demand a specific ransom for the victim paid in Bitcoin (BTC) to obtain the decryption key. An international Maze campaign targeted the healthcare sector while its deployment in the United States it was more varied “.
The FBI first observed Maze ransomware activity against US victims in November 2019. Since its initial observation, Maze has used several methods for intrusion, including creating cryptocurrency-looking sites. malicious and malspam campaigns impersonating government agencies and well-known security providers. It is certainly among the most dangerous and insidious ransomware and has done a lot of damage in the last year.
REvil ransomware
You may have heard of REvil Ransomware due to a recent breach by media and entertainment lawyers Grubman Shire Meiselas & Sacks. They confirmed the news that their studio was the victim of a ransomware attack. The attack took place in early 2020.
Several prominent celebrities, clients of the law firm, have potentially suffered a data leak. Madonna’s tour contract has allegedly been leaked.
The attackers doubled the ransom note to $42 million and threatened to release malicious information about President Trump.
SNAKE (EKANS) Ransomware
Ekans Ransomware is a variant of the malware that infects industrial control systems to interrupt operations until a ransom is paid. Security analysts say Ekans is a spin-off of Snake Ransomware and that it has so far infected factories related to the automotive and electronics sectors, particularly Honda.
Hackers reportedly targeted Honda servers with a variant of file encryption malware called Ekans, forcing company authorities to send manufacturing unit workers home when automated devices were installed they have become inoperative.
While Honda has never admitted that its servers were down due to a cyber attack, it has admitted that its IT infrastructure was down for some reason.
This ransomware is particularly dangerous for companies that may have to stop production due to the attack.
Trickbot Ransomware – the danger in a petition
A phishing email campaign asking you to vote anonymously on the Black Lives Matter campaign is spreading information-stealing TrickBot malware. Born as a banking Trojan, the TrickBot has evolved to perform a variety of malicious behaviors.
This behavior includes side spreading across a network, theft of credentials saved in browsers, theft of Active Directory Services databases, theft of OpenSSH cookies and keys, theft of RDP, VNC and PuTTY Credentials, and more. TrickBot also works with ransomware operators, such as Ryuk, to give access to a compromised network to distribute the ransomware.
Mailto (known as Netwalker Ransomware)
NetWalker hit the scene in mid-2009. Similar to other well-supported ransomware families, operators target global high-value entities. The group’s objectives span several industries and also encompass the education, medical and government sectors.
NetWalker collects data from its targets and is used by operators as leverage through threats to publish or release data in case the victim fails to meet their demands. To date, the stolen data belonging to twelve different NetWalker victims has been publicly disclosed. The attackers behind NetWalker campaigns are known to use common utilities, post-exploitation toolkits, and Living-off-the-Land (LOTL) tactics to explore a compromised environment and steal as much data as possible. These tools can include mimikatz (and their variants), various PSTools, AnyDesk, TeamViewer, NLBrute, and more.
In recent months, NetWalker has seen the transition to a RaaS (Ransomware as a Service) delivery model, which will potentially open the platform to a growing number of enterprising criminals. More recently, we have seen NetWalker spam campaigns using COVID-19-related bait to lure victims into initiating the infection.
Conclusions
Ransomware are particularly subtle and dangerous attacks, which not only aim to collect data, but leverage the dynamics of a ransom.
SOD, through the Acronis Cyber Protect Cloud service, can defend data from this type of attack. Protection takes place by analyzing user behavior and identifying suspicious transactions. The intervention in case of attack is immediate and allows to recover, in most cases, the attacked data.
Thanks to a backup system, blocking the data encryption action and behavior analysis, Acronis Cyber Protect is an excellent service against the most dangerous ransomware attacks, capable of detecting suspicious behaviors before they become really dangerous for data.
Useful links:
Share
RSS
More Articles…
- What is it for? Hadoop Security Data Lake (SDL)
- Secure Online Desktop achieves ISO 27001: the security certification for managed services
- SOCaaS and Active Defense Deception Webinar – Guide to the next cybersecurity online event
- Auditing IT della sicurezza: guida completa all’analisi proattiva di vulnerabilità e conformità
- CIS Controls and Vulnerability Assessment: practical guide to adopting best practices
- Kerberoasting: a threat to cybersecurity and how to mitigate it with Security Posture analysis
- Protect Your Business: Antivirus vs. SOC Service with EDR and Next Generation Antivirus (NGA)
- CSIRT and SOC: Differences between incident management and security monitoring
Categories …
- Backup as a Service (17)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- ICT Monitoring (5)
- Log Management (2)
- News (23)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (191)
- Cyber Threat Intelligence (CTI) (7)
- Deception (4)
- Ethical Phishing (9)
- Netwrix Auditor (1)
- Penetration Test (8)
- Posture Guard (1)
- SOCaaS (63)
- Vulnerabilities (84)
- Web Hosting (15)
Tags
darkreading
- Cloudbrink Presents Firewall-As-Service for the Hybrid Workplace December 6, 2023
- DTEX Systems Appoints Mandiant Global CTO Marshall Heilman As CEO December 6, 2023
- Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps December 6, 2023Four RCE vulnerabilities in Confluence, Jira, and other platforms, allow instance takeover and environment infestation.
- Microsoft Is Getting a New 'Outsider' CISO December 6, 2023Igor Tsyganskiy inherits the high-profile CISO spot in Redmond, while his predecessor, Bret Arsenault, is named chief security adviser.
- CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw December 6, 2023Adobe patched CVE-2023-26360 in March amid active exploit activity targeting the flaw.
- US Navy Ship Builder Says No Classified Info Leaked in Cyberattack December 6, 2023Austul USA, a military contractor, alerts law enforcement it quickly mitigated a recent cyberattack on its systems and that an investigation is ongoing.
- Vulns in Android WebView, Password Managers Can Leak User Credentials December 6, 2023Black Hat researchers show top password managers on Android mobiles are prone to leak passwords when using WebView autofill function.
- Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover December 6, 2023Various devices remain vulnerable to the bug, which has existed without notice for years and allows an attacker to control devices as if from a Bluetooth keyboard.
- Cracking Weak Cryptography Before Quantum Computing Does December 6, 2023Worries over crypto's defenselessness against quantum computing has inspired a project that automates the discovery of insecure cryptographic algorithms in open source software.
- UK Cyber CTO: Vendors' Security Failings Are Rampant December 6, 2023The NCSC's Ollie Whitehouse criticizes security vendors for actively working against organizations in their fight against breaches and ransomware.
Full Disclosure
- SEC Consult SA-20231123 :: Uninstall Key Caching in Fortra Digital Guardian Agent Uninstaller November 27, 2023Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 27SEC Consult Vulnerability Lab Security Advisory < 20231123-0 > ======================================================================= title: Uninstall Key Caching product: Fortra Digital Guardian Agent Uninstaller (Data Loss Prevention) vulnerable version: Agent:
- SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro November 27, 2023Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 27SEC Consult Vulnerability Lab Security Advisory < 20231122-0 > ======================================================================= title: Multiple Vulnerabilities product: m-privacy TightGate-Pro vulnerable version: Rolling Release, servers with the following package versions are vulnerable: tightgatevnc < 4.1.2~1 rsbac-policy-tgpro
- Senec Inverters Home V1, V2, V3 Home & Hybrid Use of Hard-coded Credentials - CVE-2023-39169 November 27, 2023Posted by Phos4Me via Fulldisclosure on Nov 27Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
- [SYSS-2023-019] SmartNode SN200 - Unauthenticated OS Command Injection November 27, 2023Posted by Maurizio Ruchay via Fulldisclosure on Nov 27Advisory ID: SYSS-2023-019 Product: SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway Manufacturer: Patton LLC Affected Version(s):
- CVE-2023-46307 November 27, 2023Posted by Kevin on Nov 27running on the remote port specified during setup
- CVE-2023-46307 November 27, 2023Posted by Kevin on Nov 27While conducting a penetration test for a client, they were running an application called etc-browser which is a public GitHub project with a Docker container. While fuzzing the web server spun up with etcd-browser (which can run on any arbitrary port), the application had a Directory Traversal vulnerability that is […]
- Survey on usage of security advisories November 27, 2023Posted by Aurich, Janik on Nov 27Dear list members, we are looking for voluntary participants for our survey, which was developed in the context of a master thesis at the University of Erlangen-Nuremberg. The goal of the survey is to determine potential difficulties that may occur when dealing with security advisories. The focus of the […]
- [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3) November 27, 2023Posted by Chizuru Toyama on Nov 27[+] CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 [+] Title : Multiple vulnerabilities in Loytec L-INX Automation Servers [+] Vendor : LOYTEC electronics GmbH [+] Affected Product(s) : LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 [+] Affected Components : L-INX Automation Servers [+] Discovery Date :...
- [CVE-2023-46383, CVE-2023-46384, CVE-2023-46385] Multiple vulnerabilities in Loytec products (2) November 27, 2023Posted by Chizuru Toyama on Nov 27[+] CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385 [+] Title : Multiple vulnerabilities in Loytec LINX Configurator [+] Vendor : LOYTEC electronics GmbH [+] Affected Product(s) : LINX Configurator 7.4.10 [+] Affected Components : LINX Configurator [+] Discovery Date : 01-Sep-2021 [+] Publication date : 03-Nov-2023 [+]...
- Senec Inverters Home V1, V2, V3 Home & Hybrid Exposure of the Username to an Unauthorized Actor - CVE-2023-39168 November 12, 2023Posted by Phos4Me via Fulldisclosure on Nov 12Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
-
SecureOnlineDesktop
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF
Newsletter
{subscription_form_1}Products and Solutions
Partners
Cloud Models
News
- What is it for? Hadoop Security Data Lake (SDL) October 25, 2023
- Secure Online Desktop achieves ISO 27001: the security certification for managed services October 23, 2023
- SOCaaS and Active Defense Deception Webinar – Guide to the next cybersecurity online event October 16, 2023
- Auditing IT della sicurezza: guida completa all’analisi proattiva di vulnerabilità e conformità October 9, 2023
- CIS Controls and Vulnerability Assessment: practical guide to adopting best practices September 25, 2023
Google Reviews
About
© 2023 Secure Online Desktop s.r.l. All Rights Reserved. Registered Office: via dell'Annunciata 27 – 20121 Milan (MI), Operational Office: via statuto 3 - 42121 Reggio Emilia (RE) – PEC [email protected] Tax code and VAT number 07485920966 – R.E.A. MI-1962358 Privacy Policy - ISO Certifications