Weekly
Apr 25 - 29, 2022
Onyx threat actors steal data from a network before encrypting devices. This data is then used in double-extortion schemes where they threaten to publicly release the data if a ransom is not paid. Researchers found that Onyx will overwrite files larger than 2MB with random junk data rather than encrypting them. As this is just randomly created data and not encrypted, there is no way to decrypt files larger than 2MB in size. Read more
On Friday, the ADA suffered a cyberattack that forced them to take affected systems offline, which disrupted various online services, telephones, email, and webchat. This outage is causing online services to be inaccessible, including the ADA Store, the ADA Catalog, MyADA, Meeting Registration, Dues pages, ADA CE Online, the ADA Credentialing Service, and the ADA Practice Transitions. The company has also resorted to using Gmail addresses while its email systems are offline. Black Basta, a new ransomware group, has claimed responsibility and has begun leaking the stolen information. The leak site claims to have leaked 2.8GBs of data, which the threat actors state is 30% of the stolen data in the attack. Read more
Researchers found that Lockbit ransomware uses PowerShell commands to download the signed VMware xfer logs command line utility along with a malicious .dll and a log file containing an encrypted Cobalt Strike reflective loader. The malicious DLL evades defenses by removing EDR/EPP’s userland hooks, and bypasses both Event Tracing for Windows (ETW) and Antimalware Scan Interface (AMSI). Read more
Cybersecurity experts found that the Quantum ransomware, a strain first discovered in August 2021, was being used to carry out speedy attacks that escalate quickly, leaving defenders little time to react. The threat actors are using the IcedID malware as one of their initial access vectors, which deploys Cobalt Strike for remote access and leads to data theft and encryption using Quantum Locker. IcedID is a modular banking trojan used for the past five years, primarily for second-stage payload deployment, loaders, and ransomware. Read more
High performance on-prem secondary site versus scalable, flexible, and portable virtual machine: which one should you choose to deploy your backups? Read more
All five campuses of the Kellogg Community College, or KCC, have suspended classes until further notice as the result of a ransomware attack. As part of an immediate incident response measure, KCC has forced password reset for all students, faculty, and staff members in addition to disconnecting all IT systems affecting campus emails, online classes, and resources. Read more
40TB Highly Scalable Video Surveillance Storage Server with Free Microsoft Server 2019 plus Air-Gap and object lockdown technology for $5,895.
8-bay 2U Rackmount Server Half Populated with (4x10TB) enterprise drives, 8 Core Xeon Storage Virtualization Engine, 32GB system memory, High-Performance Hardware RAID Controller, 600W Platinum Certified Power Supply.
Worried about Ransomware, viruses, Malware, and Hackers encrypting your videos, Try our Immutable Video Archive repository feature.
Highly Compatible with all major VMS like Avigilon, Genetec, OnSSi, Milestone. Lenel with optional StoneFly S3 cloud connect for video archiving. For more information, demos, and quotes, contact us.
Weekly
Apr 18 - 22, 2022
A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon. The threat actors perform network reconnaissance, steal admin account credentials, exfiltrate valuable data, ultimately deploying the file-encrypting payload. ProxyShell is a set of three vulnerabilities in the Microsoft Exchange Server that allow remote code execution without authentication on vulnerable deployments. Read more
FBI says Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide between November 2021 and March 2022. Black Cat’s ransomware executable, the first-ever malware written in RUST, is highly customizable and comes with support for multiple encryption methods and options that makes it easy to adapt attacks to a wide range of corporate environments. In a flash alert, the FBI has asked admins not to pay the ransom and report any Black Cat related activity to the local FBI office. Read more
On April 17th, Conti breached the computer systems of Costa Rican Finance Ministry stealing a terabyte of data containing tax payer information. The attack took out the department’s website and forced the government to implement workarounds. Conti later published 850GBs of the stolen data in response to the Costa Rican government’s refusal to pay the $10 million ransom.
A comprehensive guide that covers how cyberthreats gain access to your network and maliciously encrypt sensitive data and how to protect your digital assets from them. Read more
In a recent alert, the FBI warned that food and agriculture businesses could become a target of ransomware attacks at the sector's busiest times of the year. The warning describes why agricultural groups like co-ops are at a great risk, the impacts potential ransomware attacks could have on the country, and cites several instances in which different agriculture sector organizations across the country have been targeted by ransomware in both the planting and harvesting seasons. Read more
To help you plan your ransomware protection and recovery process, we’ve compiled a guide covering how to recover ransomware encrypted files, and how backup and disaster recovery (DR) mitigate ransomware risks. Read more
100TB SSO NAS Appliance with built-in Air-gapped storage repositories & Power management controller to protect against Ransomware & Malware with Free shipping for $7,995.
8-bay 2U Rackmount appliance with (7x14TB) 56TB enterprise SATA drives, High-Performance Hardware RAID Controller, 8 Core Storage Virtualization engine, 32GB system Memory, 600W Platinum Certified Power Supply.
With optional enterprise level data Services such as Snapshot, Tiering, Encryption, Sync & Async, Replication, CIFS/SMB and NFS support, Hot / Cool Blob, Erasure Coding & Cloud integration to S3 AWS/ Azur cloud.
1 Year Warranty, 9x5 Tech Support and Free shipping included. For more information, visit SSO NAS webpage. For demos and hardware/software features, contact us.
Weekly
Apr 11 - 15, 2022
Federal agents blocked a cyberattack launched against a submarine cable in Hawaii that provides phone and internet services to Pacific regions including Japan, Australia, and mainland US. Analysts say if the threat actors had been successful, damage such as a massive statewide blackout, data leaked from the servers or worse could have occurred. Read more
In a joint operation carried out by the Ukrainian CERT with security companies Microsoft and firm ESET, it was found that an ICS-capable malware and several regular disk wipers for Windows, Linux, and Solaris operating systems were used in an attack targeting the energy sector. According to ESET, the Sandworm group was responsible for the attack and used Industroyer2, CaddyWiper, ORCSHRED, SOLOSHRED and AWFULSHRED malware in an attempt to disrupt energy supply for multiple locations impacting two million civilians. CERT-UA says that the attack was averted and damage has been prevented thus far. Read more
Cybersecurity researchers found that Lockbit 2.0 and Conti were responsible for 58% of the ransomware attacks in Q1 2022 with Lockbit 2.0 accounting for 38%. According to the report, Lockbit 2.0 leaked data of over 200 victims during this first quarter – the most leaks thus far. Read more
Japanese tech giant Panasonic has confirmed its Canadian operations were hit by a cyberattack, less than six months after the company last fell victim to hackers. Conti claims to have stolen 2.8GBs of data from the Canadian branch. Cybersecurity researchers have found spreadsheets, documents, and internal files belonging to the HR and accounts departments being shared on Conti’s leak page. Read more
Nordex, one of the largest developers and manufacturers of wind turbines globally, was attacked by Conti ransomware forcing them to shutdown IT systems and remote access to the managed turbines earlier this month. While Conti has claimed responsibility, they have not begun leaking any information yet. The infamous ransomware group commonly gains access to a corporate network after a device becomes infected with the BazarLoader or TrickBot malware infections through a phishing attack. Read more
Cybersecurity experts recommend immutability as an essential component of a backup and DR solution to ensure effective data protection and mitigate ransomware risks. Read how to leverage immutability with Veeam’s enterprise backup, replication, and restore features using a turnkey appliance in this blog.
100TB SSO NAS Appliance with built-in Air-gapped storage repositories & Power management controller to protect against Ransomware & Malware with Free shipping for $7,995.
8-bay 2U Rackmount appliance with (7x14TB) 56TB enterprise SATA drives, High-Performance Hardware RAID Controller, 8 Core Storage Virtualization engine, 32GB system Memory, 600W Platinum Certified Power Supply.
With optional enterprise level data Services such as Snapshot, Tiering, Encryption, Sync & Async, Replication, CIFS/SMB and NFS support, Hot / Cool Blob, Erasure Coding & Cloud integration to S3 AWS/ Azur cloud.
1 Year Warranty, 9x5 Tech Support and Free shipping included. For more information, visit SSO NAS webpage. For demos and hardware/software features, contact us.
Weekly
Apr 4 - 8, 2022
VMware has revealed critical bugs that impact five of its products, including the Cloud Foundation bundle. CVE-2022-22954, 22955 and 22956 are the worst of the new bugs – all earning a 9.8/10 severity score on the CVSS scale. The bugs allow malicious actors to exploit network access to trigger server-side template injection and bypass OAuth2 ACS framework due to exposed endpoints. Read more
Investment platform Cash App, a subsidiary of U.S.-based payments company Block, says that it has suffered a data breach when a former employee downloaded reports containing Cash App U.S customer information. The SEC filing states that the stolen information includes “full name and brokerage account number (this is the unique identification number associated with a customer’s stock activity on Cash App Investing), and for some customers also included brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day”. Read more
For the past month, a hacking group known as NB65 has been breaching Russian entities, stealing their data, and leaking it online, warning that the attacks are due to Russia's invasion of Ukraine. The Russian entities claimed to have been attacked by the hacking group include document management operator Tensor, Russian space agency Roscosmos, and VGTRK, the state-owned Russian Television and Radio broadcaster. Read more
Security researchers have observed attackers exploiting the Spring4Shell Java-related flaw to install malware on target systems. While Spring4Shell isn't quite as dire as Log4Shell, most security firms, the US Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft are urging developers to patch it if they're using Java Development Kit (JDK) from version 9.0 and upwards if the system is also using Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions. Read more
Ransomware looks for and exploits vulnerabilities in your network, applications, and production to infiltrate and encrypt your critical data. Make sure your endpoints are protected from ransomware-based encryption with these 8 best practices. Read more
High street retailer The Works says it has been targeted in a cyber-attack - forcing it to shut some of its stores. The stationery and books retailer said the hack also resulted in new stock deliveries to its shops being temporarily suspended and longer delivery times for online orders. While the firm does not currently expect the incident to have a 'material adverse impact' on its financial position or forecasts. The company's shares have fallen 10 per cent at the market open. Read more
Air-Gapped & Immutable Veeam, Rubrik, Commvault, site recovery Backup and DR appliance
Whether it’s 100TB or 10PB – StoneFly infrastructure consumes ONLY 1000W Power. Less cost, low maintenance, and rack space, with little cooling needed. Purpose-built for Zero-trust. Green Petabyte is a Fully Air-Gapped and Immutable backup and DR appliance with SAN-NAS and S3 Object Lockdown Technology for Ransomware protection & Instant multi VM FastTrack recovery for Starting at $8900.
For more information, visit GPA 4.0 webpage, and for demos, hardware/software features contact us.