fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Week in Ransomware – November 20th 2020 – Don’t Mess With The Turkey

The Week in Ransomware – November 20th 2020 – Don’t Mess With The Turkey

This week we saw two massive attacks that had a signifcant impact on the food supply industry, as well as a demonstration of Egregor’s annoying ransom note print bombs.

Last weekend, Latin American retail giant Cencosud suffered an attack by the Egregor ransomware gang that caused technical difficulties at numerous retail stores, including supermarkets and grocery stores.  During this attack we also got a demonstration of Egregor’s annoying tactic of print bombing printers with ransom notes.

Cold storage warehouse operator Americold was also hit with a ransomware attack this weekend that caused significant food distribution problems for numerous supermarkets who utilize them in the USA.  One food distribution logistics operator who was having trouble picking up food deliveries told BleepingComputer that this attack came at the worst time as they gear up for Thanksgiving.

Finally, the TrickBot gang has started spamming out a new lightweight reconnaissance tool called LightBot to collect information about a victim’s network before potentially deploying ransomware. Just one more thing to keep an eye out for as we come to the weekend.

Contributors and those who provided new ransomware information and stories this week include: @demonslay335@malwareforme@malwrhunterteam@jorntvdw@struppigel@fwosar@serghei@PolarToffee@LawrenceAbrams@VK_Intel@Seifreed@FourOctets@BleepinComputer@DanielGallagher@Ionut_Ilascu@GroupIB_GIB@Intel471Inc@coveware@juanbrodersen@identidadrobada@Kangxiaopao@fbgwls245@TalosSecurity@0x4143@JakubKroustek@campuscodi@siri_urz, and the @FBI.

November 14th 2020

Retail giant Cencosud hit by Egregor Ransomware attack, stores impacted

Chilean-based multinational retail company Cencosud has suffered a cyberattack by the Egregor ransomware operation that impacts services at stores.

New STOP Djvu ransomware variant

Michael Gillespie found a new STOP Djvu ransomware variant that appends the .vvoa extension.

New HiddenTear variant

dnwls0719 found a new HiddenTear variant that appends the .ZqVIkE extension and drops a ransom note named @[email protected].

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

November 15th 2020

DarkSide ransomware’s Iranian hosting raises U.S. sanction concerns

Ransomware negotiation firm Coveware has placed the DarkSide operation on an internal restricted list after the threat actors announced plans to host infrastructure in Iran.

New VoidCrypt variant

xiaopao found a new variant of the VoidCrypt Ransomware that appends the .honor extension.

November 16th 2020

Capcom confirms data breach after gamers’ data stolen in cyberattack

Japanese game giant Capcom has announced a data breach after confirming that attackers stole sensitive customer and employee information during a recent ransomware attack.

Dozens of ransomware gangs partner with hackers to extort victims

Ransomware-as-a-service (RaaS) crews are actively looking for affiliates to split profits obtained in outsourced ransomware attacks targeting high profile public and private organizations.

Cold storage giant Americold hit by cyberattack, services impacted

Cold storage giant Americold is currently dealing with a cyberattack impacting their operations, including phone systems, email, inventory management, and order fulfillment.

New STOP Djvu ransomware variant

Michael Gillespie found a new STOP Djvu ransomware variant that appends the .epor extension.

New Flamingo Ransomware variant

Michael Gillespie spotted a new Flamingo Ransomware variant that appends the .LIZARD extension and drops a ransom note named #READ ME.TXT.

New MXX Ransomware hunt

Michael Gillespie spotted a new unidentified ransomware that appends the .MXX extension and drops a ransom note named How To Recover Your Files!!!!.txt.

New Phobos Ransomware variant

xXToffeeXx spotted a new Phobos ransomware variant that appends the .ELDAOLSA extension.

New Joker Ransomware

@0x4143 found the new Joker’s Ransomware that appends the .joker extension and drops a ransom note named POWER-JOKER-PASSWORD.txt.

New Dharma Ransomware variants

Jakub Kroustek found a bunch of Dharma Ransomware variants that append the .dex.sss.zimba, and .help extensions.

November 17th 2020

Nibiru ransomware variant decryptor

The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string “Nibiru” to compute the 32-byte key and 16-byte IV values. The decryptor program leverages this weakness to decrypt files encrypted by this variant.

New Matrix ransomware variant

xiaopao found a new Matrix Ransomware variant that appends the .TG33 extension.

New HiddenTear ransomware variant

xiaopao found a new HiddenTear ransomware variant that appends the .r2block extension.

New ZIN Dharma ransomware variant

xiaopao found a new Dharma Ransomware variant that appends the .ZIN extension.

New Pulpit Ransomware

Siri found a new ransomware that appends .pulpit extension.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

November 18th 2020

REvil ransomware hits Managed.com hosting provider, 500K ransom

Managed web hosting provider Managed.com has taken their servers and web hosting systems offline as they struggle to recover from a weekend REvil ransomware attack.

Egregor ransomware bombards victims’ printers with ransom notes

The Egregor ransomware uses a novel approach to get a victim’s attention after an attack – shoot ransom notes from all available printers.

New Lola Ransomware

MalwareHunterTeam found a new ransomware pretending to be a Blockchain Generator that appends the .lola extension and drops a ransom note named Please_Read.txt.

November 19th 2020

Mount Locker ransomware now targets your TurboTax tax returns

The Mount Locker ransomware operation is gearing up for the tax season by specifically targeting TurboTax returns for encryption.

New STOP Djvu ransomware variant

Michael Gillespie found a new STOP Djvu ransomware variant that appends the .sglh extension.

New REDROMAN Ransomware

MalwareHunterTeam found a new ransomware that appends the .REDROMAN and drops ransom notes names RR_README.htmlOPENTHIS.html, and README.html.

November 20th 2020

QBot partners with Egregor ransomware in bot-fueled attacks

The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September.

LightBot: TrickBot’s new reconnaissance malware for high-value targets

The notorious TrickBot has gang has released a new lightweight reconnaissance tool used to scope out an infected victim’s network for high-value targets.

FBI warns of increasing Ragnar Locker ransomware activity

The U.S. Federal Bureau of Investigation (FBI) Cyber Division has warned private industry partners of increased Ragnar Locker ransomware activity following a confirmed attack from April 2020.

New Ransomware hunt

Michael Gillespie spotted a new unidentified ransomware that appends the .esexz and drops a ransom note named readme.txt.

New SWP Dharma ransomware variant

xiaopao found a new Dharma Ransomware variant that appends the .SWP extension.

The malware that usually installs ransomware and you need to remove right away

This article focuses on the known malware strains that have been used over the past two years to install ransomware.

Sportfondsen Nederland swimming pool operator hit with ransomware

During the lock down of the past two weeks, we were hit by an IT failure caused by a computer virus (ransomware). As a result, we are difficult to reach and we have to deal with systems that do not work.

Ransomware with hidden message

MalwareHunterTeam found a ransomware with an interesting hidden message.

Hospital hit with custom ransomware

Michael Gillespie found that a hospital was hit with a custom ransomware.

New Dharma Ransomware variants

Jakub Kroustek found a bunch of Dharma Ransomware variants that append the .cvc extension.

That’s it for this week! Hope everyone has a nice weekend!

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us