fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Week in Ransomware – March 12th 2021 – Encrypting Exchange Servers

The Week in Ransomware – March 12th 2021 – Encrypting Exchange Servers

For the past two weeks, the cybersecurity news has been dominated by stories about the Microsoft Exchange ProxyLogon vulnerabilities. One overriding concern has been when will ransomware actors use the vulnerabilities to compromise and encrypt mail servers.

Unfortunately, last night our fears became a reality after ID-Ransomware creator Michael Gillespie revealed that the new DearCry Ransomware targeted Microsoft Exchange servers. 

After BleepingComputer broke the 

DearCry ransomware story, Microsoft confirmed that the ransomware was being installed on servers compromised by the ProxyLogon exploits.

If you run a Microsoft Exchange server, you must take the OWA component offline or patch the server. In addition to applying patches, admins should also perform a complete offline backup of the server to prevent it from being encrypted if already compromised.

While the DearCry/Exchange news is big enough, there have also been other news this week.

At the beginning of the week, we broke the story that the REvil ransomware operation plans on DDoS victims and call their business partners to further pressure victim’s into paying.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

We also learned of new ransomware attacks against organizations, including Molson Coors and the Spanish government.

Contributors and those who provided new ransomware information and stories this week include @Ionut_Ilascu@serghei@malwareforme@VK_Intel@malwrhunterteam@BleepinComputer@PolarToffee@Seifreed@LawrenceAbrams@demonslay335@jorntvdw@fwosar@DanielGallagher@struppigel@FourOctets@AuCyble@MBThreatIntel@quickheal@pancak3lullz@phillip_misner@fbgwls245@johnnysaks130@JakubKroustek@kryptoslogic@2sec4u@MalwareTechBlog@3xp0rtblog, and @siri_urz.

March 6th 2021

Ransomware gang plans to call victim’s business partners about attacks

The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim’s business partners to generate ransom payments.

New Jessy Dharma ransomware variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .Jessy extension.

March 7th 2021

New ROG Dharma ransomware variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .ROG extension.

March 8th 2021

New Sarbloh ransomware supports Indian farmers’ protest

A new ransomware known as Sarbloh encrypts your files while at the same time delivering a message supporting the protests of Indian farmers.

Flagstar Bank hit by data breach exposing customer, employee data

US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January.

New Matrix ransomware variant

dnwls0719 found a new Matrix ransomware variant that appends the .JDPR extension and drops a ransom note named JDPR_README.rtf.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Healthcare Providers Were Warned of a Ransomware Surge Last Fall. Some Still Aren’t Sure How Serious the Threat Was

Late last October, when the U.S. government warned of an imminent ransomware threat to the country’s hospitals and healthcare providers, many in the industry had a similar reaction: they paused, took a deep breath, and braced for impact.

March 9th 2021

GandCrab ransomware affiliate arrested for phishing attacks

A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims.

New Bad Gopher ransomware

S!Ri found a new ransomware that appends the .gopher extension.

March 10th 2021

Ryuk ransomware hits 700 Spanish government labor agency offices

The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain.

New STOP ransomware variants

Michael Gillespie found new STOP Djvu ransomware variants that append the .reig and .tirp extensions to encrypted files.

DarkSide Ransomware 2.0 released

3xp0rt found a post on a Russian-speaking hacker forum where threat actors announced the new DarkSide 2.0 ransomware. This version allegedly includes faster encryption and features.

March 11th 2021

Molson Coors brewing operations disrupted by cyberattack

The Molson Coors Beverage Company has suffered a cyberattack that is causing significant disruption to business operations.

Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits

Threat actors are now installing a new ransomware called ‘DEARCRY’ after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities.

DearCry found to be targeting Exchange

Michael Gillespie was the first to disclose that a new DearCry ransomware was targeting exchange servers.

New Dharma ransomware variants

Jakub Kroustek found new Dharma Ransomware variants that append the .biden.eofyd, and .duk extensions.

March 12th 2021

New Dharma ransomware variants

Jakub Kroustek found new Dharma Ransomware variants that append the .LAO and .pirat extensions.

6,970 publicly exposed web shells on Exchange servers

Kryptos Logic reported that there 6,970 publicly exposed web shells on Exchange servers that were being targeted by threat actors.

That’s it for this week! Hope everyone has a nice weekend!

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us