fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Week in Ransomware – July 9th 2021 – A Flawed Attack

The Week in Ransomware – July 9th 2021 – A Flawed Attack

This week’s news focuses on the aftermath of REvil’s ransomware attack on MSPs and customers using zero-day vulnerabilities in Kaseya VSA. The good news is that it has not been as disruptive as we initially feared.

As REvil performed their attack remotely, they never had access to the victims’ networks and thus could not delete backups or steal data.

With the lack of this leverage, victims are restoring from backups rather than paying the ransom.

Sadly, this attack was close to being prevented as Kaseya worked on patches for the zero-day vulnerabilities just as the attacks started.

Due to constant ransomware attacks on US interests, President Biden has once against warned President Putin that Russia needs to arrest the ransomware gangs operating from Russia or the US will take action instead.

Finally, a new ransomware payment tracking site called Ransomwhere was launched this week.

Contributors and those who provided new ransomware information and stories this week include: @VK_Intel@malwrhunterteam@serghei@struppigel@FourOctets@DanielGallagher@Ionut_Ilascu@fwosar@demonslay335@malwareforme@BleepinComputer@Seifreed@jorntvdw@LawrenceAbrams@PolarToffee@LabsSentinel@coveware@billseagull@Malwarebytes@_johnhammond@DIVDcsirt@0xDUDE@jackhcable, and @pcrisk.

July 4th 2021

Kaseya was fixing zero-day just as REvil ransomware sprung their attack

The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform a massive Friday attack.

REvil is increasing ransoms for Kaseya ransomware attack victims

The REvil ransomware gang is increasing the ransom demands for victims encrypted during Friday’s Kaseya ransomware attack.

Also Read: How to Choose a Penetration Testing Vendor

New AvosLocker RaaS

Toffee saw a new RaaS called AvosLocker being promoted on a hacker forum.  Appends the .avos extension to encrypted files and drops the GET_YOUR_FILES_BACK.txt ransom note.

July 5th 2021

REvil ransomware asks $70 million to decrypt all Kaseya attack victims

REvil ransomware has set a price for decrypting all systems locked during the Kaseya supply-chain attack. The gang wants $70 million in Bitcoin for the tool that allows all affected businesses to recover their files.

CISA, FBI share guidance for victims of Kaseya ransomware attack

CISA and the Federal Bureau of Investigation (FBI) have shared guidance for managed service providers (MSPs) and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya’s cloud-based MSP platform.

New STOP Djvu ransomware variants

PCrisk found new STOP ransomware variants that append the .zqqw and .pooe extensions.

July 6th 2021

US warns of action against ransomware gangs if Russia refuses

White House Press Secretary Jen Psaki says that the US will take action against cybercriminal groups from Russia if the Russian government refuses to do so.

Kaseya: Roughly 1,500 businesses hit by REvil ransomware attack

Kaseya says the REvil supply-chain ransomware attack breached the systems of roughly 60 of its direct customers using the company’s VSA on-premises product.

Ransomware statistics for 2021: Q2 report

The second quarter of 2021 marked the biggest ransomware attack on U.S. infrastructure to date. On May 7, The Colonial Pipeline Company, which operates the largest pipeline system for refined oil products in the United States, was infected with DarkSide ransomware. The attack resulted in a six-day shutdown that was only resolved when Colonial Pipeline paid the $4.4 million ransom – a decision that CEO Joseph Blount described as “the right thing to do for our country.”

July 7th 2021

Fake Kaseya VSA security update backdoors networks with Cobalt Strike

Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates.

New STOP Djvu ransomware variant

PCrisk found a new STOP ransomware variant that appends the .zzla extension.

July 8th 2021

Conti Unpacked | Understanding Ransomware Development As a Response to Detection

Not yet two years old and already in its seventh iteration, Ransomware as a Service variant Conti has proven to be an agile and adept malware threat, capable of both autonomous and guided operation and with unparalleled encryption speed. As of June 2021, Conti’s unique feature set has helped its affiliates extort several million dollars from over 400 organizations.

Morgan Stanley reports data breach after vendor Accellion hack

Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor.

‘Barely able to keep up’: America’s cyberwarriors are spread thin by attacks

Charles Carmakal has a problem: Ransomware has become so prolific that he has too much business.

REvil victims are refusing to pay after flawed Kaseya ransomware attack

The REvil ransomware gang’s attack on MSPs and their customers last week outwardly should have been successful, yet changes in their typical tactics and procedures have led to few ransom payments.

New Ransomwarewhere site launched

Jack Cable launched a ransom payment tracking site called Ransomwarewhere.

New ransomware hunt

Michael Gillespie is looking for a new ransomware that appends the extension .nohope and drops a ransom note named NOHOPE_README.txt.

Also Read: The 5 Phases of Penetration Testing You Should Know

July 9th 2021

Kaseya warns of phishing campaign pushing fake security updates

Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates.

Insurance giant CNA reports data breach after ransomware attack

CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March.

That’s it for this week! Hope everyone has a nice weekend!

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us