fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Week in Ransomware – January 28th 2022 – Get NAS Devices off the Internet

The Week in Ransomware – January 28th 2022 – Get NAS Devices off the Internet

It’s been a busy week with ransomware attacks tied to political protests, new attacks on NAS devices, amazing research released about tactics, REvil’s history, and more.

This week’s biggest news is about a new ransomware operation called DeadBolt encrypted QNAP devices worldwide, illustrating how threat actors can still earn a lot of money by targeting consumers and small businesses.

The attacks started on January 25th and have since encrypted over 4,300 QNAP NAS devices where they demand 0.03 bitcoins, worth approximately $1,100, for a decryption key.

Unfortunately, many victims have reported paying, leading this attack to be very successful for the threat actors.

Other attacks this week include a Conti attack on Apple and Tesla contractor Delta and an attack on Belarusian Railway in protest of Russia using Belarusian Railway’s rail transport network to move military units and equipment into the country.

Also Read: PDPA Breach Penalty Singapore: How Can Businesses Prevent

Other interesting stories this week are ransomware gangs calling people whose data was stolen, an increase in attempts to recruit insiders, the analysis of LockBit’s ESXI encryptor, and a fantastic report detailing the history of REvil.

Contributors and those who provided new ransomware information and stories this week include: @PolarToffee@Ionut_Ilascu@demonslay335@BleepinComputer@VK_Intel@malwareforme@struppigel@fwosar@FourOctets@billtoulas@Seifreed@malwrhunterteam@jorntvdw@DanielGallagher@LawrenceAbrams@serghei@kevincollier@Jon__DiMaggio@UseAnalyst1@fbgwls245@JakubKroustek@pcrisk@TrendMicro@Hitachi_ID@emsisoft@BushidoToken@SteveD3@SttyK@CuratedIntel, and @vinopaljiri.

January 22nd 2022

New Paradise ransomware variant

dnwls0719 found a new Paradise .NET variant that appends the .iskaluz extension to encrypted files.

January 24th 2022

Ransomware gangs increase efforts to enlist insiders for attacks

A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.

Also Read: Data Protection Authority GDPR: Everything You Need To Know

Hackers say they encrypted Belarusian Railway servers in protest

A group of hackers (known as Belarusian Cyber-Partisans) claim they breached and encrypted servers belonging to the Belarusian Railway, Belarus’s national state-owned railway company.

New STOP Ransomware variant

Jakub Kroustek found a new STOP ransomware variant that appends the .qqqw extension.

January 25th 2022

New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key

A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device’s software.

Ransomware hackers’ new tactic: Calling you directly

Wayne didn’t know his son’s school district had been hacked — its files stolen and computers locked up and held for ransom — until last fall when the hackers started emailing him directly with garbled threats.

Hacktivist group shares details related to Belarusian Railways hack

The Belarusian Cyber Partisans have shared documents related to another hack, and explained that Curated Intel member, SttyK, would “understand some of the methods used.”

New ransomware appends ‘exploit’

dnwls0719 found a new ransomware appending the .exploit extension to encrypted files.

Exploit ransomware

January 26th 2022

QNAP warns of new DeadBolt ransomware encrypting NAS devices

QNAP is warning customers again to secure their Internet-exposed Network Attached Storage (NAS) devices to defend against ongoing and widespread attacks targeting their data with the new DeadBolt ransomware strain.

Linux version of LockBit ransomware targets VMware ESXi servers

LockBit is the latest ransomware gang whose Linux encryptor has been discovered to be focusing on the encryption of VMware ESXi virtual machines.

New Babuk knockoff ransomware variant

dnwls0719 found a new Babuk knockoff appending the .king extension to encrypted files.

January 27th 2022

Taiwanese Apple and Tesla contractor hit by Conti ransomware

Delta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell, disclosed that it was the victim of a cyberattack discovered on Friday morning.

A history of REvil

In our previous research we investigated a ransom cartel, and then we conducted a study on ransomware gangs and their links to Russian intelligence organizations. Now, we are conducting a use case into one of the world’s most notorious ransomware gangs, REvil. This particular case is fascinating because the gang has existed for several years, conducted many high-profile attacks, inspired several spin-off gangs, and in the end, caused major turmoil among partnering hackers who supported them.

New MedusaLocker variant

dnwls0719 found a new MeduaLocker ransomware variant that appends the .farattack extension to encrypted files.

January 28th 2022

QNAP force-installs update after DeadBolt ransomware hits 3,600 devices

QNAP force-updated customer’s Network Attached Storage (NAS) devices with firmware containing the latest security updates to protect against the DeadBolt ransomware, which has already encrypted over 3,600 devices.

Emsisoft releases a decryption tool for DeadBolt

Emsisoft has released a decryption tool for DeadBolt, but users will still need to obtain a decryption key by paying the ransom.

New STOP ransomware variants

PCrisk found two new STOP ransomware variants that append the .qqqe or .yoqs extensions.

Thanos builder used to create new ransomware

Jirí Vinopal found a new ransomware that was created by the Thanos builder that appends the .NARUMI extension.

That’s it for this week! Hope everyone has a nice weekend!

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us