fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

REvil Victims Are Refusing to Pay After Flawed Kaseya Ransomware Attack

REvil Victims Are Refusing to Pay After Flawed Kaseya Ransomware Attack

The REvil ransomware gang’s attack on MSPs and their customers last week outwardly should have been successful, yet changes in their typical tactics and procedures have led to few ransom payments.

When ransomware gangs conduct an attack, they usually breach a network and take time stealing data and deleting backups before ultimately encrypting the victim’s devices.

When a victim is shown proof of stolen data, backups are deleted, and their devices are encrypted, it creates a much stronger incentive for them to pay the ransom to restore their data and prevent the leak of data.

However, the REvil affiliate responsible for this attack chose to forgo standard tactics and procedures. Instead, they used a zero-day vulnerability in on-premise Kaseya’s VSA servers to perform a massive and widespread attack without actually accessing a victim’s network.

This tactic led to the most significant ransomware attack in history, with approximately 1,500 individual businesses encrypted in a single attack.

Yet, while BleepingComputer knows of two companies who paid a ransom to receive a decryptor, overall, this attack is likely not nearly as successful as the REvil gang would have expected.

The reason is simply that backups were not deleted and data was not stolen, thus providing the ransomware gang little leverage over the victims.

A victim paid a $220,000 ransom in Kaseya attack
A victim paid a $220,000 ransom in Kaseya attack

Also Read: The DNC Singapore: Looking at 2 Sides Better

Cybersecurity researchers familiar with the attacks and the targeted MSPs have told BleepingComputer that victims are lucky they were attacked this way as the threat actors did not have regular unfettered access to networks and were forced to use automated methods of deleting backups.

For example, Emsisoft CTO Fabian Wosar extracted the configuration for a REvil ransomware sample used in the attack, and it shows that the REvil affiliate made a rudimentary attempt of deleting files in folders containing the string ‘backup.’

Snippet of REvil ransomware configuration
Snippet of REvil ransomware configuration

However, this method does not appear to have been successful as an MSP and multiple victims encrypted during the attack told BleepingComputer that none of their backups were affected, and they chose to restore rather than paying a ransom.

Bill Siegel, CEO of ransomware negotiation firm Coveware, told BleepingComputer that this is a similar decision for many other victims of the attack as not one of their clients has had to pay a ransom.

“In the Kaseya attack, they opted to try and impact EVERY Kaseya client by targeting the software vs direct ingress to an MSP’s network. By going for such a broad impact they appear to have sacrificed the step of encrypting / wiping backups at the MSP control level,” Siegel told BleepingComputer.

“This may end up being a bit of a saving grace, even for MSPs that had poorly segmented backups for their clients.”

“While it is certainly impressive that Sodin was able to pull off this exploit, we have not seen the level of disruption that typically follows a single MSP attack where the backups are intentionally wiped or encrypted, and there is no other way to recover data without paying a ransom.”

“The disruption is still bad, but encrypted data that is unrecoverable from backups may end up being minimal. This will translate to minimal need to pay ransoms.  “

“Impacted MSPs are going to be stretched for a while as they restore their clients, but so far none of the clients we have triaged have needed to pay a ransom. I’m sure there are some victims out there that will need to, but this could have been a lot worse.”

Also Read: 4 Best Practices on How to Use SkillsFuture Credit

Those victims who do ultimately pay a ransom will likely only do so because they had poor backups to restore from.

We rarely get to write a positive story about ransomware, and while many companies have had a stressful and disruptive week, it does appear that the majority of victims should be able to get back up and running fairly quickly.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us