fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Week in Ransomware – July 30th 2021 – €1 billion saved

The Week in Ransomware – July 30th 2021 – €1 billion saved

Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands.

This week marked the fifth anniversary of No More Ransomware, where they announced that they had saved €1 billion in ransom payments through the decryptors on their platform.

We also saw ransomware groups continue to innovate with LockBit 2.0 now using group policies to automate the deployment of their ransomware over a Windows domain.

Also Read: Vulnerability Assessment vs Penetration Testing: And Why You Need Both

I shared what I know about the inner conflict of the Babuk ransomware gang that led to the Admin starting a new RAMP cybercrime forum and the rest of the team launching Babuk version 2.0.

Finally, DoppelPaymber has rebranded as a new ransomware operation known as Grief, which began operating in May.

Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher@LawrenceAbrams@struppigel@BleepinComputer@malwrhunterteam@VK_Intel@serghei@jorntvdw@PolarToffee@fwosar@Seifreed@Ionut_Ilascu@demonslay335@malwareforme@FourOctets@ddd1ms, @zscaler@pcrisk@pushecx@fbgwls245@campuscodi@Glacius_, and @HuntressLabs.

July 25th 2021

New JCrypt ransomware variant

dnwls0719 found a new JCrypt variant called ‘FancyLocker’ that appends the .FancyLeaks extension to encrypted files.

July 26th 2021

No More Ransom saves almost €1 billion in ransomware payments in 5 years

The No More Ransom project celebrates its fifth anniversary today after helping over six million ransomware victims recover their files and saving them almost €1 billion in ransomware payments.

July 27th 2021

LockBit ransomware now encrypts Windows domains using group policies

A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies.

Some backstory about Babuk ransomware

I shared some of the backstory behind the split of Babuk ransomware after the attack on the Metropolitan Police Department.

Threat actors patch REvil ransomware

Revil ransomware continues to be active but this time in the form of patched executables.

July 28th 2021

New US security memorandum bolsters critical infrastructure cybersecurity

US President Joe Biden today issued a national security memorandum designed to help strengthen the security of critical infrastructure by setting baseline performance goals for critical infrastructure owners and operators.

Biden: Severe cyberattacks could escalate to ‘real shooting war’

President Joe Biden warned that cyberattacks leading to severe security breaches could lead to a “real shooting war” with another major world power.

Synack rebrands as El_Cometa

Catalin Cimpanu was told that the Synack ransomware has rebranded under the name El_Cometa.

New Russian-Speaking Forum – A New Place for RaaS?

A new Russian-speaking forum called RAMP was launched in July 2021 and received much attention from researchers and cybercrime actors. The forum emerged at the domain that previously hosted the Babuk ransomware data leak site and later the Payload.bin leak site. KELA researched the contents of the new site and assessed its chances to succeed.

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems?

Our worst fears were confirmed when Babuk announced on an underground forum that it was developing a cross-platform binary aimed at Linux/UNIX and ESXi or VMware systems. Many core backend systems in companies are running on these *nix operating systems or, in the case of virtualization, think about the ESXi hosting several servers or the virtual desktop environment.

Coalition’s cyberinsurance claims report is out

The cyber attack landscape evolved significantly in 2021 with the emergence of new ransomware variants, the increasing dangers of supply chain attacks, and the continued risks of staying secure while working remotely.

New STOP Ransomware variants

PCrisk found new STOP ransomware variants that append the .aeur and .guer extensions.

A Recap Of Events And Lessons Learned During The Kaseya Vsa Supply Chain Attack

Now that a decryption key is available and we seem to be on the downward slope of the rollercoaster, we have an opportunity to look back and capture some important lessons and learnings that can help this industry try to combat these threats more effectively.

July 29th 2021

DoppelPaymer ransomware gang rebrands as the Grief group

After a period of little to no activity, the DoppelPaymer ransomware operation has made a rebranding move, now going by the name Grief (a.k.a. Pay or Grief).

That’s it for this week! Hope everyone has a nice weekend!

Also Read: 4 Reasons to Outsource Penetration Testing Services

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us