Tuesday, November 9th, 2021
Industry Updates & Security News
Check out some of the latest industry updates and cyber-attack news from around the world below. From ransomware attacks to other sophisticated cyber threats resulting in massive data breaches.
Industry Updates
Suspected REvil ransomware affiliates arrested during the ongoing crackdown on ransomware
On November 4th. Romanian law enforcement authorities arrested two suspects believed to be Sodinokibi/REvil ransomware affiliates accused of launching 5,000 ransomware attacks. On the same day, Kuwaiti authorities also arrested a GandGrab ransomware affiliate.
The arrests mark a total of 7 seven suspects arrested since February 2021 that have been linked to REvil and GandGrab – including three individuals believed to be REvil affiliates were apprehended in South Korea in February, April, and October and one was arrested in Europe last month.
The arrests are part of Operation GoldDust involves 17 countries, including the US to combat ransomware gangs.
Industry Updates
About REvil
REvil (also known as Sodinokibi) is one of the most prolific RaaS operations out there. In August 2021, REvil made cybercrime history as they made the largest ransom demand of all-time. They demanded $70 million to decrypt the 1,000-plus victims in the Kaseya ransomware attack. REvil have been responsible for an attack on JBS, the world’s largest meatpacker, which fetched a ransom of $11 million. In April, REvil stole and published blueprints from Apple supplier Quanta Computer. That attack reportedly claimed a $50 million ransom.
U.S. offers $10 million reward for leaders of REvil/Darkside ransomware
In addition to operation GoldDust, the U.S. announced that it will be offering up to $10 million for identifying or locating leaders in the REvil (Sodinokibi) ransomware operation, including $5 million leading to the arrest of affiliates. This bounty is being offered as part of the Department of State’s Transnational Organized Crime Rewards Program (TOCRP), which rewards informants for information that leads to the arrest or conviction of individuals in transnational organized crime groups.
Robinhood Security Breach Exposes Data on Millions of Users
On Monday, 9th November, Robinhood Markets Inc. announced a breach exposing the personal information of 7 millions of its users. Most of the accounts had only one piece of personal information exposed. Either the user’s name or their email address. In over 300 of these cases, more sensitive data such as date of birth and zip code was uncovered, as well as the user’s full name.
No social security, bank account or debit card numbers are believed to have been compromised. The main threat from this breach is that the exposed information could be used to facilitate further attacks.
MediaMarkt hit by Hive ransomware, initial $240 million ransom
Europe’s largest consumer electronics retailer, MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany.
The company employs approximately 53,000 employees and has a total sales of €20.8 billion. The attack occurred on Sunday evening and ran into Monday morning, encrypting the servers and workstations and led to the shutdown of IT systems to prevent the attack’s spread. While online sales continue to function as expected, cash registers cannot accept credit cards or print receipts at affected stores.
Hive is believed behind the attack with a huge ransom of $240 million to receive a decryptor for files.
This size of a ransom is typical to allow room for negotiation.
About Hive
Hive is a new & potentially devastating type of ransomware. Hive ransomware is a relatively new operation launched in June 2021. It is known to breach organizations through malware-laced phishing campaigns. Once they gain access to a network, the threat actors will spread laterally through a network while stealing unencrypted files to be used in extortion demands. They are known to steal files and publish them on their ‘HiveLeaks’ data leak site if a ransom is not paid.
A cyber attack on a compan can be costly to fix and can be hugely disruptive to business. On top of this, if customers’ important details are stolen, the business could risk having its reputation severely damaged.
Hackers are adapting to their environment, creating tools and workarounds that both exploit existing vulnerabilities and leverage new weaknesses to compromise personal and business networks. Cybercrime isn’t going anywhere so you must be prepared.
FBI: HelloKitty ransomware adds DDoS attacks to extortion tactics
The FBI has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang also known as FiveHands has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics.
In a Friday notification coordinated with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI said that the ransomware group would take their victims’ official websites down in DDoS attacks if they didn’t comply with the ransom demands.
HelloKitty is also known for stealing sensitive documents from victims’ compromised servers before encrypting them. The exfiltrated files are later used as leverage to pressure the victims into paying the ransom under the threat of leaking the stolen data online on a data leak site.
When it comes to ransomware, prevention is key! Here are some tips from our experts based on industry updates:
Secure and monitor your endpoints
Invest in EDR solutions that continually monitor network endpoints like PCs, laptops and servers to identify and block malicious processes. Deploy a SIEM solution with 24/7 monitoring (SOC). By having a SOC in place, you have much better chances to detect ransomware within your environment compared to traditional tools, as it provides a holistic network overview and automated analysis of security events based on professionally configured parameters.
Regular data backups
The 3-2-1 rule is best practice for backup and recovery. It means having at least 3 copies of your data, utilise 2 different media formats and one offsite. Moreover, verify that you know how to restore files from the backup in the event of an incident, and regularly test that it is working as expected.
Prepare for an incident
Identify your critical assets and determine the impact to these if they were affected by a malware attack. Plan for an attack, even if you think it is unlikely. There are many organisations impacted by collateral malware, even though they were not the intended target. Most importantly, exercise your incident management plan.
Regular Penetration Testing
Ransomware attacks feed on the weaker nodes and vulnerable sections of the network. The best way to prevent a ransomware attack or any cyberattack for that matter is to completely eliminate these vulnerabilities. Conduct a ransomware readiness exercise.
User Awareness
Regular security awareness training is an indispensable precondition for avoiding big troubles. Before each strain of ransomware has the opportunity to gain a foothold on a targeted system, it first has to find its way in. That happens through social engineering, most likely through phishing emails that carry attachments loaded with hidden malware or phishing emails that prompt recipients to click on malicious URLs that will eventually install a piece of malware in a surreptitious manner.
Patching
Patching is a critical component in defending against ransomware attacks as cyber-criminals will often look for the latest uncovered exploits in the patches made available and then target systems that are not yet patched. It is critical that organisations ensure that all systems have the latest patches applied to them as this reduces the number of potential vulnerabilities within the business for an attacker to exploit.
Sources – Smarttech247 Industry Updates
Contact Us
The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.