Tag Archives: Ransomware

Posted on Author Atlantic Computer Services Categories Blog

Even Computer Hardware Manufacturers Can Get Hit By Ransomware

Retailers, hospitals and financial institutions tend to be the targets of choice for the hackers of the world. Of course they’re not the only targets. The simple truth is that any company can find itself in the cross hairs of a hacker.

The most recent victim is Taiwanese motherboard manufacturer Gigabyte. In addition to shutting down manufacturing operations in Taiwan the attack also took a number of the company’s web-based systems. They include its online support and the Taiwanese website itself.

The investigation into the matter is ongoing. The early indications are that the company fell victim to the RansomEXX strain of ransomware. In addition to locking files on a number of Gigabyte’s network devices the hackers made off with some 112 GB of data. The hackers have published portions of this data on their own website on the Dark Web as proof that they were indeed behind the attack.

The Ransom EXX strain has an interesting history. It began life in 2018 as a strain called Defray. For the first couple of years of its life it gained little traction among the hackers of the world. It wasn’t used in many high profile attacks.

It seemed to go dormant and re-emerged in 2020 as RansomEXX with a raft of new capabilities. It is not clear whether it was abandoned and picked up by a new hacker group or the original Defray authors used their initial experiments to refine the code. In its current form RansomEXX is a dangerous threat indeed and is capable of infecting both Windows- and Linux-based systems

The group controlling the malware has used it to attack a number of high profile targets in recent weeks, including:

  • The Texas state Department of Transportation
  • The Brazilian Government
  • IPG PhotonicsAnd more.Be on your guard against this one. You definitely don’t want to be the hackers’ next victims.
0
Posted on Author Atlantic Computer Services Categories Blog

Ransomware Attackers May Target Industrial Machines Soon

Government officials and some internet security researchers have been saying for quite some time now that the nation’s (and the world’s) core infrastructure is at risk. Some examples include the flow of water into cities, the flow of electricity, and the traffic lights that keep city streets relatively organized. All of these depend on the reliable function of Industrial Control Systems, and these, as it turns out, are incredibly easy to hack.

A couple of years ago, hackers brought traffic to a standstill in a city in Texas by hacking the control system for signal lights. Other hackers have attacked water systems, with the effect of denying large numbers of citizens access to clean water for days at a time. We’ve also seen hackers overload transformers and cut power in limited areas of municipalities, and this is just the tip of the proverbial iceberg.

So far, these attacks have been little more than experiments. Small forays into a new frontier designed to test the defenses of the perimeter and see what’s possible.

The results of those initial attacks have revealed glaring weaknesses that, if exploited in a serious and large scale way, could paralyze entire cities, perhaps for weeks at a time. Those hacks, if and when they occur, will absolutely cost lives.

As Bharat Mistry, the technical director of Trend Micro puts it:

“The underground cyber crime economy is big business for ransomware operators and affiliates alike. Industrial Control Systems found in critical national infrastructure, manufacturing and other facilities are seen as soft targets, with many systems still running legacy operating systems and unpatched applications. Any infection on these systems will most likely cause days if not weeks of outage.”

This is a dangerous time, and worse, at present, there is no serious effort being made anywhere to better secure industrial control systems. It’s a ticking bomb that could go off at any time. Sooner or later, a state sponsored group of hackers is going to pull the trigger. Probably sooner than later.

0
Posted on Author Atlantic Computer Services Categories Blog

Ransomware Attacks Are On The Rise For Educators

According to an alert recently issued by the UK’s National Cyber Security Centre, colleges and universities worldwide are at increased risk of being targeted by a ransomware attack like the one that recently hit Colonial Pipeline and global meat supplier JBS. While ransomware attacks are certainly nothing new, they have been enjoying a surge of popularity as growing numbers around the world gravitate to their use.

From the perspective of the hackers, it’s easy to understand the attraction. Most hackers gain access to target networks, especially in the education ecosystem, is by exploiting weak passwords and unpatched vulnerabilities in Remote Desktop Protocols (RDP) and VPN’s. Unfortunately, in most cases, by the time network security personnel are aware that there’s a problem, the damage has already been done.

The NCSC made the following recommendations to help prevent, or at least mitigate the damage caused by ransomware attacks:

  • Make sure RDP, VPN’s and all cloud-based services are secured by utilizing multi-factor authentication and that technology is in place to help detect suspicious activity on your network.
  • Be sure that all the software you use has the latest security patches applied
  • Take regular backups of all critical systems and test your backup recovery routine to be sure you can recover your files with minimal downtime.

Unfortunately, none of these steps will guarantee that you won’t fall victim to a ransomware attack. However, it will certainly make it harder for the hackers to compromise your network, and if they do, you’ll be well-positioned to mitigate the damage and get your business back up and running.

It’s sound advice that all organizations, regardless of type should follow. Kudos to the NCSC for keeping a watchful eye out for the danger, and for being quick to alert everyone to it. Here’s hoping it’s enough.

0
Posted on Author Atlantic Computer Services Categories Blog

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers are actively hunting for vulnerable servers.

On May 25th, VMware released a patch that corrected for two critical security flaws, either of which would allow for remote code execution. These two flaws, tracked as CVE-2021-21985 and CVE-2021-21986, both had severity ratings of 9.8 out of ten.

Unfortunately, the software vendor can only do so much. The simple truth is that even when patches are released, most of the people and organizations using the software are notoriously slow to update, which creates an often large window of opportunity that hackers can exploit.

In a recent VMware blog post, a company representative wrote:

“In this era of ransomware it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible.”

It’s a grim outlook, but the central point of the blog post is certainly valid. In any case, the CISA has issued formal recommendations that include patching right away and reviewing VMware’s advisory on the matter, as well as the FAQ the company published on their website relating to the matter.

All of that is sound advice, so if you use any of the VMware products mentioned above and if you want to minimize your risks, you know what to do. Here’s hoping that we can get the word out quickly enough to prevent attacks via this avenue. It would be nice to hand the hackers a decisive defeat.

0
Posted on Author Atlantic Computer Services Categories Blog

Bose Is Latest Company To Have Employee Data Breached

Bose is the latest in an unending parade of major companies to disclose that they’ve been the victim of a ransomware attack.

In the company’s breach notification letter, they indicated that they first detected the incursion on March 7th, 2021, with the attack itself having occurred on April 29th.

Additionally, as is quite common in these cases, the company indicated that they immediately began working with both law enforcement and a third-party cyber security agency to continue the investigation. According to the official notification, Bose did not pay the demanded ransom, and was able to restore their corporate network to full functionality with minimal disruption to the company’s business operations.

In terms of scope and scale, the company identified a small number of individuals whose data was impacted and notified everyone who was affected by mail. Based on the forensic analysis, the company determined that the files accessed by the hackers contained personal information related to an unspecified number of current and former employees, including names, social security numbers, salary, and other HR-related information.

In the aftermath of the attack, Bose took the following steps to further bolster their security:

  • Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
  • Performed detailed forensics analysis on impacted server to analyze the impact of the malware/ransomware.
  • Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
  • Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
  • Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
  • Changed passwords for all end-users and privileged users.
  • And changed access keys for all service accounts.

The bottom line is, although unfortunate, the company’s handling of the incident has been commendable. We just hope that the day comes when there won’t be quite so many stories like this one.

0
1 3 4 5 6 7 17