Malware

Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt

Jul 5, 2021 By Ryan Kovar In Splunk

When Splunk told me we would have a “breach holiday” theme for the summer, I didn’t think it would be quite so on the nose… For those of you who have been working on this Kaseya REvil Ransomware incident over the weekend, I salute you. We’ve been doing the same. As usual, my team here at Splunk likes to make sure that we have some actionable material before posting a blog, and this time is no different.

Read Post

Splunk

Read more about Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt

Agent REvil Unveiled in Kaseya VSA Ransomware Attack

Jul 5, 2021 By Ryan Sherstobitoff In SecurityScorecard

In the world of cybersecurity, there are no holidays and days off as proven by the ransomware attacks that began during the Fourth of July weekend, impacting users of the Kaseya VSA remote management and monitoring software.

Read Post

SecurityScorecard

Read more about Agent REvil Unveiled in Kaseya VSA Ransomware Attack

MSPs Targeted in Ransomware Attack

Jul 4, 2021 By Cyberint Research In Cyberint

News has been surfacing throughout the day on July 3, 2021, of a seemingly large ransomware attack affecting hundreds of organizations following a software supply chain compromise at the supplier of software to managed service providers (MSPs).

Read Post

Cyberint

Read more about MSPs Targeted in Ransomware Attack

REvil's new Linux version

Jul 1, 2021 By Fernando Martinez In AT&T Cybersecurity

The ransomware-as-a-service (RaaS) operation behind REvil have become one of the most prolific and successful threat groups since the ransomware first appeared in May 2019. REvil has been primarily used to target Windows systems. However, new samples have been identified targeting Linux systems. AT&T Alien Labs™ is closely monitoring the ransomware landscape and has already identified four of these samples in the wild during the last month, after receiving a tip from MalwareHuntingTeam.

Read Post

AT&T Cybersecurity

Read more about REvil's new Linux version

Ransomware Has Evolved, And So Should Your Company

Jun 30, 2021 By Veriato In Veriato

Ransomware is typically initiated via phishing or social engineering tactics, these attacks often take advantage of human error for the successful delivery of the malware. These criminal organizations are impartial to the size of your organization. They target any company with data, and if you don't pay the ransom, your information could be posted to a public forum or sold on the Dark Web for profit. Most companies unfortunately are forced to pay due to system failure and file corruption.

View Video

Veriato

Read more about Ransomware Has Evolved, And So Should Your Company

Yuba County Survived a Ransomware Attack and Lived to Tell the Tale

Jun 30, 2021 By Rubrik In Rubrik

The growing threat of ransomware attacks is ubiquitous, which has been further accelerated by the pandemic. In February of 2021, Yuba County was hit by ransomware that infected critical systems. Despite the attacker’s demands for ransom, the county was able to avoid paying the hefty fee and quickly recovered with Rubrik. Listen in on the fireside chat with Paul LaValley, CIO of Yuba County as he shares intimate details of how they survived the attack and lived to tell the tale.

View Video

Rubrik

Read more about Yuba County Survived a Ransomware Attack and Lived to Tell the Tale

Estée Lauder Uses Rubrik to Manage and Protect Global Data at Scale

Jun 30, 2021 By Rubrik In Rubrik

Leading house of prestige beauty, Estée Lauder is a collection of over 25 globally renowned beauty brands, each with its own unique set of data and unique challenges. To protect all data at scale while keeping costs low, the beauty company embarked on a digital transformation journey – to break free from legacy data protection and mobilize to the cloud.

View Video

Rubrik

Read more about Estée Lauder Uses Rubrik to Manage and Protect Global Data at Scale

What If You Had Advance Notice of a Ransomware Attack?

Jun 29, 2021 By Cyndi Gutowski In SecurityScorecard

One of the worst things about ransomware attacks isn’t just the mayhem they cause as your data is encrypted by criminals and your business is put on hold — it’s not knowing when they’ll happen. But what if you had some advance notice about the next cyberattack before it hit? What if you could find out if your data was up for bid on the dark web?

Read Post

SecurityScorecard

Read more about What If You Had Advance Notice of a Ransomware Attack?

Not Laughing: Malicious Office Documents using LoLBins

Jun 29, 2021 By Ghanashyam Satpathy In Netskope

Attackers have long used phishing emails with malicious Microsoft Office documents, often hosted in popular cloud apps like Box and Amazon S3 to increase the chances of a successful lure. The techniques being used with Office documents are continuing to evolve. In August – September of 2020, we analyzed samples that used advanced techniques like: In January 2021, we examined samples that use obfuscation and embedded XSL scripts to download payloads.

Read Post

Netskope

Read more about Not Laughing: Malicious Office Documents using LoLBins

Secure Software Development: How to Check Your Code

Jun 28, 2021 By SecuritySenses In SecuritySenses

In May of 2021, a cybercrime organization called DarkSide successfully locked operators of the Colonial Pipeline, which supplies the east coast with 45% of its petroleum fuel, out of their own software system with a type of malware called "ransomware." True to its name, ransomware returns access to your software (in theory) if you pay a ransom. The result-fuel supplies collapsed across the eastern United States, with gas lines, price spikes, and panic. People began hoarding gasoline in states not even served by the Colonial Pipeline. The US government passed emergency legislation. Even DarkSide seemed shocked at the impact of their cyberattack.

Read Post