Analytics cookies. We use analytics cookies to understand how you use our websites so we can make them better, e.g. They're used to gather information about the pages you visit and how many clicks you need to accomplish a task. Ns1.bitpayment.biz, ns2.bitpayment.biz SSL PositiveSSL valid from 11 Oct, 2019 to 11 Oct, 2020 - Sectigo Limited.
Large US businesses and other organisations are under sustained attack and are faced with the risk of enormous ransom demands for unlocking encryped and stolen data. The hacking group known as Evil Corp. has hit at least 31 organisations in cyber attack to date (over twenty of these are US organisations, several of them Fortune 500 companies) were attacked a dangerous new strain of ransomware called WastedLocker.
Ransomware attacks continue to rise, and organisations that pay the hackers in hopes of unlocking their files often find themselves both out of luck and victims of future attacks, according to a Report from security firm SentinelOne.
Ransomware is designed to completely encrypt a victim’s file system, potentially causing an irreversible loss of data. Second, an increasing number of cyber-criminals are utilising ransomware to extract money out of victims. Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017. Recently Evil Corp has changed a number of TTPs related to their operations.
Had the attacks succeeded, they could have resulted in millions of dollars in damages to the organisations and potentially had a major impact on supply chains in the US,according to the experts at Symantec. Among those affected were five organisations in the manufacturing sector, four IT companies, and three media and telecommunications firms.
Organisations in multiple other sectors, including energy, transportation, financial services, and healthcare, were also affected. In each instance, the attackers managed to breach the networks of the targeted organisations and were preparing to deploy the ransomware when they were detected and stopped.
Symantec described the attacks as being carried out by Evil Corp., a Russian cybercrime group that has been previously associated with the Dridex banking Trojan and the BitPayment ransomware family. Last December, US authorities indicted two members associated with the group, Maksim Yakubets and Igor Turashev, in connection with their operation of Dridex and the Zeus banking Trojans.
The two, along with other conspirators, are alleged to have attempted theft of a staggering $220 million and caused $70 million in actual damages. The US Department of State's Transnational Organised Crime (TOC) Rewards Program has established an unprecedented $5 million bounty for information on Yakubets. Both men remain at large.
Dangerous Campaign
The NCC Group, which published a report on the WastedLocker campaign, said its investigations showed the ransomware has been in use at least since May and was likely in development several months before that. Evil Corp. has typically targeted file servers, database services, virtual machines, and cloud environments in its ransomware campaigns. They have also shown a tendency to disrupt or disable backup systems and related infrastructure where possible to make recovery even harder for victims.
Symantec said its investigation shows the attackers are using a JavaScript-based malware to gain an initial foothold on victim networks. The malware is being distributed in the form of a zipped file via at least 150 legitimate, but previously compromised, websites and malware masquerades as a browser update and lays the groundwork for the computer to be profiled. The attackers then use PowerShell to download and execute a loader for Cobalt Strike Beacon, a penetration-testing tool that attackers often use in malicious campaigns.
The tool is being used to execute commands, inject malicious code into processes or to impersonate them, download files, and carry out other various tasks that allow the attackers to escalate privileges and gain control of the infected system.
As with many current malicious campaigns, the attackers behind WastedLocker have been leveraging legitimate processes and functions, including PowerShell scripts and the Windows Management Instrumentation Command Line Utility (wmic dot exe) in their campaign, Symantec said.
To deploy the ransomware itself, the attackers have been using the Windows Sysinternals tool PsExec to launch a legitimate command line tool for managing Windows Defender (mpcmdrun.exe). This disables scanning of all downloaded files and attachments and disables real-time monitoring, Symantec said. 'It is possible that the attackers use more than one technique to perform this task, since NCC reported suspected use of a tool called SecTool checker for this purpose,' Symantec said.
The ransomware deploys after Windows Defender and all associated services have been stopped across the organisation, the vendor noted. 'A successful attack could cripple the victim's network, leading to significant disruption to their operations and a costly clean-up operation,' Symantec warned.
Given the whole purpose of ransomware is to extract money from victims, total loss values are causing the insurance industry to become increasingly alarmed.
According to some sources ransomware grew 56 percent in the past four quarters. Unfortunately, ransomware isn’t going anywhere fast. Cyber-criminals have learned just how lucrative encrypting data can be. Other forms of security threats still exist, data breaches in particular, but criminals who want to extract an easy buck are regularly turning to readily-available ransomware packages.
Symnatec: Bloomberg: Dark Reading: NCC Group: Heatth IT Security: TechRepublic: SentinelOne:
You Might Also Read:
Hackers Extort $1.14m From University of California:
Jooble
Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.
BackupVault
BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.
eBook: Practical Guide to Security in the AWS Cloud
AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.
DigitalStakeout
A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions. Subscribe to sky go.
MIRACL
MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.
Authentic8
Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.
ZenGRC
ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.
CYRIN
CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.
Practice Labs
Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.
CSI Consulting Services
Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.
National Institute of Standards & Technology (NIST)
NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.
CloudCodes Software
CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.
NESEC
NESEC is a specialist in information security consulting services and solutions.
AXA XL
AXA XL is the P&C and Specialty Risk Division of AXA. Professional insurance products include Cyber Insurance.
Quantea
Our multi-patented solutions - QP Series Network Analytics Accelerator appliance and PureInsight Analytics Software Suite allows you to capture, analyze, store, replay, network traffic data.
DNX Ventures
Based in Silicon Valley and Tokyo, DNX Ventures is an early stage VC for B2B startups in sectors including Cybersecurity.
Cypress Data Defense
Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.
Aurora Systems Consulting
Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.
Aadhya Khatri - Oct 14, 2019
Bitpayment
Apple has just come up with a patch for ab iTunes’s zero-day malware in Windows, which let hackers install a ransomware without being detected
Apple has just come up with a patch for ab iTunes’s zero-day bug in Windows, which let hackers install the ransomware called BitPayment without being detected.
This flaw was uncovered by Morphisec, a cybersecurity firm, amidst Apple axing iTunes and offering TV, Music, and Podcasts app in its place for macOS Catalina. iTunes will still work on Windows.
Bt Payment
The patch for the flaw was released on the 7th of October in iCloud for Windows 7.14 and iTunes 12.10.1 for Windows.
As stated by Morphisec, bad actors exploited iTunes’s packed-along Bonjour helper utility and its path vulnerabilities to infect computers of a company in the motor vehicle business with ransomware. Dblue crusher vst free.
Since Bonjour remains after iTunes was uninstalled, it is advisable that users must remove the software manually or install the most updated version of iTunes to fix the vulnerability.
You may have guessed from the name what the flaw can do. It appears when the path leading to a service’s location is not listed in quotations, Windows has to look in all of the folders until the system finds the file.
For example, if the location of a program is c:program filessub folder asub folder bprogram.exe, hackers can string in code to run a harmful program by exploiting the absence of quotes: c:program filessub folder amalicious program.exe.
That is not all, hackers can have elevated privileges if it is the admin or SYSTEM users are running the service, paving the way to infect any kind of malware, and in this particular case, the BitPayment ransomware.
According to Michael Gorelik, the CTO of Morphisec, the malware does not have the ‘.exe’ extension and was named only ‘Program.’ This is why it could avoid the protection of antivirus programs and also exposure.
BitPayment is a kind of malware that encrypts apps, data, and program files.
Comments
Sort by Newest | Popular
Featured Stories
Read more