Tag :
Cyber Security

revil disappeared quietly

Did REvil Disappear Quietly?

After many high-profile REvil ransomware attacks, and immediately following the massive ransomware attack on Kaseya, affecting almost 1,500 organizations.  American President Joe Biden spoke directly to Russian President Vladamir Putin last week, describing the conversation as a step forward.

"I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it's not sponsored by the state, we expect them to act if we give them enough information to act on who that is," Biden said.

"And secondly, we've set up a means of communication now on a regular basis to be able to communicate with one another when each of us thinks something is happening in another country that affects the home country. And so it went well. I'm optimistic."

On July 13th, all the websites related to the REvil ransomware group disappeared mysteriously. At present, when users visit the REvil website, they are greeted with a message saying, "Onionsite Not Found."

There has been no definitive word on why the websites were taken down, but we’d say the recent conversation between world leaders is the ultimate catalyst.

National Telecommunications Company in Ecuador Suffers Ransomware Attack

On July 16, Ecuador's national telecommunications company CNT issued an announcement that the operation of their integrated service center and contact center was attacked by ransomware, with business operations, payment channels, and customer support interrupted. Global media disclosed that CNT was attacked by the RansomEXX's ransomware organization, successfully stealing 190GB of files and demanded a ransom of CNT.

cnt-website-warning

Image Source

The type of urban infrastructure under attack lately is responsible for guaranteeing the supply of day-to-day resources and goods for citizens. Individuals are feeling the sting of these attacks in their daily lives, just as many were affected by the Colonial Oil attack in early June 2021.

Forefront Dermatology Clinic

Medical centers are responsible for the collection and storage of masses of sensitive information and have become increasingly vulnerable targets amid the recent pandemic. Even small medical facilities are at risk in 2021, with Forefront Dermatology disclosing a report of a ransomware attack in July. The follow-up investigation determined that the medical information of 2.41 million patients was affected. The clinic is currently notifying the patients involved, but Forefront Dermatology representatives found some of the stolen files available for free on the Cuba Ransomware leak site.

Cuba_head

Image Source

HelloKitty Ransomware Attacks Increase

Security researchers have discovered several “Hello Kitty” ransomware variants targeting Linux systems, designed to target and secretly host virtual machines on VMware ESXi servers. This malware attempts to shut down VMs running on target servers and encrypt files.

HelloKitty ransomware uses SonicWall vulnerabilities to launch attacks. SonicWall has issued an emergency security notice recommending that users reinforce their SonicWall system as soon as possible.

HelloKitty ransomware is far from the only ransomware targeting ESXi servers. BAduk, RansomExx, Mespinoza and Darkside also have variants that target the same vulnerabilities in this server. Based on the best practices of nearly 1,000 users, Sangfor has several recommendations on how to fortify yourself against HelloKitty and other types of ransomware that exploit this vulnerability. 

The Sangfor Ransomware Security Solutions

The Sangfor Ransomware Security Solution provides an innovative strategy that successfully mitigates ransomware attacks by breaking every step in the kill chain.

sangfor_ransomware1

sangfor_ransomware2

8 Tips for Daily Ransomware Protection

  1. Deploy automatic detection and protections during non-business hours
  2. Plan for extra security staff and deploy extra protections during holiday periods
  3. Deploy more stringent protections for Windows servers and Linux servers
  4. Plan for regular cold or remote backups
  5. As staff and users are the weakest link in the corporate security chain, improve internal security awareness of the dangers of weak passwords and phishing, and adopt a zero-trust scheme
  6. Strength any access controls of core data assets
  7. Perform daily patching for botnets and vulnerabilities
  8. Deploy a private network for each branch of the business, and deploy border control equipment like firewall to isolate and control the system.

 

Contact Us for Business Inquiry

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

Cyber Security

The AT&T Data Breach: Over 73 Million Customer Data Exposed

Date : 15 Apr 2024
Read Now
Cyber Security

What Are the Top 5 Benefits of SD-WAN?

Date : 29 Mar 2024
Read Now
Cyber Security

World Backup Day 2024: Save Digital Memories

Date : 29 Mar 2024
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure

Meet the Author

sangfor building image

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail