This site uses cookies to enhance your experience.  By continuing to visit this website, you consent to the use of these cookies. Click here to learn more about our privacy policy.

Sanfor Technologies Blog Background Image

Sangfor Global Ransomware Weekly Report

2021-06-28
204
Sangfor Global Ransomware Weekly Report Long Image

REvil is at it again!

And this time Sol Oriens, a US-based security consultancy based in Albuquerque, New Mexico was the victim. On June 16, Sol Oriens, a 50-employee technology research and development consultancy firm, was hit by a REvil ransomware attack. While Sol Oriens has been closed-lipped about the attack, CNBC reportedly found NNSA (responsible for maintaining the USA nuclear weapon stockpile) invoices, descriptions of R&D projects, and wage sheets containing the social security numbers of Sol Oriens employees, posted on the dark web. Sol Oriens has reported that there is “no current indication that this incident involves client classified or critical security-related information.” Mother Jones, who broke the story, says of the hack, “In some ways, Sol Oriens, LLC is just one name among many. There’s no indication yet that the company was targeted because of the work it does, rather than just being another potential pay day for hackers.

Darkside remains committed, with affiliated groups targeting security businesses.

Not to be outdone, while DarkSide, the hackers responsible for the Colonial Pipeline hack of 2021, said they were closing shop, they launched a supply chain attack on security enterprise Dahu. Analysts believe that although the group did not ultimately use Darkside ransomware, they cannot rule out the possibility of new attacks.

Some ransomware stages a comeback, while some takes a final bow

A new variant of the suspected ransomware veteran – Thanos has arrived

Security researchers have tracked down a new ransomware variant, in which Prometheus uses malware and tactics very similar to that of the old ransomware veteran Thanos, which is suspected to be a new variant, using the RaaS mode of attack.

"These ransomware gangs rapidly expand their new business by adopting the ransomware as a service (RaaS) model, in which they obtain ransomware code, infrastructure and access to infected networks from outside vendors," said an unnamed researcher. The RaaS model lowers the barriers to entry for ransomware gangs."

Avaddon blackmail team to stop operations and release the decryption tool

Avaddon, one of the most prolific extortion gangs of 2021, has announced that it has recently stopped operating and is providing thousands of victims with a free decryption tool. The tool has been verified on the Sangfor Endpoint Secure website, where users can download the encryption.

CLOP extortion gang closed down by Ukrainian and South Korean police

Police in Ukraine and South Korea recently arrested six suspects of the CLOP blackmail gang. and seized the gang's tools.

Extortion is constant & prevention is a priority

Since June, many large and well-known enterprises have suffered from ransomware attacks, interrupting business operations, and threatening the future of the companies.

The low cost and high profit of cyber-crime is making ransomware attacks a daily occurrence. Once encrypted, most ransomware cannot be decrypted, meaning any attack will have a significant effect on the entire business.

Based on best practices developed working with 1,000 users, Sangfor solutions block encryption and horizontal spread using real-time interception, monitoring and effective disposal methods.

Ransomware Protection:

There are a few steps enterprises can implement to improve ransomware protection.

  1. Enterprises must be vigilant about ransomware attacks during non-working hours
  2. Enterprises must be on alert to the phenomenon of "holiday peak"
  3. The probability of Windows Server extortion is far greater than the probability of Linux server infiltration
  4. Have regular cold (offline) backups or remote backups
  5. Implement a zero-trust model to protect against internal threats and employee misuse
  6. Strengthen access control function
  7. Any vulnerability host within the enterprise is a likely breach point, making regular patching and daily antivirus scans essential
  8. Deploy firewall, boundary control and isolation control security at all branch locations.