Netwalker electrified pakistan

K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services.

K-Electric is Pakistan’s largest power supplier, serving 2.5 million customers and employing over 10 thousand people.

Starting yesterday, K-Electric customers have been unable to access the online services for their account.

To resolve this issue, K-Electric appears to be trying to reroute users through a staging site, but are currently having difficulties.

Tthe cyberattack occurred on the morning of September 7th and is disrupting K-Electric’s online billing services and not the supply of power.

In a Tor payment page seen by BleepingComputer, the ransomware operators demand a $3,850,000 ransom payment. If a ransom is not paid within another seven days, the ransom will increase to $7.7 million.

The Tor payment site also includes a ‘Stolen data’ page that states the Netwalker operator stole unencrypted files from K-Electric before performing the attack. This page does not reveal how much or what data was stolen.

Since the summer of 2019, Netwalker has been actively infecting victims. It wasn’t until March 2020, when the threat actors began recruiting skilled hackers and focusing entirely on enterprise networks, that we began to see widespread attacks.

According to a report by McAfee, this change in tactics has led to the ransomware gang earning $25 million in just five months.

Netwalker… Made a brief walk on Argentina border ⛔

Argentina’s immigration agency, Dirección Nacional de Migraciones (DNM), was the victim of a ransomware attack that temporarily halted border crossings, with hackers demanding $4 million in Bitcoin.

The attack was first reported by the Argentinean government on August 27 to the country’s cybercrime agency, after multiple calls from border checkpoints suggested their computer networks were compromised.

Border authorities found that their computer systems, including apps and shared folders, were hit by an unidentified virus in the small hours. They took swift action and shut down central servers to prevent the virus from propagating to other systems over the network

All Argentinean immigration offices and control posts were put out of service for four hours until they were brought online again.

“The Comprehensive Migration Capture System (SICaM) that operates in international crossings was particularly affected, which caused delays in entry and exit to the national territory,” the DNM stated.

Ransomware attackers demand $4m in Bitcoin

The attackers were later identified by authorities as NetWalker, a ransomware operation that targets corporate computer networks. Its usual pattern of attack is to encrypt or password protect the files.. inturn demand a ransom

The NetWalker hackers who attacked Argentina’s immigration agency flashed a payment message leading to a Tor network page, demanding $2 million in Bitcoin as ransom. This figure was then changed to $4 million after seven days, approximately 355 Bitcoin at the time.

Ransomwares are becoming a nightmare to all organization either a government or private…

Rainy Ransomware August ! Strom hit

Large-scale breaches have mushroomed in 2020, with an increase of 273% in the first quarter as compared to the previous year. Ransomware is among the most common types of attacks and is up by 90%, as per a recent report

Tricks up their Sleeves

Ransomware operators have started using memory-mapped I/O to encrypt files, making it difficult for behavior-based anti-ransomware solutions to monitor malicious activities.

WastedLocker is using this technique to encrypt cached documents in memory, without causing additional disk I/O, which can shield it from behavior-monitoring software.

Researchers have identified a new element in recent Sodinokibi (REvil) campaigns, wherein they scan compromised networks for PoS software to make additional money from payment information. Attackers might directly use the payment information to strip accounts or sell them on underground forums.

Ransomware Attackers Up the Ante
Allegedly, Maze ransomware operators have infected the network of SK Hynix, the RAM and flash memory supplier, and leaked some of the stolen files on their website as proof of the infiltration, holding the semiconductor giant to ransom.

A ransomware attack targeted the services of SnapFulfil, a cloud-based warehouse management software provider, disrupting warehouse operations for a minimum of one of its customers. The U.K-based company is working with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) to restore its systems.

Hackers accessed guest and employee data and encrypted a portion of the IT systems of one of the brands of British-American cruise operator, Carnival, in a ransomware attack.

Netwalker ransomware operators attacked Forsee Power, a lithium-ion battery systems provider, and shared a few screenshots of folders containing sensitive data as evidence of the breach on their online blog.

Brown-Forman, the makers of Jack Daniel’s, lost 1TB of corporate data at the hands of Sodinokibi ransomware. Some of the other firms that fell victim to ransomware attacks this month include Konica Minolta, SPIE group, R1 RCM, Boyce Technologies, LG, Xerox, and Canon.

While many organizations use the conventional signature-based solutions to protect their data, files, and systems, they need to take a more comprehensive approach toward security to address the threats posed by evolving ransomware. Not only endpoint security protects… Defence in depth must be maintained at a granular level to upheld the security.