Rainy Ransomware August ! Strom hit

Large-scale breaches have mushroomed in 2020, with an increase of 273% in the first quarter as compared to the previous year. Ransomware is among the most common types of attacks and is up by 90%, as per a recent report

Tricks up their Sleeves

Ransomware operators have started using memory-mapped I/O to encrypt files, making it difficult for behavior-based anti-ransomware solutions to monitor malicious activities.

WastedLocker is using this technique to encrypt cached documents in memory, without causing additional disk I/O, which can shield it from behavior-monitoring software.

Researchers have identified a new element in recent Sodinokibi (REvil) campaigns, wherein they scan compromised networks for PoS software to make additional money from payment information. Attackers might directly use the payment information to strip accounts or sell them on underground forums.

Ransomware Attackers Up the Ante
Allegedly, Maze ransomware operators have infected the network of SK Hynix, the RAM and flash memory supplier, and leaked some of the stolen files on their website as proof of the infiltration, holding the semiconductor giant to ransom.

A ransomware attack targeted the services of SnapFulfil, a cloud-based warehouse management software provider, disrupting warehouse operations for a minimum of one of its customers. The U.K-based company is working with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) to restore its systems.

Hackers accessed guest and employee data and encrypted a portion of the IT systems of one of the brands of British-American cruise operator, Carnival, in a ransomware attack.

Netwalker ransomware operators attacked Forsee Power, a lithium-ion battery systems provider, and shared a few screenshots of folders containing sensitive data as evidence of the breach on their online blog.

Brown-Forman, the makers of Jack Daniel’s, lost 1TB of corporate data at the hands of Sodinokibi ransomware. Some of the other firms that fell victim to ransomware attacks this month include Konica Minolta, SPIE group, R1 RCM, Boyce Technologies, LG, Xerox, and Canon.

While many organizations use the conventional signature-based solutions to protect their data, files, and systems, they need to take a more comprehensive approach toward security to address the threats posed by evolving ransomware. Not only endpoint security protects… Defence in depth must be maintained at a granular level to upheld the security.

Jack Daniels ‘Revil’ed

Over the past weekend, incidents of ransomware attacks on alcoholic beverages giant Brown-Forman, which owns renowned brands like Jack Daniel’s, Finlandia Vodka and Korbel champagne, ahave been reported.

Brown-Forman said in a statement that none of its files were encrypted however, some data may have been stolen.

Key Highlights

REvil hacking group, or also known as Sodinokibi, has taken responsibility for the attack on Brown-Forman.

Brown-Forman said that none of the systems were encrypted but some data may have been stolen.

REvil gang claimed the thievery of 1TB confidential data in the attack process and posted screenshots on their leak site as a proof.

The ransomware attack first came to light when the REvil ransomware gang published screenshots of Brown-Forman’s internal tree architecture and file names on its data leak site. It claimed to have stolen 1 TB of the company’s confidential data. This includes internal employee conversations, multiple contracts information, and database backups. REvil further said that the initial compromise took place a month back and they carefully monitored the entire network, cloud storage, and user services of Brown-Forman to steal highly sensitive data.

However, before the hackers could deploy the encryption script, Brown-Forman’s IT team detected the intrusion and locked out the perpetrators from further access. Thus, although the data may have been stolen, Brown-Forman is not keen on negotiating with the ransomware gang to retrieve it. On the other hand, REvil is all set to auction the stolen data if the victimized company denies paying the ransom.