In the spotlight this week:
RedDoorz Hotel Booking and Management Company Investigating Breach
Chinese Antivirus Vendor Tied to Part of a Decade-Long Hacking Spree
ThunderX Ransomware Silenced with Release of Free Decryptor
Universal Health Services has reportedly fallen victim to Ryuk Ransomware, causing the hospital to shut down healthcare facilities across the country. Doctors and nurses were left without access to their computers and tablets, thus resorted to taking notes on pen and paper.
When the attack happened, multiple antivirus programs were disabled by the attackers. Attackers launched their attack in the middle of the night to avoid detection before encrypting as many systems as possible. According to employees, files were renamed to include the .ryk extension, and extension known to be used by Ryuk ransomware. Given the current global pandemic, this breach has put a major strain on the American healthcare system.
In an attempt to put additional pressure on hacked companies to pay ransom demands, several ransomware groups have begun stealing data from their networks before encrypting it. When companies refuse to pay the ransom, the ransomware gangs threaten to leak the information online, on so-called "leak sites" and then tip journalists about the company's security incident. Refer to the article linked above for the full list of the notorious ransomware gangs.
Hotel booking and management system RedDoorz is investigating a breach that occurred earlier this week. A company spokesperson said that while no financial information was released, personal information including names, email addresses, phone numbers, addresses, and booking details was obtained. The company is said to be taking the necessary steps to remediate the breach.
Members of the hacking group “Apt41” were charged by the U.S. Department of Justice for hacking more than 100 victims globally through infecting the antivirus vendor Anvisoft and using it as a distribution tool. This news story highlights that not all antivirus vendors are reliable and trustworthy—if you’re looking at using a vendor that is not one of the major established players, you might be playing with fire.
The attacks included “supply chain attacks” where legitimate software providers were compromised and their code was modified to facilitate further intrusions against the software providers’ customers.
A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion. Tesorion found a flaw in the ransomware’s encryption that allowed victims to recover their files for free. To use the decryptor, you would need to upload both a copy of the readme.txt ransom note and an encrypted file to generate a decryption key, download Tesorion’s ThunderX Ransomware decryptor, and execute it.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.