Ransomware Blogs
Stay tuned with the latest news and updates from cyber security ecosystem.
Posted on 15th Sep, 2021 | By Surojoy Gupta 4 minutes
Microsoft Exchange ProxyShell and Windows PetitPotam vulnerabilities chained in New Attack
The newly minted LockFile ransomware group has been actively exploiting the Microsoft Exchange ProxyShell vulnerabilities since early August. In a recent attack, they chained a faultily-patched PetitPotam vulnerability with the ProxyShell vulnerabilities to take over and encrypt Windows domains and spread their ransomware through target networks. Read our analysis of the vulnerabilities to understand how you can protect yourself from a potential ransomware attack.
Read More
Posted on 19th Aug, 2021 | By Sumeetha, Surojoy 4 minutes
CSW Analysis: Accenture attacked by LockBit 2.0 Ransomware
On Aug 11, 2021, Accenture, a multinational IT Consulting and Services company, became the latest victim of LockBit 2.0 Ransomware. Our researchers investigated the vulnerabilities that LockBit exploits to compromise their targets and here is our analysis.
Read More
Posted on 12th Jul, 2021 | By Surojoy Gupta 4 minutes
Kaseya VSA Downed by REvil in Monumental Supply-Chain Attack
REvil's monumental supply-chain attack on 3 July 2021 affected 1500 companies and opened a path for third-party attack onslaughts. What else does REvil’s historic supply-chain attack portend?
Read More
Posted on 7th Jul, 2021 | By Priya Ravindran 3 minutes
Is Conti Ransomware on a roll?
The Conti group is associated with three vulnerabilities. If these had taken precedence in the CVE patching priority, the series of Conti attacks could have been avoided.
Read More
Posted on 30th Jun, 2021 | By Priya Ravindran 3 minutes
Darkside Ransomware: Further Threat Associations Unearthed
Darkside Ransomware has added two more CVEs to its arsenal alongside two additional APT group associations. Check out our analysis and patch these vulnerabilities before they strike again!
Read More
Posted on 16th Jun, 2021 | By Sumeetha Manikandan 4 minutes
REvil Brings Down JBS - the World’s Largest Meat Packer
REvil Ransomware uses six vulnerabilities to target their victims and if these had been remediated and patched on priority, JBS - the world’s largest meat packer could have escaped this attack. CSW warned about these vulnerabilities in its Ransomware Spotlight Report published in February 2021.
Read More
Posted on 11th Jun, 2021 | By Priya Ravindran 3 minutes
All About Qlocker
Researchers at Cyber Security Works (CSW) have been tracking Qlocker, a recently discovered ransomware family. This new strain began surfacing across QNAP devices in April 2021 exploiting CVE-2021-28799, a zero-day vulnerability.
Read More
Posted on 4th Jun, 2021 | By Priya Ravindran 5 minutes
FiveHands Ransomware Analysis: Can a Risk-Based Approach Help Prevent Future Attacks?
Early this year, threat actors exploited a vulnerability (CVE-2021-20016) even before the vendor could publish it on the National Vulnerability Database (NVD) and attacked an organization and stole information.
Read More
Posted on 18th May, 2021 | By Sumeetha 3 Minutes
Darkside: The Ransomware that brought a US pipeline to a halt
As of today our research has associated 260 vulnerabilities to ransomware. Remediating and patching these vulnerabilities on priority could have averted the Colonial Pipeline attack.
Read More
Posted on 26th Apr, 2021 | By Sumeetha 3 minutes
Why 'Old is Gold' for Ransomware?
In our recently published Ransomware Spotlight report 2020 we tracked down vulnerabilities that are being used by Ransomware to launch attacks on organizations worldwide. Here are a few surprising findings about old vulnerabilities in this report
Read More
Posted on 16th Apr, 2021 | By Pavithra Shankar 7 minutes
All about Ryuk
Ryuk is a crypto-ransomware strain that encrypts access to a system, device or a file and demands ransom to release it. Ryuk is unleashed on target assets through malware, notably TrickBot and is used to gain access to a system through remote desktop services.
Read More
Posted on 2nd Nov, 2020 | By Sumeetha 5 Minutes
Ryuk raising the Temperature in Healthcare
Security Agencies CISA (Cybersecurity and Infrastructure Security Agency), FBI, and the Department of Health and Human Services (HHS) have issued a high alert joint security advisory to hospitals to take actions to secure themselves from Ryuk ransomware in particular.
Read More
Posted on 15th Oct, 2020 | By Sumeetha 5 Minutes
Cyber Hygiene: Ransomware is causing critical care disruption in hospitals
We analyzed three ransomware incidents (Ryuk, Revil & AKO) and found 16 CVEs associated with them. Incidentally, CSW warned about five of these CVEs in our cyber risk series way back in March 2020!
Read More
Posted on 29th Sep, 2020 | By Sumeetha 3 Minutes
Our warning in 2020 was ignored: Lack of Cyber Hygiene is amplifying Ransomware attacks and causing havoc
Ransomware campaigns are always on prowl for a path of least resistance to gain initial access and move laterally using well known vulnerabilities.
Read More