Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ransomware Gangs. Show all posts
remote code execution Veeam
Backup CVE CVE exploits CVE vulnerability Cyber Security Domain Flaws Ransomware Gangs Ransomwares remote code execution Veeam

Veeam Fixes Critical Remote Code Execution Bug in Backup & Replication Software

 

Veeam has issued new security patches to address multiple vulnerabilities in its Backup & Replication (VBR) software, including a severe remote code execution (RCE) flaw. Identified as CVE-2025-23121, this particular vulnerability was uncovered by researchers from watchTowr and CodeWhite and impacts only installations that are connected to a domain. 

According to Veeam’s advisory released on Tuesday, the vulnerability can be exploited by any authenticated domain user to execute code remotely on the backup server. The flaw requires minimal attack complexity and affects versions of Veeam Backup & Replication 12 and later. The issue has been resolved in version 12.3.2.3617, made available earlier today. 

Although the vulnerability is confined to domain-joined setups, it poses a significant risk due to the ease with which domain users can leverage it. Alarmingly, many organizations have connected their backup servers to Windows domains, going against Veeam’s own security recommendations. These guidelines suggest using a separate Active Directory Forest for backups and enforcing two-factor authentication on administrative accounts to reduce exposure. 

This is not the first time a serious RCE flaw has been found in Veeam’s software. In March 2025, another vulnerability (CVE-2025-23120) was patched that similarly affected domain-joined installations. Earlier, in September 2024, another VBR vulnerability (CVE-2024-40711) was exploited in the wild, eventually being used to deliver the Frag ransomware. That same flaw was later linked to Akira and Fog ransomware attacks starting in October. Cybercriminals have increasingly targeted Veeam Backup & Replication servers as part of their ransomware campaigns. 

These systems often store critical backups, making them ideal targets for attackers looking to maximize damage. Ransomware operators frequently aim to disable these systems before launching full-scale attacks, making recovery more difficult for the victim. Historically, ransomware groups such as Cuba, as well as financially motivated actors like FIN7—known for collaborating with major ransomware operations like REvil, Maze, Conti, and BlackBasta—have been seen exploiting VBR vulnerabilities. 

With over 550,000 organizations relying on Veeam’s solutions globally, including the majority of Fortune 500 companies and most of the Global 2000, the potential impact of such flaws is significant. These repeated discoveries of critical vulnerabilities highlight the urgent need for enterprises to follow recommended configurations and keep their backup software up to date.
Read more »
Ransomware Gangs
Corporate Cyber Security cyber threat data security Ransomware Ransomware Gangs

Ransomware Gangs Targeting CEOs with Stolen Data

Ransomware Gangs Targeting CEOs with Stolen Data

Ransomware gangs are now employing a terrifying tactic—using stolen data to coerce and threaten CEOs. 

Understanding Ransomware Attacks

Ransomware is a type of malicious software that encrypts the victim's data, rendering it inaccessible until a ransom is paid. Over the years, ransomware tactics have evolved, becoming more sophisticated and damaging. Originally, ransomware attacks were more indiscriminate, targeting individuals and organizations alike. However, cybercriminals have become more strategic, now focusing on high-value targets.

The Rise of CEO Extortion

Ransomware gangs have discovered that targeting CEOs can yield higher returns. By threatening to release sensitive data, they put immense pressure on CEOs to comply with their demands. This method of extortion not only threatens the individual's reputation but also jeopardizes the entire organization's security and financial stability.

Why They Rarely Get Caught

Anonymity: Cybercriminals use encryption and the dark web to hide their identities, making it challenging for law enforcement agencies to trace them.

Jurisdictional Challenges: Ransomware attacks are often transnational, complicating legal processes. Different countries have varying laws and levels of cooperation with international authorities.

Sophisticated Techniques: These criminals are adept at covering their tracks, using advanced encryption, and frequently changing their digital footprints to evade detection.

Resource Limitations: Law enforcement agencies often lack the resources and specialized knowledge required to effectively tackle these sophisticated cybercrimes.

The consequences of a ransomware attack can be devastating. For CEOs, the personal and professional stakes are incredibly high. They face potential damage to their reputation, legal ramifications, and significant financial loss. For the organization, it can result in operational disruption, loss of sensitive data, and a breach of trust with customers and stakeholders.

Combating the Threat

  • Regularly update software, use advanced firewalls, and employ comprehensive security solutions to protect against ransomware attacks.
  • Conduct regular cybersecurity training for employees to recognize phishing attempts and other common tactics used by cybercriminals.
  • Ensure that all critical data is backed up regularly and stored securely. This can help recover data without paying the ransom.
  • Have a well-defined plan in place for responding to ransomware attacks, including steps to isolate affected systems and communicate with stakeholders.
  • Report ransomware incidents to law enforcement agencies to help track and apprehend cybercriminals.

Read more »
Stolen Data
British Library Data Breach ransomware attacks Ransomware Gangs Rhysida Rhysida ransomware gang Stolen Data

British Library Staff Passports Leaked Online, Hackers Demand £600,000 Ransom


In a ransomware attack, the British Library staff passports have been leaked online, where the threat actors are demanding a ransom of £600,000 (to be paid in Bitcoin) in order to retrieve the stolen documents. 

The responsibility of the attack has been claimed by ransomware gang Rhysida. The group has listed the library as their victim over its darknet forum, where it has leaked the low resolution snippets of the stolen information. The gang is offering to auction the further information for 20 Bitcoin, or about £600,000, to the highest bidder.

As a result of the attacks, the library’s operations have been disrupted for weeks. The stolen data includes images of passport photos and HMRC employment records. 

In the darknet website, the listing for the British Library reads, “With just seven days on the clock, seize the opportunity to bid on exclusive, unique and impressive data. Open your wallets and be ready to buy exclusive data.”

The aforementioned listing appeared on the website on Monday, where the group has demanded the ransom to be paid till November 27.

In regards to this, Emisoft’s threat analyst, Brett Callow says that the data “auction” was effectively a “continuation of the extortion attempt” by the gang.

British Library Cyber Attack

The cyberattack on the British Library started in late October, where the attackers stole large chunks of the library’s website. 

Staff at the archive's St Pancras location have been compelled by the disruption to disable the public Wi-Fi and only accept cash payments for some transactions.

Staff at the archive's St Pancras location have been compelled by the disruption to disable the public Wi-Fi and only accept cash payments for some transactions.

The British Library released the following statement on Monday: "We are aware that some data has been exposed, after confirmation last week that this was a ransomware attack. It looks like these are from our own HR records.”

“We have no evidence that data of our users has been compromised.”

The National Cyber Security Centre (NCSC), which is affiliated with GCHQ, and the Metropolitan Police are collaborating with the library to strengthen its IT infrastructure and carry out a forensic examination.

Sir Roly Keating, chief executive of the British Library, said: “We are immensely grateful to our many users and partners who have shown such patience and support as we work to analyse the impact of this criminal attack and identify what we need to do to restore our online systems in a safe and sustainable manner.”  

Read more »
Ransomware Gangs
cryptocurrency scammers Cyber Crime Europol Financial crime report fintech advancements Money Laundering neo banks online banking fraud organized crime networks Ransomware Gangs

Europol Warns of a Potent Criminal Economy Fostered by New Technological Tools

 

Europol's inaugural report on financial and economic crime highlights the alarming extent to which money laundering techniques employed by ransomware groups and cryptocurrency scammers are now cleaning the cash of nearly 70% of the world's organized crime networks. 

Despite concerted efforts by international law enforcement agencies to combat cybercrime, progress has been sluggish, resulting in European criminals reaping profits of up to €188 billion.

The report underscores how advancements in fintech are exacerbating financial malfeasance. The widespread adoption of online banking and digital-only 'neo banks' has led to disproportionately high rates of financial fraud and money laundering. Innovations like virtual international bank account numbers (IBAN) and 'buy now pay later' financing have further fueled online fraud.

Europol also points out that encrypted messaging apps, dark web marketplaces, cryptocurrencies, and other privacy-enhancing technologies shield criminals' identities, presenting significant challenges for law enforcement agencies. Criminals can now easily access illicit digital products and technical services, even without advanced technological skills, thanks to a burgeoning "crime-as-a-service" model.

The report highlights how money laundering has become increasingly streamlined with the emergence of new types of digital assets. Professional money launderers have established a parallel underground financial system that processes transactions away from the watchful eye of legal financial mechanisms. 

High-level money brokers play a pivotal role in this criminal ecosystem, providing a range of unregulated global banking and escrow services to numerous criminal organizations. This facilitates the laundering of billions of euros worth of illicit profits annually through the EU, rendering money laundering a significant criminal threat.

Europol underscores that most countries lack the requisite experience and specialized expertise needed for tracing cash, analyzing blockchain data, establishing actual ownership, managing seized assets, and facilitating recovery. Digital assets held outside of financial institutions pose an even greater challenge in terms of tracing, seizure, and confiscation.

“Organised crime has built a parallel global criminal economy around money laundering, illicit financial transfers and corruption,” explained Europol’s executive director, Catherine De Bolle. “With modern technology, they have diversified their modi operandi to evade detection.”
Read more »
U.S. Schools
Cyber Attacks Data Leak Explicit data leak Minneapolis school Ransomware attack Ransomware Gangs Student data leak U.S. Schools

Ransomware Gangs Exposing Private Files of Students Online


Ransomware groups have lately been dumping private documents acquired from schools online. The stolen content included happens to be raw, intimate and graphic. The confidential ‘data’ leaked online involve content as explicit as describing student sexual assaults, psychiatric hospitalizations, abusive parents, truancy, or even suicide attempts. One hacked file shows a youngster pleading, "Please do something," recalling the pain of frequently running into an ex-abuser at a Minneapolis school, while other described some victims wetting their bed or crying themselves to sleep.

More than 300,000 files were posted online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Among those files were complete sexual assault case folios including this information. Medical records, complaints of discrimination, Social Security numbers, and contact information for district employees were among the other data disclosed.

The ‘nation’s schools’ that are lush with data have been a primary target for hackers. “In this case, everybody has a key,” says Ian Coldwater, a cybersecurity expert whose son attends a Minneapolis high school.

Districts – often short of funds – are also short of resources to defend themselves from or even properly respond when attacked, as months after the attack, the Minneapolis administrators did not yet promise to inform about the attack to individual victims.

Families of six students whose sexual case files were leaked reached the Association Press only after getting to know about it through a message from a reporter, alerting them of the leak.

Los Angeles Unified School District caught a ransomware attack in progress last Labor Day weekend, only to find the private paperwork of more than 1,900 former students — including psychological evaluations and medical records — leaked online. It was not until February that district officials disclosed the breach's full scope.

It turns out that the long-term effects of school ransomware attacks are not in school closures, expensive recovery efforts, or even skyrocketing cyberinsurance premiums. The AP discovered private documents available on both the open internet and the dark web, causing trauma for teachers, students, and parents.

“A massive amount of information is being posted online, and nobody is looking to see just how bad it all is. Or, if somebody is looking, they’re not making the results public,” says analyst Brett Callow of the cybersecurity firm Emsisoft.

Other major cities that experiences a data theft incident include San Diego, Des Moines and Tucson, Arizona. While the severity of attack remains unclear, the authorities were criticized for their negligence in acknowledging and responding to the ransomware attack.

School systems have been slower to respond than other ransomware targets, who have strengthened and segregated networks, encrypted data, and required multi-factor authentication.

As per a report by the Center for Internet Security, a federally funded nonprofit, one in three U.S districts had been breached by the end of 2021. According to analyst Allan Liska from cybersecurity firm Recorded Future , ransomware have affected over 5 million students in US already and the cases are likely to only increase this year.

Read more »
Subscribe to: Posts (Atom)