Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ransowmare. Show all posts
Vulnerabilites and Exploits
Citrix Bleed Bug Foreign Ransomware Healthcare Security Ransowmare Vulnerabilites and Exploits

AHA, Federals Urge Healthcare Ogranizations to Minimize Citrix Bleed Vulnerability

Citrix Vulnerability

Healthcare departments under threat

The alert from the Department of Health and Human Services Health Sector Cybersecurity Coordination Center on Nov. 30 and the AHA warning on Friday come amid an outbreak of ransomware attacks alleged to involve Citrix Bleed exploitation that has hit companies in the healthcare and other sectors in recent weeks. This blog will cover the threats and everything related to the Citrix Bleed flaw.

CySecurity News had already reported on a Citrix bleed bug delivering sharp blows earlier in November 2023.

"HC3 strongly recommends companies to make improvements to prevent additional harm against the healthcare and public health sector," alerted the Department of Health and Human Services.

High severity Citrix Bleed Vulnerability

According to John Riggi, AHA's national adviser for cybersecurity and risk, the urgency of HHS's alert "confirms the gravity" of the Citrix Bleed vulnerability and the urgent requirement to install existing Citrix patches and upgrades to secure healthcare IT systems.

Google’s Mandiant report in October “identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023. Successful exploitation could result in the ability to hijack existing authenticated sessions, therefore bypassing multifactor authentication or other strong authentication requirements. 

These sessions may persist after the update to mitigate CVE-2023-4966 has been deployed. Additionally, we have observed session hijacking where session data was stolen prior to the patch deployment and subsequently used by a threat actor, the report further added.

Foreign ransomware groups involved

Riggi said in a statement that this instance further shows the severity by which foreign ransomware groups, mainly Russian-speaking groups, continues targeting hospitals and health organizations. Ransomware threats interrupt and disrupt the delivery of healthcare, jeopardizing patients' lives. We must be attentive and strengthen our cyber security, as hackers will undoubtedly continue to target the field, particularly over the holiday season, he further added.

Rise in attacks during the holiday season?

NetScaler released an advisory on the flaw in October and then again in late November, citing reports of "a rapid spike in attempts" to take advantage of the vulnerability in unfixed NetScaler ADCs.

The AHA cautioned that exploiting the vulnerability allows hackers to evade password constraints and multifactor authentication mechanisms.

According to HHS HC3, the vulnerability has been routinely exploited since August. Citrix issued a patch for the vulnerability in early October, but the firm warned that compromised sessions would remain active after the patch was applied.

HC3 encourages all administrators to upgrade their devices according to NetScaler's instructions and to erase or "kill" any active or permanent connections with particular commands.

Also read: NetScaler's report to know full details about Citrix Bleed Threat.


Read more »
Windows
Data Evil Extractor malware Ransowmare Safety Security Windows

This Evil Extractor Malware Steals Data from Windows Devices

 


Experts have discovered a hazardous new malware strain that is circulating the internet, stealing sensitive data from victims and, in some cases, installing ransomware as well. The malware, dubbed Evil Extractor, was found by Fortinet cybersecurity experts, who published their findings in a blog post, noting that it was produced and disseminated by a business called Kodex and was marketed as a "educational tool." 

“FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog,” the researchers said. “It usually pretends to be a legitimate file, such as an Adobe PDF or Dropbox file, but once loaded, it begins to leverage PowerShell malicious activities.” 

An environment-analysis tool and an info stealer are among the harmful actions. As a result, the malware would first check to ensure that it is not being planted in a honeypot before capturing as much sensitive data from the endpoint as possible and transferring it to the threat actor's FTP server. It is also capable of encrypting data.

The tool, known as Kodex Ransomware, downloads zzyy.zip from evilextractor[.]com, which contains 7za.exe, an executable that encrypts data using the argument "-p," which means the files are zipped with a password. 

The malware then sends a ransom note asking $1,000 in Bitcoin in exchange for the decryption key, as is customary. "Otherwise, you will be unable to access your files indefinitely," the notification states. According to reports, the malware mostly targets people in the Western world.

"We recently reviewed a version of the malware that was injected into a victim's system and, as part of that analysis, identified that most of its victims are located in Europe and America," Fortinet states.

It's not known if the operators were successful in spreading the ransomware or how many victims they impacted.
Read more »
Ransowmare
Cyber Security Data Leak Ragnar Locker Ransomware Group Ransowmare

Ragnar Locker to Publish Victims Data if They Approach FBI

 

The ransomware gang Ragnar Locker implements a new strategy, which forces victims to pay the ransom and threatens to expose their stolen data if victims approach the FBI. Earlier, Ragnar Locker has struck notable ransomware attacks on various companies to extract millions of dollars in ransom payments. 

Ragnar Locker perpetrators are believed to deploy payloads of the ransomware to the victim's computers manually. They spend time recognizing system resources, business backups, and other critical files before the data encryption phase. 

This week, the organization threatened to release complete information on victims seeking the aid and assistance of the police and investigating authorities amid a ransomware attack in an annunciation on the darknet leak portal of Ragnar Locker. 

The threat is equally applicable to individuals who approach file recovery experts to try to decode files and later on negotiate. In any case, the gang will expose the entire data of the victims on their .onion site. 

The Ransomware administrator says that the process of recovery is only worsened by affected companies who hire "professional negotiators" It is because these negotiators typically collaborate with FBI-associated data retrieval businesses and equivalent organizations. 

“In our practice we has facing with the professional negotiators much more often in last days,” the announcement said in broken-English-ese. “Unfortunately it’s not making the process easier or safer, on the contrary it’s actually makes all even worse.” 

“So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the Police/FBI/Investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised Data immediately. Don’t think please that any negotiators will be able to deceive us, we have enough experience and many ways to recognize such a lie. Dear clients if you want to resolve all issues smoothly, don’t ask the Police to do this for you. We will find out and punish with all our efforts,” further reads the announcement. 

Such dealers are either connected to or interact personally with law enforcement officials, the gang claims. In any case, they are in it and do not care about the economic well-being of their customers or their data privacy, stated the organization. 

The previous victims of Ragnar Locker included the Japanese game maker Capcom, ADATA manufacturer of computer chips, and the Dassault Falcon airline company. In Capcom's case, 2,000 devices were supposedly encoded and the attacker demanded $11.000,000 for a decryption key in return. 

Ragnar Locker's latest revelation induces further stress for victims, given that governments across the world have strongly advocated against paying ransoms in the present climate of escalating cyber threats. 

"Government has a strong position against paying ransoms to criminals, including when targeted by ransomware. Paying a ransom in response to ransomware does not guarantee a successful outcome," said the British Home Secretary, Priti Patel in May this year.
Read more »
Subscribe to: Posts (Atom)