U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Dutch National Cyber Security Centre warns ransomware infected thousands of businesses

According to a confidential report from the Dutch National Cyber Security Centre (NCSC), at least 1,800 companies were infected with 3 ransomware. A confidential report published by the Dutch National Cyber Security Centre (NCSC) revealed that at least 1,800 companies are affected by three strains of ransomware across the world. According to the report, the […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

According to a confidential report from the Dutch National Cyber Security Centre (NCSC), at least 1,800 companies were infected with 3 ransomware.

A confidential report published by the Dutch National Cyber Security Centre (NCSC) revealed that at least 1,800 companies are affected by three strains of ransomware across the world.

According to the report, the three ransomware LockerGoga, MegaCortex, and Ryuk) involved in the attacks were sharing the same infrastructure.

The NCSC did not name the companies infected with the ransomware, it only revealed that hackers targeted organizations having revenues of millions or billions.

The companies are from various industries, including the automotive industry, construction, chemical, health, food, and entertainment.

“Various Dutch companies have been hit by advanced hostage software. This appears from a confidential report from the National Cyber ​​Security Center, which is in the hands of the NOS.” reads The Dutch Broadcast Foundation (NOS) website. 

“Which companies are involved is unknown, as is the number of affected Dutch companies. Worldwide there are at least 1800 affected companies and the number of Dutch companies is a relatively small part, writes the NCSC.”

The NOS confirmed that Dutch branches of multinationals have also targeted by the ransomware-attacks, including an American chemical company that is a supplier of critical infrastructure in the Netherlands.

“We conducted this investigation following disruptive ransomware attacks abroad,” said an NCSC spokesperson. 

The malware campaign likely began in July 2018, and NCSC experts speculate the attackers may have exploited zero-day vulnerabilities to spread the ransomware.

In May, security experts at Sophos discovered the MegaCortex ransomware while it was targeting corporate networks. At the time, MegaCortex attacks were reported in the United States, Italy, Canada, France, the Netherlands, and Ireland.

LockerGoga was first spotted earlier in January, it was initially discovered after attacks were launched against European companies, such as Altran Technologies in France and also Norsk Hydro.

The list of victims of the Ryuk ransomware is long, it includes hospitals, municipalities, and private businesses.

The fact that the three ransomware families were using the same infrastructure and leveraged zero-day exploit to infect systems suggests that the attacks were conducted by a group of well-resourced same cybercriminals. The use of a shared infrastructure could also suggest that someone is offering it as a service.

Experts also warn that some ransomware also exfiltrates data from infected systems before encrypting their files with the intent to resell the information on the dark web or blackmail twice the victims once that will pay the ransom.

NCSC recommends organizations to be vigilant on potential threats. “Companies still do not take all basic measures,” a spokesperson said via email. “Run updates, make sure your staff are aware of the digital threats and make backups.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – malware, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]