By Eduard Kovacs on May 12, 2021
Colonial Pipeline, the largest refined products pipeline in the United States, last week revealed that it was forced to shut down operations after being hit by a piece of ransomware.
The attack, which involved the Darkside ransomware, had significant implications, including states declaring a state of emergency, temporary gas shortages caused by panicked motorists stocking up over fears of gas shortages caused by the hack, and gas prices rising.
Darkside has been linked to Russia, but the hackers said they only wanted to make a profit and denied any government ties. The Russian government has officially denied any involvement, but U.S. President Joe Biden said Moscow does have “some responsibility to deal with this.”
Newish criminal gang trying to make a name for themselves
Gareth Corfield Tue 27 Apr 2021 // 12:25 UTC Share
Copy
Ransomware criminals have posted trophy pictures on their Tor blog after attacking the police force for US capital Washington DC.
The Metropolitan Police Department said it was aware of unauthorised access on our server and had engaged the FBI to investigate, according to BleepingComputer.
Babuk, a relatively new ransomware gang, claimed credit for the attack and claimed to have stolen 250GB of files from the force.
The Register had a look at their blog and found screenshots of folder names suggesting personal data was available to the criminals, as well as details of ongoing investigations.
Codecov Supply Chain Attack May Hit Thousands: Report
Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine
Experts have urged organizations to reassess cyber-risk in their supply chains as it emerged that hundreds of customers of a software auditing company had their networks accessed illegally.
Originally thought only to have affected the supplier, San Francisco-based Codecov, the incident is now believed to have been a deliberate supply chain attack likened in sophistication to the SolarWinds operation.
Investigators told Reuters that the attack had already led to hundreds of customers’ networks being accessed. Codecov’s customer-base of around 29,000 includes many big tech brands such as IBM, Google, GoDaddy and HP, as well as publishers (
Codecov supply chain attack has echoes of SolarWinds computerweekly.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from computerweekly.com Daily Mail and Mail on Sunday newspapers.
DearCry ransomware targets vulnerable Exchange servers
As predicted, ransomware gangs have started to target vulnerable instances of Microsoft Exchange Server, making patching an even greater priority
Share this item with your network: By Published: 12 Mar 2021 13:57
Microsoft has confirmed that a new strain of ransomware is targeting vulnerable on-premise Microsoft Exchange Servers through the dangerous ProxyLogon vulnerabilities as cyber criminal groups zero in on those who have yet to, or are unable to, apply the advised patches.
Redmond said via a tweet that the new ransomware, Ransom:Win32/DoejoCrypt.A or DearCry, was being deployed with initial compromise through Exchange Server. It said users of Microsoft Defender who are receiving automatic updates should not need to take action, but on-prem Exchange users should prioritise the updates it has made available, more information on which is available here.