The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack
Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. [...]
The restaurant chain hasn't provided any information regarding what led to a widespread IT outage, and customers and employees are asking for answers.
Panera Bread's recent week-long outage was caused by a ransomware attack, according to people familiar with the matter and emails seen by BleepingComputer. [...]
A Babuk variant has been involved in at least four attacks on VMware EXSi servers in the last six weeks, in one case demanding $140 million from a Chilean data center company.
Also: Insurer Predicts Ransomware for Cars, Offers to Cover Towing CostsThis week, Omni, OWASP and MarineMax suffered cyber incidents, Ivanti disclosed flaws, Cisco gave tips to stop password-spraying attacks, a court upheld an FCC ban, India rescued citizens in Cambodia, Americans lost $1.1 billion to impersonation scams, and an insurer introduced a cyber auto policy.
A Trend Micro report shows a clear drop in the number of actual infections associated with the LockBit ransomware following Operation Cronos
A state of emergency was declared, caused by operational inconsistencies across digital infrastructure
Leicester City Council confirmed around 25 sensitive documents have been leaked online, including personal ID information, following claims by the Inc Ransom gang
INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs Leicester City Council is finally admitting its "cyber incident" was carried out by a ransomware gang and that data was stolen, hours after the criminals forced its hand.…
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground when it goes wrong? An Active Adversary Special ReportRemote Desktop Protocol (RDP) is commonly abused by ransomware groups. Here are methods on how we can provide context and advice for administrators and responders looking to deal with RDP.
Nearly three months after Operation Cronos, it's clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention.
Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups. [...]
Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups. [...]
Jackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday. [...]
As WhatsApp, Facebook Messenger, and more fall offline today Luxury resort chain Omni Hotels & Resorts has had its computer systems knocked offline since Friday in what it has described as a "disruption," though sounds a lot like the MGM Resorts ransomware infection over the summer.…
Missouri County Blames Ransomware for IT Outages; Special Election Not DisruptedThe Missouri county of Jackson has declared a state of emergency after being hit by ransomware on the day of a special election. Officials said attackers didn't appear to have stolen any data and that as a cybersecurity measure, the county doesn't store any residents' sensitive financial data.
Sophos reveals “unprecedented” levels of RDP compromise in ransomware attacks in 2023
An economic success story in Asia, Vietnam is seeing more manufacturing and more business investment. But with that comes a significant uptick in cybercrime as well.
Ransomware groups tore into manufacturing other parts of the OT sector in 2023, and a few attacks caused eight- and nine-figure damages. But worse is yet to come in 2024.
How security teams in the region fortify their defenses amid short-staffing — and increased DDoS, phishing, and ransomware campaigns — during the Muslim holy month.