Add to collection(s) Add to saved
  1. No category
Uploaded by Arman

Assignment Arman secI rno.11

advertisement 
Recent malware attacks
Name: Arman Ansari
Sec: I
R.no. : 11(2018213)
COLONIAL PIPELINE
• Of all of the cyber and ransomware attacks in 2021, the breach of
Colonial Pipeline in late April had the most news coverage. As Touro
College Illinois Cybersecurity Program Director Joe Giordano notes,
“The Colonial Pipeline attack made such an impact because the
pipeline is an important part of the national critical infrastructure
system. Taking the system down disrupted gas supplies all along the
East Coast of the United States, causing chaos and panic.”
BRENNTAG
• At around the same time in early May 2021, the same notorious
hacker group that targeted Colonial Pipeline, DarkSide, also targeted
Brenntag, a chemical distribution company. After stealing 150 GB
worth of data, DarkSide demanded the equivalent of $7.5 million
dollars in bitcoin.
ACER
• Also in May this year, the computer manufacturer Acer(opens in a
new tab) was attacked by the Revil hacker group, the same group
responsible for an attack on London foreign exchange firm Travelex.
The $50 million ransom stood out as the largest known to date. Revil
hackers exploited a vulnerability in a Microsoft Exchange server to get
access to Acer’s files and leaked images of sensitive financial
documents and spreadsheets.
JBS FOODS
• Although Spring 2021 held hopeful news for the end of the pandemic,
the increased trend of cyber attacks that began in 2020 showed no
signs of slowing down. Another high-profile ransomware attack took
place this May on JBS Foods, one of the biggest meat processing
companies in the world. The same Russia-based hacking group that
attacked Acer, Revil, is thought to be behind the attack.
QUANTA
• As with the Acer attack, the Revil gang also demanded a $50 million
ransom from computer manufacturer Quanta in April. Although
Quanta may not be a household name, the company is one of Apple’s
major business partners. After the firm refused negotiations with the
hacker group, Revil targeted Apple instead. After leaking Apple
product blueprints obtained from Quanta, they threatened to release
more sensitive documents and data. By May, Revil seemed to have
called off the attack.
NATIONAL BASKETBALL ASSOCIATION (NBA)
• Businesses and organizations from all different kinds of industries are
targeted by ransomware attacks. One of the more surprising on the
list this year was the National Basketball Association (NBA). In midApril of this year, the hacker group Babuk claimed to have stolen 500
GB of confidential data concerning the Houston Rockets. Babuk
warned that these confidential documents, including financial info
and contracts, would be made public if their demands were not met.
As of this posting, no ransom payments have been made.
AXA
• This May, the European insurance company AXA was attacked by the
Avaddon gang. The attack happened soon after the company
announced important changes to their insurance policy. Essentially,
AXA stated they would stop reimbursing many of their clients for
ransomware payments. This unique (and somewhat ironic) attack on
a cyber-insurance firm made headlines and the hacker group gained
access to a massive 3 TB of data.
CNA
• Earlier this year in March, another large insurance firm fell victim to a
ransomware attack. CAN’s network was attacked on March 21(opens
in a new tab) and the hacker group encrypted 15,000 devices,
including many computers of employees working remotely. The attack
is supposedly linked to the hacker group Evil Corp and uses a new
type of malware called Phoenix CryptoLocker.
CD PROJEKT
• CDProjekt Red is a popular videogame development firm based in
Poland. In February of this year, the firm was hacked by the HelloKitty
gang. The hacker group accessed source code to game projects in
development and encrypted devices. However, CDProjekt refused to
pay the ransom money, and has backups in place to restore the lost
data.
Aiims
• Recently Aiims data was hacked using ransomeware. Hackers
demanded for 200 crore rs. But now after 8 days the system has been
stored back.
Detection and prevention measures
• Immediately disconnect the infected computers, laptops or tablets from all network connections,
whether wired, wireless or mobile phone based.
• In a very serious case, consider whether turning off your Wi-Fi, disabling any core network
connections (including switches), and disconnecting from the internet might be necessary.
• Reset credentials including passwords (especially for administrator and other system accounts) –
but verify that you are not locking yourself out of systems that are needed for recovery.
• Safely wipe the infected devices and reinstall the OS.
• Before you restore from a backup, verify that it is free from any malware. You should only restore
from a backup if you are very confident that the backup and the device you’re connecting it to are
clean.
• Connect devices to a clean network in order to download, install and update the OS and all other
software.
• Install, update, and run antivirus software.
• Reconnect to your network.
• Monitor network traffic and run antivirus scans to identify if any infection remains.
Related documents
poster-4-stop-clicking-suspicious-emails
poster-4-stop-clicking-suspicious-emails
– Current Popular IT IV – T0693 Tugas Review
– Current Popular IT IV – T0693 Tugas Review
Study research 2021
Study research 2021
IET Networks - 2018 - O Kane - Evolution of ransomware
IET Networks - 2018 - O Kane - Evolution of ransomware
Download
advertisement