Recent malware attacks Name: Arman Ansari Sec: I R.no. : 11(2018213) COLONIAL PIPELINE • Of all of the cyber and ransomware attacks in 2021, the breach of Colonial Pipeline in late April had the most news coverage. As Touro College Illinois Cybersecurity Program Director Joe Giordano notes, “The Colonial Pipeline attack made such an impact because the pipeline is an important part of the national critical infrastructure system. Taking the system down disrupted gas supplies all along the East Coast of the United States, causing chaos and panic.” BRENNTAG • At around the same time in early May 2021, the same notorious hacker group that targeted Colonial Pipeline, DarkSide, also targeted Brenntag, a chemical distribution company. After stealing 150 GB worth of data, DarkSide demanded the equivalent of $7.5 million dollars in bitcoin. ACER • Also in May this year, the computer manufacturer Acer(opens in a new tab) was attacked by the Revil hacker group, the same group responsible for an attack on London foreign exchange firm Travelex. The $50 million ransom stood out as the largest known to date. Revil hackers exploited a vulnerability in a Microsoft Exchange server to get access to Acer’s files and leaked images of sensitive financial documents and spreadsheets. JBS FOODS • Although Spring 2021 held hopeful news for the end of the pandemic, the increased trend of cyber attacks that began in 2020 showed no signs of slowing down. Another high-profile ransomware attack took place this May on JBS Foods, one of the biggest meat processing companies in the world. The same Russia-based hacking group that attacked Acer, Revil, is thought to be behind the attack. QUANTA • As with the Acer attack, the Revil gang also demanded a $50 million ransom from computer manufacturer Quanta in April. Although Quanta may not be a household name, the company is one of Apple’s major business partners. After the firm refused negotiations with the hacker group, Revil targeted Apple instead. After leaking Apple product blueprints obtained from Quanta, they threatened to release more sensitive documents and data. By May, Revil seemed to have called off the attack. NATIONAL BASKETBALL ASSOCIATION (NBA) • Businesses and organizations from all different kinds of industries are targeted by ransomware attacks. One of the more surprising on the list this year was the National Basketball Association (NBA). In midApril of this year, the hacker group Babuk claimed to have stolen 500 GB of confidential data concerning the Houston Rockets. Babuk warned that these confidential documents, including financial info and contracts, would be made public if their demands were not met. As of this posting, no ransom payments have been made. AXA • This May, the European insurance company AXA was attacked by the Avaddon gang. The attack happened soon after the company announced important changes to their insurance policy. Essentially, AXA stated they would stop reimbursing many of their clients for ransomware payments. This unique (and somewhat ironic) attack on a cyber-insurance firm made headlines and the hacker group gained access to a massive 3 TB of data. CNA • Earlier this year in March, another large insurance firm fell victim to a ransomware attack. CAN’s network was attacked on March 21(opens in a new tab) and the hacker group encrypted 15,000 devices, including many computers of employees working remotely. The attack is supposedly linked to the hacker group Evil Corp and uses a new type of malware called Phoenix CryptoLocker. CD PROJEKT • CDProjekt Red is a popular videogame development firm based in Poland. In February of this year, the firm was hacked by the HelloKitty gang. The hacker group accessed source code to game projects in development and encrypted devices. However, CDProjekt refused to pay the ransom money, and has backups in place to restore the lost data. Aiims • Recently Aiims data was hacked using ransomeware. Hackers demanded for 200 crore rs. But now after 8 days the system has been stored back. Detection and prevention measures • Immediately disconnect the infected computers, laptops or tablets from all network connections, whether wired, wireless or mobile phone based. • In a very serious case, consider whether turning off your Wi-Fi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary. • Reset credentials including passwords (especially for administrator and other system accounts) – but verify that you are not locking yourself out of systems that are needed for recovery. • Safely wipe the infected devices and reinstall the OS. • Before you restore from a backup, verify that it is free from any malware. You should only restore from a backup if you are very confident that the backup and the device you’re connecting it to are clean. • Connect devices to a clean network in order to download, install and update the OS and all other software. • Install, update, and run antivirus software. • Reconnect to your network. • Monitor network traffic and run antivirus scans to identify if any infection remains.