1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hybrid cloud environments being targeted by worrying new ransomwa

    From TechnologyDaily@1337:1/100 to All on Mon Sep 30 19:45:05 2024
    Hybrid cloud environments being targeted by worrying new ransomware attacks

    Date:
    Mon, 30 Sep 2024 18:33:00 +0000

    Description:
    Microsoft's researchers catch the Embargo ransomware in the wild, and warn US firms of its existence.

    FULL STORY ======================================================================

    Cybercriminals are targeting hybrid cloud platforms with a worrying new ransomware strain, Microsoft security researchers have revealed.

    Threat intelligence experts from the company have published a new blog post warning of Storm-0501, a ransomware affiliate group active since 2021.

    The team has warned Storm-0501 is targeting different verticals across the United States, from government, manufacturing, to transportation, and law enforcement. Rust-built ransomware

    Microsoft's researchers believe the group is financially motivated, meaning
    it is not a state-sponsored player, as it targets firms with the intent of extorting money, which is then likely used to fund additional cybercriminal activity.

    When it attacks, Storm-0501 looks for poorly protected, over-privileged accounts. Once compromised, the accounts are used to grant access to on-prem devices, and from there, cloud environments. The next step is to establish persistence and allow unabated lateral movement throughout the
    infrastructure.

    The final step is the introduction of ransomware. In the past, Storm-0501
    used popular variants, such as Hive, BlackCat (ALPHV), Hunters International, and LockBit. However, in some of the more recent attacks, the group used a ransomware variant called Embargo.

    Embargo is a relatively new strain, developed in Rust. Microsofts researchers state that it uses advanced encryption methods and operates under the RaaS model (meaning someone else is developing and maintaining the encryptor, and thus gets a share of the eventual spoils). While using Embargo, Storm-0501 goes for the old and proven double-extortion tactic, where they first steal a victims files, then encrypt the rest, and threaten to leak it online unless the victim pays a ransom.

    In the cases Microsoft analyzed, Storm-0501 leveraged compromised Domain
    Admin accounts and deployed Embargo via scheduled tasks. The ransomware binaries names that were used were PostalScanImporter.exe and win.exe. The extensions of the encrypted files were .partial, .564ba1, and .embargo.

    It is also worth mentioning that Storm-0501 sometimes refrains from deploying the encryptor and just maintains access to the network. More from TechRadar Pro Ransomware attacks are soaring to a new high Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hybrid-cloud-environments-being-targete d-by-worrying-new-ransomware-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)