BlackCat Ransomware Breaches More than 60 Organizations
Three years. A security vulnerability that was left unpatched for THREE YEARS allowed a notorious cyber-criminal gang to breach a network and plant ransomware. The FBI has issued a warning that this group has compromised at least 60 victims around the world. BlackCat ransomware, also known as ALPHV, is becoming one of the most active ransomware groups.
BlackCat used a simple technique that allowed malicious cyber criminals to gain initial access to the network and exploit an SQL injection vulnerability in an internet-exposed unpatched and end-of-life SonicWall SRA appliance. SonicWall had issued a patch for this vulnerability several years ago. However, when the patch is not applied, it provides an easy entry point into a network.
BlackCat deploys several techniques not used by other ransomware groups designed to make attacks successful. The ransomware is written in the Rust programming language, which is unusual for malware and makes it more difficult to detect and examine. It also uses a unique binary for each victim, based around information found in the target environment. The unique binary makes it more difficult to identify attacks as the code used in each campaign will vary.
This latest string of ransomware attacks should serve as a reminder to always patch your network infrastructure. Your organization should monitor your networks for external access from known IP addresses or unusual patterns of behavior. And equally as important, your business needs to backup your servers regularly. That way, if something were to happen, your network can be restored without needing to pay a ransom. You should also use multi-factor authentication where possible.
If you need help reviewing your security solutions stack or security protocols within your business, let 2W Tech help. We are a technology service provider specializing in solutions for the manufacturing industry. Let our IT Consultants help ensure your business is protected from cyberattacks.