Acronis Blog
Authors
MSP Threats Security Team
MSP Threats Security Team

Latest stories from MSP Threats Security Team

27 April 2021  — 7 min read
TRU Security
Acronis
27 April 2021  — 7 min read
DearCry ransomware exploits Exchange server vulnerability
DearCry ransomware uses the recently disclosed zero-day ProxyLogon vulnerabilities to hack into Microsoft Exchange servers. Its file encryption scheme leaves no chance of decryption without the correct key, and data overwriting techniques may complicate recovery. The first DearCry attack was discovered on March 9, 2021.
03 March 2021  — 12 min read
TRU Security
Acronis
03 March 2021  — 12 min read
Cl0p ransomware returns with better self-defense and bypass techniques
In February 2021, the public was shocked by the news of the hacking of Bombardier, a giant in the aerospace industry. During the investigation of the incident, analysts established that the threat group TA505, using the Cl0p ransomware, were responsible for the attack.
10 February 2021  — 3 min read
Acronis Blog
Acronis
10 February 2021  — 3 min read
Five tips for parents on Safer Internet Day
Today is Safer Internet Day — a time to reflect on the ever-changing risks we face when using the internet, and how we can take smart steps to stay protected online. While there are certain dangers associated with the internet and social media, there are also plenty of ways to reduce your child’s risk and make the platform a safer place for them. Here are a few practical tips for parents from the Acronis Security Team.
19 January 2021  — 17 min read
TRU Security
Acronis
19 January 2021  — 17 min read
Ranzy Locker ransomware kills antivirus services
While its current name may be fairly new, Ranzy Locker is simply the latest evolution in a line of ransomware variants that began with MedusaLocker. Many of its details have since changed, including a shift in encryption algorithms from AES-256 to Salsa20. The distribution vectors for Ranzy Locker remain somewhat unclear, though spam campaigns have been indicated as one method.
15 December 2020  — 2 min read
TRU Security
Acronis
15 December 2020  — 2 min read
Acronis Security Advisory: SUNBURST breaches SolarWinds’ Orion software to launch supply-chain attack
Following reports that SolarWinds’ Orion business software was compromised and used in a supply-chain attack by SUNBURST malware. The distributed malware then used elevated credentials gained by compromising network traffic management systems to target FireEye, a cybersecurity firm, and several U.S. government agencies. Details of the attack are available from the Cybersecurity and Infrastructure Security Agency (CISA). While not affected by this event, Acronis wants to reassure partners and customers that we have a strict, secure software development life cycle (SDLC) in place, which we continuously strengthen, to ensure our solutions are safe, secure, and reliable.
12 October 2020  — 8 min read
TRU Security
Acronis
12 October 2020  — 8 min read
New WastedLocker ransomware targets U.S.-based organizations
WastedLocker ransomware was supposedly used by the Evil Corp group, which is known to have delivered Dridex banking malware to attack at least 31 U.S.-based corporations since May 2020. Here we provide an in-depth analysis of WastedLocker, which employs numerous defensive evasion techniques such as digital signing, DLL side-loading, auto-elevation and alternate data streams .
20 September 2020  — 8 min read
TRU Security
Acronis
20 September 2020  — 8 min read
Nefilim ransomware uses Citrix vulnerability to compromise victims’ machines
The Nefilim ransomware group, known to be active since February 2020, adopts the Nemty ransomware code written in the Delphi programming language. It uses a Citrix vulnerability/RDP to access corporate networks. Nefilim started its own data leak site called ‘Corporate Leaks,’ where the operators publish exfiltrated data from compromised organizations if they refuse to pay.
16 September 2020  — 9 min read
TRU Security
Acronis
16 September 2020  — 9 min read
SunCrypt adopts attacking techniques from NetWalker and Maze ransomware
The SunCrypt ransomware family was first spotted in October 2019, but it was not very active at that time. The group behind it was independent in the beginning, but they recently joined the so-called Maze cartel – combining forces to rob individuals and companies around the world. This cartel included Maze and LockBit when it first started, but later welcomed Ragnar Locker and now SunCrypt.
21 August 2020  — 12 min read
TRU Security
Acronis
21 August 2020  — 12 min read
NetWalker leverages obfuscated PowerShell to start C# injector
NetWalker ransomware was discovered in August 2019 in the wild. It implements a ransomware-as-a-service model, targeting both organizations and individual users. Since March 2020, the operators have managed to extort approximately $25 million.
13 August 2020  — 5 min read
TRU Security
Acronis
13 August 2020  — 5 min read
Top cyberthreat against macOS now installs adware with a Python script
The first examples of the Shlayer malware family were discovered in February 2018. Since then, it has become the most popular macOS first-stage trojan-downloader.
26 June 2020  — 4 min read
Acronis Blog
Acronis
26 June 2020  — 4 min read
Backdoor wide open: critical vulnerabilities uncovered in GeoVision
Research by Kevin Reed, Acronis CISO; Alex Koshelev, Acronis Security Researcher; Ravikant Tiwari, Acronis Senior Security Researcher When a security manufacturer learns of critical vulnerabilities in their devices, there is an expectation they’ll act quickly to fix the problem. Yet August 2019 became the first of the many months when Acronis would patiently wait for an update (in vain, as it turns out) from one manufacturer in particular.
18 May 2020  — 3 min read
Acronis Blog
Acronis
18 May 2020  — 3 min read
Latest on COVID-19 Hacks, MS-focused Phishing Attacks, Shade Decryption Keys, and Troldesh Ransomware
There is always a lot happening in the world of cybersecurity, so we’ve captured some of the latest highlights in this week’s roundup.