Cyberthreat update from Acronis CPOCs: Week of June 14, 2021

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of modern hazards in the digital landscape — such as the latest ransomware strikes against major targets and dangerous cyberthreat trends to watch out for. Here’s a look at some of the most recent breaking news and analyses:

REvil ransoms U.S. nuclear submarine

Not long after their attack on JBS, the REvil ransomware gang has struck a new target — a subcontractor for the U.S. Department of Energy. Sol Oriens confirmed recently that they’ve been aware of the attack since May 2021.

Both the ransom value and the amount of data that may have been stolen remain unknown at this time. However, recent demands from REvil have been in the tens of millions of dollars. The group demanded $11 million in the JBS attack.

Sol Oriens has announced that they’re working with a third-party technological forensic firm to ascertain the scope of the attack, but they do not believe classified data has been stolen. Initial leaked data appears benign.

Keeping your data protected against ransomware is easy. Acronis Cyber Protect's advanced heuristic engine detects threats like REvil and blocks them before they can compromise your data or systems.

Food service supply giant Edward Don & Co hit by ransomware

One of the largest U.S. distributors of food service equipment and supplies, Edward Don & Company, was hit with ransomware earlier this week. With over 1,000 employees and annual revenues of over $500 million, this is an undoubtedly high-value target.

At this time, Edward Don & Company have not admitted to being attacked. Still, employees are currently using Gmail accounts to communicate with customers about orders, and the company is not accepting new orders until their systems are brought back online.

The ransomware gang behind the attack is still unconfirmed, though the use of QBot suggests that REvil could be responsible. No matter the threat actor, Acronis Cyber Protect recognizes and blocks all forms of ransomware with its threat-agnostic behavioral heuristic engine.

Scammers sneak around security in BEC attacks

Microsoft researchers have disrupted the cloud infrastructure used by an email scammer group. The attackers were compromising their initial targets through classic phishing email tactics — such as fake voicemail notifications — with the goal of gaining access to the victim's email account.

Once the attackers gained access to the mailbox, they updated forwarding rules to exfiltrate sensitive messages, including financial emails. The attackers set up look-alike domains to trick victims into entering their email credentials, and even used legacy protocols to bypass multi-factor authentication if enabled.

Business email compromise (BEC) attacks often try to convince an employee to make a wire transfer to a bank account controlled by the attacker. This type of attack was responsible for nearly $2 billion in damages last year, according to the FBI. Acronis Advanced Email Security protects users from phishing attacks and BEC scams, preventing employees from accidentally revealing sensitive data.

Unhealthy amount of breaches in healthcare industry

Medical group practice Five Rivers Health Centers, based in Ohio, has suffered a breach after an email compromise that lasted two months. This strike was the result of a phishing attack.

Nearly 160,000 patients have been notified that their health information and other personally identifiable data was compromised in the breach. This data includes financial account numbers, driver's licenses, and Social Security numbers, among other sensitive information.

As soon as the breach was discovered, the company took steps to secure the compromised accounts, and began a forensic investigation. Five Rivers is now enforcing two-factor authentication, and has revised their security procedures and provided additional cybersecurity training to their staff.

Acronis’ Advanced Email Security effectively blocks phishing scams and other email threats from ever reaching your employees, eliminating the risk of data leakage.

# # #

For the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.