Cyberthreat update from Acronis CPOCs: Week of November 30, 2020

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of modern hazards in the digital landscape — such as evolutions of notorious cyberthreats, and the new hazards facing holiday shoppers. Here’s a look at some of the most recent breaking news and analyses:

Ransomware jumps from Windows to Linux

In a case of ransomware evolution, RansomEXX — a prevalent file-encrypting Trojan —has recently made the jump from Windows to Linux.

As cross-platform compatibility becomes more prevalent, cybercriminals are working to make their payloads more effective across multiple operating systems. We’ve already seen ransomware variants pop up on Windows, macOS, and Linux, but RansomEXX’s actual move from one OS to another is thus far unique.

RansomEXX is responsible for, among other instances, cyberattacks on tech giant Konica Minolta and Montreal’s STM public transit system — where the ransomware took down around 1,000 servers while demanding a ransom of $2.3 million.

With a slew of capabilities that include anti-ransomware protection and support for both local and cloud backups, Acronis Cyber Protect safeguards your data across entire workloads — no matter which operating system you’re using.

Fake stores and other shopping scams on the rise

The holiday shopping season is in full swing — and with a pandemic in full swing, people are relying on online shopping more than ever. A recent survey by creditcards.com showed that 70% of Americans will do their holiday shopping online this year, compared to 51% last year.

Cybercriminals are well aware of this situation. Fake storefronts litter the web, claiming to offer luxury items at a low price — only for the malicious actors behind these stores to steal and misuse the passwords, addresses, and financial details entered by buyers. According to ScamWatch Australia, losses due to online shopping scams have increased by 42% this year.

The URL filtering capabilities in Acronis Cyber Protect prevent users from visiting fake stores and other malicious addresses, safeguarding sensitive data from cybercriminals.

Tax filing software targeted by ransomware

In an effort to maximize earnings, cybercriminals are increasingly targeting data related to tax filings, often by searching for the presence of related software on local systems. This has the potential for massive impact on organizations.

The Mount Locker ransomware searches for and encrypts files with a TurboTax-related extension, such as .tax, while the LockBit ransomware uses PowerShell scripts to find specific software, including the tax applications OLTPro, Lacerte, and Intuit ProSeries.

Encrypting and exfiltrating tax data can give attackers considerable leverage over their victims, helping to pressure them into paying the demanded ransom. Acronis Cyber Protect stops these and other ransomware variants through its AI-based detection and protection capabilities.

TrickBot has new trick for finding high-value targets

The notorious TrickBot malware gang has recently integrated a new tool, LightBot, for help in quickly determining whether or not an infected target is high-value. This is a PowerShell script that gathers network infrastructure details, allowing the group to glean information about an organization’s size, security position, wealth, and vulnerability.

TrickBot is one of the largest and longest-lived botnets to date, having used over 40,000 different command-and-control (C&C) servers in 2020 alone. It was responsible for recent attacks against Universal Health Services, which lead to a weeklong service outage and the breach of 220,000 patient records.

As TrickBot’s operators continue to implement more tools and increase the cyberthreat’s sophistication, effective anti-malware tools — like those present in Acronis Cyber Protect — are crucial for keeping data and systems safe.

Cyclone Nivar brings severe flooding to India

Cyclone Nivar has brought heavy rains and flooding to southern India, with several districts in the state of Andhra Pradesh being hit the hardest.

The region saw nearly 188% excess in rainfall, compared to the average in previous years. This has led to severe flooding, damage to at least 30,000 hectares of crops, and the displacement of over 10,000 people. Knee-deep floodwaters have damaged roads and buildings, knocking out power in several areas — and with inadequate storm drainage, sitting water threatens to impede recovery times while increasing the local damage dramatically.

Natural disasters on this scale can be devastating to business continuity. The cloud backups in Acronis Cyber Protect, along with integrated disaster recovery capabilities, make data and systems restoration as quick and painless as possible.

# # #

For the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.