CPOC

Acronis Active Protection discovers AutoIt cryptomining campaign

The Acronis Security Team was one of the first to identify a new cryptomining campaign targeting the attrib.exe Windows process. Learn how our team detected the spike in crytomining attacks, how the AutoIt cryptomining malware works, and how Acronis Active Protection - built into Acronis cyber protection solutions - helps to keep your systems protected. 

Ryuk Ransomware Strikes Again

Ryuk ransomware continues to wreak havoc – and one U.S. state in particular recently suffered from another successful attack that likely could have been prevented.

Several school districts and government offices in Louisiana were hit by an attack this summer. Unfortunately, the story was just repeated as several state agencies fell victim to another attack on November 18. In this case, the cyberattack shut down systems in the governor’s office, the Department of Motor Vehicles, the Department of Health, and The Department of Children and Family Services.

Hildacrypt closing down Veeam

Following our in-depth review of the new HILDACRYPT ransomware strain, our team reviewed how other popular backup services fared against the cyberthreat. Unfortunately for users of Veeam and Veritas, the answer was: not well.

Learn how Acronis cyber protection services provide your organization with comprehensive protection from existing and zero-day cyberthreats.

Ransomware attacks target medical facilities

Ransomware is constantly targeting medical companies across the United States. Within the past year, these attacks have led to downtime, lost productivity, and - in some cases - needing to close their doors for good. Learn how Acronis Cyber Protection solutions and the innovative AI-based Acronis Active Protection defense can help to ensure that these same consequences don't hit your organization.

HILDACRYPT ransom note

A new ransomware family was discovered in August 2019. Called HILDACRYPT, it is named after the Netflix cartoon “Hilda” because the TV show’s YouTube trailer was included in the ransom note of the original version of the malware.

HILDACRYPT camouflages itself as a legitimate XAMPP installer, which is an easy to install Apache distribution containing MariaDB, PHP, and Perl. However, the cryptolocker’s file name ‘xamp’ differs from the legitimate version. Moreover, the ransomware file does not have a digital signature.

We took a deep dive into this new cyberthreat to show how it works and how you can help overcome its attack with Acronis Cyber Backup.

Nemty ransomware analysis

We took a deep dive into the Nemty ransomware strain, a sophisticated new form of malware that's spreading via a fake PayPal website. Similar in some aspects to Buran and GandCrab ransomware strains, Nemty incorporates three distinct layers of encryption to lock down victim data. Learn how this threat to your system works and how Acronis can help you evade and overcome it.

Syrk ransomware ID screen

We took a deep dive into the insidious Syrk ransomware strain that targets young Fortnite players to deliver a debilitating encryption payload complete with Cryptolocker anti-monitoring and self-defense capabilities. Learn how this threat to your system works and how Acronis can help you overcome it to keep your files safe.

Buran Ransomware uses RIG Exploit Kit

Buran is a new version of the Vega ransomware strain (a.k.a. Jamper, Ghost, Buhtrap) that attacked accountants from February through April 2019. The new Buran ransomware first was discovered in June 2019.

What’s interesting is that this cryptolockers’ code was written in Object Pascal in Delphi IDE – a programming language that was popular in Latin American and former Soviet Union countries around two decades ago when it was being taught in colleges and technical universities.

Let’s take a close look at this ransomware to find out the installation process, communication details, and encryption model.

Plurox cryptomining malware 11

Cryptojacking attacks are not going away any time soon. Instead, they’re becoming more sophisticated – and more dangerous – by using advanced modular malware with worm capabilities as a delivery mechanism. A complex backdoor, called Plurox, was recently discovered by MalwareHunterTeam. It has a pluggable architecture and is able to spread itself over a local network, with the help of the EternalBlue exploit, and start cryptominers downloaded from the command and control (C&C) server.

Ransomware Attack Costs .5 Million in Riviera Beach, FL

Ransomware continues to be a nightmare for individuals and businesses worldwide – but in the U.S., municipal government offices increasingly seem to be the target of choice for cybercriminals.

The city of Riviera Beach, Florida made news recently when it announced it was paying approximately $600,000 in ransom to undo a ransomware attack it suffered in late May. In addition to the ransom paid, officials also invested more than $900,000 into new hardware in the hopes that they do not have the same vulnerabilities as the old ones.

That’s $1.5 million in damages from one attack.

Unfortunately, it sounds like city officials could have avoided making this payment and additional investment if they had followed some basic data protection strategies.