January 16, 2021 — Eric Swotinsky
Malware analysisIncident reportsClient education

Cyberthreat update from Acronis CPOCs: Week of January 11, 2021

Cyber Protect Cloud

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of modern hazards in the digital landscape — such as ransomware attacks on major corporations and changes in business application security. Here’s a look at some of the most recent breaking news and analyses:

Home appliance giant Whirlpool hit by Nefilim ransomware

Whirlpool, one of the world's largest home appliance manufacturers, is dealing with the fallout of a Nefilim ransomware attack after the cybercriminal gang successfully stole corporate data and encrypted devices.

Companies like Whirlpool, with high revenues and strong reputations that they’re motivated to protect, are particularly appealing targets for ransomware groups. Whirlpool employs over 77,000 people across 59 manufacturing and technology research centers worldwide, and 2019 records indicate that the company had revenue of approximately $20 billion.

The Nefilim group is using the tried-and-true tactic of leaking stolen data, having already released sensitive information online to increase the pressure on Whirlpool to pay up. This includes documents relating to employee benefits, accommodation requests, medical information requests, background checks, and more.

Ransomware, like the type Nefilim employs, tends to follow distinctive patterns. Acronis Cyber Protect has an advanced heuristic engine that recognizes these patterns and stops all types of ransomware before they can start.

Healthcare providers increasingly targeted by ransomware attacks

Healthcare companies are becoming increasingly larger targets for ransomware operators, as demonstrated by two recently-disclosed attacks.

GenRx Pharmacy, in Scottsdale, Arizona, has issued warnings to over 137,000 patients about a potential data breach following a ransomware attack earlier in 2020. Though attackers were in the GenRx systems for only one day, it appears they were able to access and steal personally-identifiable information (PII) that the pharmacy uses to process and ship products to patients, including names, addresses, and dates of birth.

Another mid-2020 attack affected Apex Laboratory, who provides in-home blood work for patients in South Florida, New York City, and Long Island. Exposed data included patient PII as well as test results and even Social Security numbers. This was yet another example of a double-extortion attack, where files were both encrypted and exfiltrated, with their release threatened should the ransom go unpaid.

While the ransomware strains used in each of these attacks is not currently known, the behavioral engine in Acronis Cyber Protect stops all types of ransomware before they can seriously damage your systems and easily restores any encrypted files.

Gaming industry rocked by cyberattacks

Leading companies in the gaming industry — including Sony, Microsoft, and Nintendo — are increasingly coming under attack by cybercriminals.

Over 1.5 million stolen user credentials have recently been discovered for sale on the dark web, with half a million of these tied to the top 25 gaming firms. These account details may allow access to web portals, admin panels, dev environments, and even VPN services.

The gaming industry is worth around $196 billion, and continues to experience fast-paced growth. In addition to credential-stealing malware, both publishers and developers have been targeted by ransomware, including Ubisoft — which was hit with the Egregor variant just a few months ago.

Cybercrime is on the rise across every industry, and large tech companies are a particularly popular target of cybercriminals. Acronis Cyber Protect, with its leading heuristic engine and URL filtering, stops ransomware and other malware in their tracks.

Adobe officially discontinues support for Flash Player

After three years of warning the world that the age of Adobe Flash Player would be coming to an end, Adobe has finally discontinued the software as of December 31st, 2020.

Support for Flash has ended in major browsers, and Adobe has begun blocking Flash content as of January 12. Flash Player itself will remain on users' systems until removed by the user or administrator — prompt removal is highly recommended, as no future updates will be issued by Adobe to fix any discovered vulnerabilities. It’s worth noting that fake software updates are a common cybercrime tactic to get victims to install malware. Any notifications of new Flash updates should be considered to be malicious going forward.

With its integrated vulnerability assessment capabilities, Acronis Cyber Protect helps to keep your systems secure by alerting you to outdated applications. It can also alert you to the presence of unwanted software, such as Adobe Flash, on your systems.

Typhoons, floods cause significant damage in Kyushu

The Japanese island of Kyushu has been hit hard in the last six months, with Super Typhoon Haishen and a series of floods causing significant damage to the island.

Haishen struck the island on September 6th, bringing damage from strong winds, flooding and landslides. Combined with additional flooding the island has experienced in 2020, both before and after the typhoon, the total damages to the island come in at around $1.7 billion.

Flooding alone is thought to have damaged or destroyed as many as 15,335 buildings in 2020, and caused 77 deaths. Around 75,000 residents had to be evacuated, a process complicated by the destruction of 11 bridges. Haishen’s arrival before restoration and repairs could be completed further compounded the situation.

The simple cloud backup and disaster recovery options integrated into Acronis Cyber Protect simplifies your recovery process after a disaster by quickly and effortlessly restoring files, as soon as systems can be brought back online or replaced.

# # #

For the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.