In the latest incident that illustrates the overlap of the traditional economy and infrastructure with the digital realities of modern business, one of the largest pipelines in the U.S. was forced to shut down this past weekend after being hit by a ransomware group. Managed by Colonial Pipeline Co., the 5,500-mile pipeline runs across 14 states between Houston, TX and New York Harbor, and provides around 45% of all fuel for the U.S. East Coast.

DearCry ransomware uses the recently disclosed zero-day ProxyLogon vulnerabilities to hack into Microsoft Exchange servers. Its file encryption scheme leaves no chance of decryption without the correct key, and data overwriting techniques may complicate recovery. The first DearCry attack was discovered on March 9, 2021.

In February 2021, the public was shocked by the news of the hacking of Bombardier, a giant in the aerospace industry. During the investigation of the incident, analysts established that the threat group TA505, using the Cl0p ransomware, were responsible for the attack.

The success of the massive SolarWinds supply-chain attack presents an urgent new cybersecurity challenge to every business. We plumb the tactics used in the SolarWinds breach and show how Acronis defends against it and similar attacks.

WastedLocker ransomware was supposedly used by the Evil Corp group, which is known to have delivered Dridex banking malware to attack at least 31 U.S.-based corporations since May 2020. Here we provide an in-depth analysis of WastedLocker, which employs numerous defensive evasion techniques such as digital signing, DLL side-loading, auto-elevation and alternate data streams .

The Nefilim ransomware group, known to be active since February 2020, adopts the Nemty ransomware code written in the Delphi programming language. It uses a Citrix vulnerability/RDP to access corporate networks. Nefilim started its own data leak site called ‘Corporate Leaks,’ where the operators publish exfiltrated data from compromised organizations if they refuse to pay.

The SunCrypt ransomware family was first spotted in October 2019, but it was not very active at that time. The group behind it was independent in the beginning, but they recently joined the so-called Maze cartel – combining forces to rob individuals and companies around the world. This cartel included Maze and LockBit when it first started, but later welcomed Ragnar Locker and now SunCrypt.