What's new this week in the news for MSPs? Acer in REvil ransomware attack; Black Kingdom ransomware targeting Microsoft Exchange servers; Stratus Technologies hit by ransomware; and Sierra Wireless in a ransomware attack.
Let's see what it's all about.
Acer in REvil Ransomware Attack
Acer Inc. has been hit by REvil ransomware. The REvil ransomware gang shared a statement on their data leak site on March 18th that they had compromised the Taiwan company. They also share images of the alleged stolen data as proof of the compromise.
The REvil gang is demanding $50 million in ransom from Acer, which is notable, as experts say it is the highest demand on record for a ransomware attack. Analysts note that Acer has not acknowledged the ransomware hit until now. It’s also unknown whether the Taiwanese company is subject to Western regulations such as those imposed by the European Union GDPR.
There is speculation that the REvil group used a highly publicized Microsoft Exchange vulnerability in its attack on Acer. Security experts say they anticipated that the vulnerability would be leveraged in an attack, considering the current climate.
Black Kingdom Ransomware Targeting Microsoft Exchange Servers
The ransomware group known as Black Kingdom is leveraging the Microsoft Exchange Server ProxyLogon vulnerability for server encryption.
MalwareTech Blog researcher Marcus Hutchins said that a threat actor was compromising Microsoft Exchange servers in a tweet, referring to ProxyLogon vulnerabilities to the spreading of ransomware.
Based on his honeypot’s logs, he states that the threat actor uses the vulnerability to execute a PowerShell script. It enables them to then push the malware out on to the network to other connected computers.
The first submissions from the Black Kingdom appeared on March 18th on the site ID Ransomware. The creator of the site, Michael Gillespie, told BleepingComputer that his system has observed over 30 specific entries, and many came directly from mail servers.
Stratus Technologies Hit by Ransomware
A ransomware attack hit Stratus Technologies, obliging them to take their systems offline to stop the spread of the attack.
Stratus Technologies is best known for its ftServer fault-tolerant server solution and ztC edge computing devices, categorized as high-availability products. Businesses needing
over 99.999% uptime, such as banks, emergency call centers, telecommunications providers, and healthcare, generally use Stratus products.
This week, Stratus Technologies reported that they had shut down some of their services and part of their network as a result of being hit by a ransomware attack that they needed to isolate.
Stratus also took their Stratus Service Portal and ActiveService Network (ASN) off-line as part of their response. To provide additional support, Stratus says they contacted all of their ASN customers.
Sierra Wireless in a Ransomware Attack
Leading IoT manufacturer Sierra Wireless was struck by a ransomware attack this week that led to a complete stoppage of some of its internal operations and production work.
On March 20th, the company was first struck by the ransomware, which took its IT systems off-line and disrupted manufacturing production at various sites. The company’s website is also down and shows that it’s under maintenance.
The company says all of its departments immediately acted to counter the attack once it became aware of the incident, following its cybersecurity procedures and policies, which it put in place using third-party advisors.
Subsequently, the company withdrew its 2021 third-quarter guidance, since they suspect there will be financial damages related to the attack.
Sierra Wireless says that it doesn’t believe that customer-facing products have been affected.
The kind of ransomware used in the attack is unknown at this time.
That's a Wrap for News You Might've Missed
I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.