{"id":22261,"date":"2022-05-02T08:31:38","date_gmt":"2022-05-02T12:31:38","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=482221"},"modified":"2022-05-02T14:32:48","modified_gmt":"2022-05-02T18:32:48","slug":"cyber-security-today-may-2-2022-more-on-how-the-conti-ransomware-gang-works-individuals-victimized-by-ransomware-news-on-wiperware-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-may-2-2022-more-on-how-the-conti-ransomware-gang-works-individuals-victimized-by-ransomware-news-on-wiperware-and-more\/","title":{"rendered":"Cyber Security Today, May 2, 2022 \u2013 More on how the Conti ransomware gang works, individuals victimized by ransomware, news on wiperware and more"},"content":{"rendered":"<p>More on how the Conti ransomware gang works, individuals victimized by ransomware, news on wiperware and more.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Monday, May 2nd, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<br \/>\n<iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/22969265\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>The Conti ransomware gang<\/strong> will use any tactic to get victims to pay for the release of stolen and encrypted data. <a href=\"https:\/\/research.checkpoint.com\/2022\/behind-the-curtains-of-the-ransomware-economy-the-victims-and-the-cybercriminals\/\" rel=\"noopener\">According to researchers at CheckPoint Software<\/a>, that includes claiming that it has a \u201cbig legal department\u201d that can find out a victim organization\u2019s real financial status and ability to pay. In all probability that claim is an exaggeration. But the blog points out it is true that the gang tries to pin its ransom demand to as much information it can get on an organization, including from stolen documents. The average ransom demand recently has been about 2.8 per cent of a victim organization\u2019s annual revenue. A discount is offered for victims who pay fast. The blog looks at recently-leaked Conti members\u2019 texts to get an idea of how the gang negotiates. The ransom demanded of one victim was $2 million. The victim organization, a government transport agency, offered $500,000. An agreement was reached for just over $1.1 million. Cybersecurity experts say data encryption, network segregation and protected data backups are the best strategies to make sure you don\u2019t have to pay ransomware gangs.<\/p>\n<p><strong>More on ransomware:<\/strong> For some reason people download software updates from strange websites or links in texts and emails instead of from official software developers\u2019 sites. And for some reason, those people are surprised at getting hacked. The latest example is d<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fake-windows-10-updates-infect-you-with-magniber-ransomware\/\" rel=\"noopener\">ocumented by the Bleeping Computer news service<\/a>. It says the Magniber strain of ransomware is being spread to individuals who download what they think is a Windows 10 update. These people didn\u2019t use the Windows Update feature on their computers. Presumably they trusted a message that popped up on their screen or clicked on a link in an email or text. This is another warning: The internet if full of scams. Think carefully before you click.<\/p>\n<p><strong>Using a hacked email account<\/strong> to send phishing emails to victims is an old tactic used by threat actors. They hope the victim trusts the sender\u2019s email address and clicks on an attachment. <a href=\"https:\/\/www.mandiant.com\/resources\/tracking-apt29-phishing-campaigns\" rel=\"noopener\">According to researchers at Mandiant<\/a>, one of the latest to use the tactic is a Russian-based gang known by security researchers as APT29. Recently it compromised several email addresses to send infected messages to employees in a number of embassies around the world. The subject lines of the emails had government-related topics such as Ambassador Absence, Non-Working Days of the Embassy and Embassy Closure Due to COVID-19. The goal is to distribute malware to compromise Windows computers. Once inside APT29 finds ways to elevate their access privileges. In many cases, says the report, this gang can get domain administration privileges in less than 12 hours. Tactics include compromising authentication tickets. Ways of defending against attacks like this include the use of multifactor authentication to protect logins, better protection of Active Directory and training employees to not automatically trust emails from senders they may know.<\/p>\n<p><strong>The NotPetya wiper<\/strong> malware began multiplying around the world in 2017. But thanks to unpatched Windows computers it\u2019s still circulating. That\u2019s according to <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/the-increasing-wiper-malware-threat\" rel=\"noopener\">a new report from Fortinet<\/a> on how to fight this type of malware. The biggest number of vulnerable systems recently detected were in Turkey, followed by Mexico, the United States, the Philippines and Canada. Wiper malware is a particularly nasty weapon used by a variety of attackers, because its goal is to erase everything on a victim\u2019s IT system. Most recently it\u2019s been alleged that Russian-based threat groups have launched wiper attacks against the government and other organizations in Ukraine. The Fortinet article says the best protection against wiper malware are secure off-site data backups, network segmentation and having a thorough incident response and disaster recovery plan.<\/p>\n<p><strong>Finally<\/strong>, storage administrators using certain models of network-attached storage devices from QNAP and Synology are urged to take mitigation action for critical vulnerabilities in their devices\u2019 software. The vulnerable component is the Netatalk file server, an open-source component found in software of a number of NAS storage appliances. <a href=\"https:\/\/www.synology.com\/en-us\/security\/advisory\/Synology_SA_22_06\" rel=\"noopener\">Synology says<\/a> users of its DiskStation Manager 7.1 should upgrade to the latest version. For those using version 7.0 and lower, Netatalk has been disabled. Synology is working on fixes. In the meantime there are workarounds. <a href=\"https:\/\/www.qnap.com\/en-us\/security-advisory\/qsa-22-12\" rel=\"noopener\">QNAP has fixed<\/a> the vulnerabilities in version 4.5.4. 2012 and later of its QTS operating system. It is working on fixes for earlier versions. In the meantime QNAP administrators should disable AFP, which is short for Apple Filing Protocol. Netatalk is an open-source version of AFP. <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/critical-vulnerabilities-qnap-synology-nas-rce\" rel=\"noopener\">The news site Dark Reading notes<\/a> that Western Digital disabled Netatalk from its products in January. Other storage vendors whose software uses Netatalk are looking at installing the latest patch from the developer in their products. Storage administrators should watch and install the latest security updates.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-may-2-2022-more-on-how-the-conti-ransomware-gang-works-individuals-victimized-by-ransomware-news-on-wiperware-and-more\/482221\">Cyber Security Today, May 2, 2022 \u2013 More on how the Conti ransomware gang works, individuals victimized by ransomware, news on wiperware and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on ransomware, wiperware, the latest attacks by APT29 and a warning to NAS users<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-may-2-2022-more-on-how-the-conti-ransomware-gang-works-individuals-victimized-by-ransomware-news-on-wiperware-and-more\/482221\">Cyber Security Today, May 2, 2022 \u2013 More on how the Conti ransomware gang works, individuals victimized by ransomware, news on wiperware and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":20700,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-22261","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=22261"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22261\/revisions"}],"predecessor-version":[{"id":22304,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22261\/revisions\/22304"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20700"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=22261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=22261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=22261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}