Published on Jun 20, 2022
A Microsoft report noted that an organisation was compromised by an unpatched Exchange server. Following the compromise, the attacker collected network and operating system information to identify domain computers, domain controllers, and administrators. Then they discovered a password folder that contained account credentials. The attacker was also able to steal intellectual property, encrypt data, and demand a ransom for the decryption keys. IT and security teams should patch critical applications as soon as security updates are released. Monitoring networks for suspicious activity is also essential since the ransomware was deployed two weeks after the attacker entered the network.
Separately, CyberSecurity360 reported that the AlphV gang is demanding $4.5 million from the University of Pisa following a ransomware attack there. As proof of the hack, the gang has already published what it claims is stolen data. The ransom will be raised if payment is not made by Friday.
Cyber threat analyst Brett Callow of Emsisoft tweeted that the AlphV gang has added another pressure tactic: It’s created a site on the open web where employees and customers of victim organisation can check if their personal information has been copied. It is likely the gang is using stolen email addresses to contact people it believes are affected. By doing this, they expect their employer or partner firm to give in to the crooks’ demands. Other criminal gangs are doing the same, according to Callow. BlackCat/AlphV is a rebranding of the Darkside and BlackMatter gangs.
