VMware ESXi server ransomware evolves, after recovery script released

After the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released a recovery script for organizations affected by a massive ransomware attack targeting VMWare ESXi servers worldwide, reports surfaced that the malware evolved in a way that made earlier recovery procedures ineffective.The attacks, aimed at VMware’s ESXi bare metal hypervisor, were first made public February 3 by the French Computer Emergency Response Team (CERT-FR), and target ESXi instances running older versions of the software, or those that have not been patched to current standards. Some 3,800 servers have been affected globally, CISA and the FBI said.To read this article in full, please click here READ MORE HERE…

Read more

Unraveling the techniques of Mac ransomware

Understanding how Mac ransomware works is critical in protecting today’s hybrid environments. We analyzed several known Mac ransomware families and highlighted these families’ techniques, which defenders can study further to prevent attacks.
The post Unraveling the techniques of Mac ransomware appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Ransomware attack knocks Rackspace’s Exchange servers offline

Cloud services and hosting provider Rackspace Technology acknowledged Tuesday that a recent incident that took most of its Hosted Exchange email server business offline was the product of a ransomware attack. The company shut the service down last Friday.It was not, initially, clear what had caused the outage, but Rackspace quickly moved to shift Exchange customers over to Microsoft 365, as this part of the company’s infrastructure was apparently unaffected.Rackpsace offers migration to Microsoft 365
Rackspace said today that there is “no timeline” for a restoration of Exchange service, but it is offering Exchange users technical assistance and free access to Microsoft 365 as a substitute, though it acknowledged that migration is unlikely to be a simple process for every user. Rackspace said that, while the migration is in progress, customers can forward email sent to their Hosted Exchange inboxes to an external server, as a temporary workaround.To read this article in full, please click here READ MORE HERE…

Read more

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware.
The post DEV-0569 finds new ways to deliver Royal ransomware, various payloads appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Stopping C2 communications in human-operated ransomware through network protection

Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications.
The post Stopping C2 communications in human-operated ransomware through network protection appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
The post Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society.
The post DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector appeared first on Microsoft Security Blog. READ MORE HERE…

Read more