We all know that ransomware is very harmful to our IT infrastructure and also harmful to our Money. But Cybercriminals have various technique’s to inject it into the IT infrastructure of various Corporate companies as well as the Government’s infrastructure.
What is Ransomware?
Ransomware is a type of malware that prevents or limits users from accessing their systems. By encrypting their files and demanding a ransom payment for the decryption key, paying the ransom is the easiest and cheapest way to regain access to their files.
The costs can range from some thousands of dollars to Millions of dollars, depending on cybercriminals to set ransom according to an organization and its data and the payable ransom should be in a crypto currency like Bitcoin, Ethereum, etc.
Ransomware attacks are all too common these days. Major companies in North America, Europe, and Asia alike have fallen victim to it. Cybercriminals will attack any consumer or any business and victims come from all industries.
Generally, This type of attack takes advantage of human, system, network, and software vulnerabilities to infect the victim’s device which can be a computer, printer, smartphone, wearable, point-of-sale (POS) terminal, or any other electronic device.
The COVID-19 pandemic also contributed to the surge in ransomware. As organizations rapidly pivoted to remote work, gaps were created in their cyber defenses. Cybercriminals have exploited these vulnerabilities to deliver ransomware, resulting in a surge of ransomware attacks.
Recent News – Ransomware breaches corporate network via Mitel MiVoice VOIP
The Lorenz ransomware exploited a vulnerability in a popular VoIP appliance to gain access to a victim’s corporate network.
Arctic Wolf Labs security researchers spotted this new tactic after observing a significant overlap with Tactics, Techniques, and Procedures (TTPs) tied to ransomware attacks exploiting the CVE-2022-29499 bug for initial access, as Crowdstrike reported in June.
Security Researchers also revealed that the unnamed organization was hit by the Lorenz ransomware.
“Lorenz exploited CVE-2022-29499, a remote code execution vulnerability impacting the Mitel Service Appliance component of MiVoice Connect, to obtain a reverse shell and subsequently used Chisel as a tunneling tool to pivot into the environment.”
After waiting almost a month following initial access, the group then proceeded with lateral movement, data exfiltration via FileZilla, and encryption with BitLocker and Lorenz ransomware on ESXi systems.
Mitel Voice-over-IP (VoIP) products are used by organizations in critical sectors worldwide (including government agencies), with over 19,000 devices currently exposed to attacks over the Internet, per security expert Kevin Beaumont.
Mitel has addressed the vulnerability by releasing security patches in early June 2022 after releasing a remediation script for affected MiVoice Connect versions in April.
The case highlights the need for organizations to gain visibility and control over their entire distributed attack surface, Arctic Wolf argued.