Cyber Security News — Past 24 hours | 28.04.2021
A Ransomware Group Made $260,000 in 5 Days
A ransomware group made $260,000 by remotely encrypting files on QNAP computers using the 7zip archive software in an interval of five days. After a ransomware operation called Qlocker exploited vulnerabilities on their computers, QNAP NAS users all over the world discovered their files had been encrypted as of Monday. While most ransomware groups spend a significant amount of time developing their malware to make it powerful, feature-rich, and safe, the Qlocker gang didn’t have to do so. To access all of a victim’s computers and not leak their stolen data, enterprise-targeting ransomware usually demands ransom payments ranging from $100,000 to $50 million.
Since the Qlocker ransomware uses a series of Bitcoin addresses that are rotated around, BleepingComputer collected the addresses and tracked their payments. He gathered ten separate Bitcoin addresses that the threat actors were rotating with victims when using this bug and shared them with BleepingComputer. BleepingComputer has since collected an additional ten bitcoin addresses, bringing the total number of bitcoin addresses used by the Qlocker threat actors to 20. The 20 bitcoin addresses have received ransom payments totaling 5.25735623 Bitcoins at this time which equates to around $258,494 in today’s money.
This ransomware campaign is still active, with new victims being reported daily. To patch the vulnerabilities and defend against these ransomware attacks, all QNAP users must upgrade the latest versions of the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync software.
BigBasket: Data Breach Leaks 20 Million User Data
The company mainly provides its customers with food products in convenience shops, home supplies, and food. Big Basket is a famous grocery delivery service platform that enables consumers to purchase and deliver food online. Lately, a popular dealer of data breaches named Shiny Hunters, on the morning of 26th April, published a free database on a hacker website claiming that it has already been stolen from Big Basket. Last year during November, when the same dealer, Shiny Hunter attempted to sell the data stolen via private sales on some hacking websites, Big Basket confirmed to Bloomberg News that it had experienced a data breach.
«There’s been a data breach and we’ve filed a case with the cybercrime police,» Big Basket CEO Hari Menon told Bloomberg News.
Shiny Hunters have executed several other data breaches in the past including Tokopedia, Tee Spring, Minted, Chat books, Dave, Promo, Mathway, Wattpad, and more. The event happened weeks after the Indian Tata Group decided to purchase Big Basket, at an increase of over $1.8 billion in the value of Indian start-ups. As Bleeping Computer has also verified that certain documents are correct, like Big Basket’s personal information, consumers should be confident in keeping it safe and believing that customer data has been leaked too.
Hacker dumps sensitive household records of 250M Americans
On April 22nd, 2021, a hacker going by the online handle of Pompompurin leaked a database containing personal and sensitive household data of over 250 million American citizens and residents. Additionally, the data was available on three different IP addresses all of which were accessed by the hacker before being removed or reassigned by its owner. Com can confirm is that the leaked information contains treasure trove data for cybercriminals and State-backed hackers.
Database on Russian hacker forums
Based on the ongoing diplomatic row between Russia and the United States over the SolarWinds hack, the leaked records are a treasure trove for malicious parties seeking data on American citizens.
Threats to victims
While some can use the data to locate people, hackers and scammers can send phishing emails, carry out SMSishing, use the data to attempt SIM Swapping or identity scam.
Wormable Malware Comes Back As ‘WhatsApp Pink’ — Now Targets Signal, Telegram Too
A new malicious campaign is active in the wild aiming at WhatsApp users. The campaign lures users to download ‘WhatsApp Pink’, which actually is malware that also targets Signal and Telegram as well. WhatsApp Pink Malware Campaign Recently, the ‘WhatsApp Pink’ scam made it to the news after an Indian security researcher Rajshekhar Rajaharia warned about it.
However, clicking on the link and trying to download the app actually installs the malware to the device. This malware automatically establishes itself on the target device with minimal user input. The victim would only be required to give it the permission it asks. Once installed, a temporary icon, that resembles the WhatsApp app icon but is pink in color, appears that disappears when the user clicks on it. According to ESET, this campaign is simply a variant of the wormable malware that they first warned in January 2021. At that time, the malware typically focused on WhatsApp notifications. However, the new malware ‘WhatsApp Pink’ also reads and responds to Signal and Telegram notifications.
Preventing The Malware With Security App While the malware campaign is highly wormable, getting rid of it isn’t difficult either.
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Commiunity @ SLIIT