Allow us to use a cliche, yet sometimes no less true, that we have often heard for serious news events: “An announced massacre”.
Late in the evening systems hit and locked up from the global ransomware attack announced Sunday by the National Cybersecurity Agency, it had exceeded 2,100 worldwide. A number that rises rapidly.
The vulnerability exploited by cyber-criminals was far from unknown. The solution, the “patch” (patch) as they say in the jargon, was released two years ago, in February 2021, by VMware, the software company involved. “And 3 days ago the French Cert (the Cyber Alert Response Center, ed.) raised the alarm: it was more or less ignored and this fact is of a disconcerting gravity” he tells us Conrad Giustozzipopularizer and cyber-security expert, partner of Rexilience.
Every cyber attack always exploits a vulnerability in the software. In this case, the one found in the Californian’s popular “virtualization” software VMware (“virtualize” means running a program or system on other hardware in a simulated way, via software).
In this case the solution for the problem was made available by VMware two years ago, in February 2021. «There’s an endless chain of sloppiness and disinterest for not having made the necessary updates… And what’s more, the software in question can only be attacked if exposed on the Internet, which should be avoided. I’m not saying whoever is in trouble went looking for them but they certainly didn’t move in time with the countermeasures» Giustozzi says bitterly. Among the over 2,100 affected servers there are many companies and public administrations (including the French municipality of Biarritz, one of the few targets leaked at the moment).
What are the attackers asking for?
On computers locked by ransomware a note is left which says: «Red alert!!! We have successfully hacked your company. All files are stolen and encrypted by us. If you want to recover files or avoid file loss, please send 2.0 Bitcoin. Send money within 3 days, otherwise we will disclose some data and increase the price. If you don’t send bitcoins, we will notify your customers of the data breach via email and text messages.”
The wallet, the digital wallet, into which the bitcoins are paid is different in each ransom note, as is the amount (sometimes 2.064921 bitcoins are requested, others 2.01584 and so on: with the current quotation they are around 42 thousand euros). No referral link for payment.
Nevada
The intrusions are suspected to be related to a new Rust-based ransomware strain called Nevada, which emerged on the scene in December 2022. Other similar ransomware families include BlackCat, Hive, Luna, Nokoyawa, RansomExx, Agenda. To the group behind Nevada the Resecurity website has dedicated a detailed portrait.
However, the experts agree: the offensive seems to be linked to common cyber-gangs. Common not because of their abilities but in the sense that they lack (at least at the moment) connections with international terrorism or with current geopolitical situations. He does not note nationality, even though most of the ransomware groups are based in Eastern Europe.
Ransomware, what to do?
The case is emblematic of an explosive reality in terms of numbers and consequences: that of ransomware and digital blackmail, which (2022 Trend Micro data) see Italy exposed, first country in Europe and seventh in the world by number of attacks.
What to do? «Preaching good things is useless, because they are not done. There is still a resounding ignorance in companies and in the Public Administration on information security, which too many people see not as a strategic component for the very survival of these realities, but as something similar to light bulbs to be replaced or elevators to be fixed” says Corrado Giustozzi again.
Which then suggests: “We need a regulation which cannot be ignored, as has been done for anti-seismic, anti-fire or public health standards. And rules such as those for kidnappings in the 70s would be needed, which forbid or make it difficult for the subjects affected to pay the ransoms, in order not to feed the vicious circle”.
06 February 2023
© breaking latest news