Ransomware News: Magniber gang; Comic book distributor gets hit; Operation Cyclone and more.
Posted by: GuidePoint Security
Published 11/17/21, 9:00am
REvil indictments and arrests weren’t the only ransomware stories in the news last week. Here are some additional ransomware trends making headlines.
Ransomware gang exploiting Internet Explorer flaw
Industry researchers have discovered a ransomware gang known as Magniber exploiting two Internet Explorer (IE) vulnerabilities coupled with malicious advertisements to infect users.
The two IE flaws (CVE-2021-26411 and CVE-2021-40444) both have a Common Vulnerability Scoring System (CVSS) rating of 8.8. CVE-2021-26411 involves a memory corruption flaw and CVE-2021-40444 a remote execution vulnerability. Microsoft has issued fixes for both flaws.
The Magniber gang has a history of exploiting Microsoft vulnerabilities, including the recent PrintNightmare issue that arose over the summer
Ka-pow! Comic book distributor hit with ransomware attack
Last week, a large Maryland-based comic book distributor was hit with a ransomware attack that delayed shipments for two to four days. The distributor said in a statement that it was working with third-party experts and only order processing and internal communications platforms were affected. It did not believe customer or financial information had been affected.
Clop ransomware leveraging SolarWinds vulnerabilities
Industry researchers have recently discovered the Clop ransomware (also known as TA505 and FIN11) targeting the exploitation of a known and patched vulnerability in the SolarWinds Serv-U file server software. The vulnerability—CVE-2021-35211—involves a remote code execution (RCE) issue that would enable attackers to execute arbitrary commands on vulnerable servers with elevated privileges. Users of the software are urged to immediately update to the latest version immediately.
Operation Cyclone—Six Clop ransomware gang operators arrested in Ukraine
Ukrainian law enforcement officials announced last week the arrest of six members of the Clop ransomware gang believed to be involved in the ransom payment money laundering process. Dubbed Operation Cyclone, the operation involved coordinated support from Interpol’s Cyber Fusion Center and U.S. and Ukrainian law enforcement, as well as several private cybersecurity organizations. Clop is known for its attacks on US academic institutions and South Korean companies.
GuidePoint Security