• Write To Us

DSCI Advisory on recent cyber-attacks

DSCI Updates on BadRabbit Ransomware

What is BadRabbit Ransomware? 27-10-2017
BadRabbit (assigned by GroupIB) is a ransomware virus that affects Microsoft Windows based systems. This ransomware outbreak has had a considerable impact in the affected countries. This is ransomware is reported to be an improved variant of NotPetya ransomware. It demands a ransom of $280 worth of Bitcoins (0.05 BTC).


DSCI Updates on CCleaner

What’s this CCleaner Attack?
Recently security researchers at Cisco Talos discovered that malicious hackers had injected a malware into Piriform CCleaner and CCleaner Cloud. This is of concern because CCleaner is used by over 75 million users worldwide to optimize their PCs. It was reported that approximately 2.27 million users were affected by the malware-laden version of CCleaner. Piriform confirmed that CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems, were illegally modified before they were released to public. The attackers had penetrated into one of the update servers of Piriform and injected a two-staged backdoor in the executable binaries of CCleaner and CCleaner Cloud. This backdoor is capable of remotely executing code on the affected systems. It was reported to target top technology companies. The rogue server has been taken down now.

How to counter this malicious attack

1. Remove the affected versions of CCleaner and CCleaner Cloud.

2. Download the latest stable release from Piriform website.

3. It is also advised, though not mandatory, to format and re-install the affected endpoints.

4. Organisations, using an application backlisting solution, can block the installation of affected versions of CCleaner and CCleaner Cloud.

To know more about the attack, read our blog: CCleaner


DSCI Updates on BlueBorne

What is BlueBorne?
BlueBorne is a collection of several vulnerabilities in the Bluetooth protocol. As a result, a new attack vector affecting mobile, desktop and IoT operating systems, has been created. Through this attack, a malicious entity can gain complete control of the target device, including access to any stored information. It was discovered by a US based IoT security lab, Armis. They released 8 vulnerabilities in the implementation of Bluetooth protocol. When combined, these vulnerabilities make it easy for an unauthenticated, remote attacker to obtain private information about the device or user or execute arbitrary code on the device.

Watch this video for a demonstration of this attack on Android devices:

 


DSCI Updates on Petya Ransomware

What is Petya Ransomware?
Petya / Petrwrap / NotPetya / GoldenEye / ExPetr (assigned by Kaspersky labs) is a ransomware virus that affects Microsoft Windows based systems. This ransomware outbreak, though smaller than the previous WannaCry attack, has had a considerable impact. This is a new version of the previously known Petya ransomware virus. It demands payment in bitcoin wallet and contains a personal Posteo email ID, wowsmith123456@posteo.net. It demands a ransom of $300 worth of Bitcoins.

Petya / GoldenEye / ExPetr Ransomware Crisis

CERT-In Advisory

Reference link of CERT-In Advisory: Click Here

Incident Response Help Desk


DSCI Updates on WannaCry Ransomware

A new ransomware named as “Wannacry” is spreading widely and globally.

WannaCry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems. This exploit is named as ETERNALBLUE. The ransomware called WannaCrypt or WannaCry encrypts the computer’s hard disk drive and then spreads laterally between computers on the same LAN. The ransomware also spreads through malicious attachments to emails.

Best Practices Compilation on Wannacry/ WannaCrypt Ransomware

CERT-In Advisory

Reference link of CERT-In Advisory: Click Here

Incident Response Help Desk

CERT-In presentation on WannaCry