Finland’s National Cyber Security Centre (NCSC) has issued a warning about a new wave of cyber threats involving the deployment of ransomware on Network Attached Storage (NAS) appliances and tape storage media. The Akira Ransomware group is suspected to be behind these attacks, having targeted seven companies in December 2023. This marks a shift from traditional file-encrypting malware that targeted data on networked computers’ hard disk drives to now impacting backup storage media.
In the past, victims of ransomware attacks were advised to rely on backup storage for recovery. However, cybercriminals are now targeting these backup appliances, leaving victimized companies with limited options and often forcing them to pay the ransom. To mitigate this risk, NCSC-FI recommends storing critical information on offline backups or media that is not frequently connected to the internet. Security experts also suggest maintaining backups in multiple geographically diverse locations, such as cloud storage and off-site backups, to ensure reliable failover capabilities.
Another cybersecurity development involves a Turkish hacking group targeting Microsoft SQL servers globally. The Mimic Ransomware-spreading hackers focus on MSSQL computers in the EU, the USA, and Latin America, using brute force attacks for compromise. The Securonix Threat Research team has identified this new malware variant, active since November of the previous year, targeting unsecured open-source database management systems. Similar motives were observed in the Phobos Ransomware and Crysis Ransomware groups, which are linked to a Russian cybercrime gang offering ransomware-as-a-service.
To protect against MSSQL server compromises, experts recommend regular server patching, using a VPN when exposing servers to the internet, and implementing security measures such as blocking excessive access to the xp_cmdshell procedure. Deploying Powershell logging and monitoring new user connections at endpoints are also suggested strategies to prevent intrusive cyber attacks.
Key Points:
1. Hackers are now deploying ransomware on NAS appliances and tape storage media, targeting backup storage.
2. Victimized companies are left with limited options and often forced to pay the ransom.
3. NCSC-FI recommends storing critical information on offline backups or media not frequently connected to the internet.
4. Maintaining backups in multiple geographically diverse locations provides reliable failover capabilities.
5. A Turkish hacking group is targeting Microsoft SQL servers globally, using brute force attacks for compromise.
6. Regular server patching, using a VPN, and implementing security measures are recommended to protect against MSSQL server compromises.