Microsoft warns hospitals that Gateway and their VPN devices are vulnerable to ransomware attacks that seek exposed endpoints. Technology giant claims hackers hiding behind ransomware REVILE (also known as Sodinokibi), scan it Internet for vulnerable systems, with VPN be widely used at this time as, in view of COVID-19, employees are required to stay and work at home. This group of hackers seems to change her malware infrastructure used last year in new attacks aimed at exploiting vulnerable health care facilities, such as hospitals, which are under extreme pressure to deal with patients infected with COVID-19.
According to Microsoft, these attacks are different from ransomware attempts made on commodities, as hackers exploit their expanded knowledge of system management, while also exploiting common misconceptions about network security. The company also added that as soon as hackers infiltrate into one network, perform in-depth recognition and customize privilege escalation and side-based movements errors security and vulnerable services they discover on the network. In these attacks, hackers usually insist, even for months, on untrusted networks, and then develop ransomware payload. This type of ransomware is harder to recover because it can be difficult for victims to find where hackers have discovered bugs and to locate inboxes, credentials, endpoints or applications that have been compromised.
Reportedly, ransomware attacks, including REvil, had targeted bugs found in Citrix ADC and Gateway products. There is also a suspicion that the team exploited last year's errors on the VPN Pulse Security platform to infringe on Travelex. The National Center for Cyber Security (NCSC) and the NSA warned last October that these products had been targeted. APT hackers.
Microsoft recommends them users to do updates often and carefully, carefully monitor remote access and enable notifications of attacks on Windows as well as the AMSI (Antimalware Scan Interface) for Office VBA in Office 365 environments. Finally, a report released by the company in February contains more details on how users can defend, to some extent at least, ransomware attacks.