News You Might’ve Missed. 09 – 12 Nov

What's new this week in the news for MSPs? Amazon Web Services launches enhancements to its data storage services; AWS simplifies network traffic inspection with its Gateway Load Balancer; RansomEXX has a new version targeting Linux systems; Ragnar Locker hits the Italian drinks manufacturer Campari; and Compal Electronics suffers a ransomware attack with a demand for $17 million.

Let's see what it's all about.

Amazon Web Services Launches Enhancements to Its Data Storage Services

Amazon Web Services Inc. initiated a group of enhancements to its data storage services. The new services aim to reduce cloud costs for enterprises and lighten the work of administrators.

The new services target S3 Intelligence-Tiering. They will allow businesses to save on the cost of infrequently used archive records, such as company docs that need to be kept for legal issues. Data that is not accessed for 90 days can be automatically transferred to low-cost Archive Access. Those not accessed for 180 days are transferred to Deep Archive Access, where costs are even lower.

These lower-cost storage classes lose in performance, are slower and therefore take extra time to fetch data. However, this is normal for most archived files, since they are less often needed in a hurry.

An update to AWS Backup was also launched that permits scheduling automatic backups by administrators for their companies’ cloud workloads. It also lets them perform related data protection tasks.

AWS Simplifies Network Traffic Inspection With Its Gateway Load Balancer

The announcement of the new service’s general availability came from Amazon Web Services. Amazon says it will ease access to outside virtual network appliances on its cloud.

AWS Gateway Load Balancer will make it cost-effective and straightforward to scale, deploy, and manage virtual appliances. Examples are network monitoring systems and firewalls housed in the cloud, according to Amazon.

The new service is meant as a companion to Amazon’s Virtual Cloud Ingress Routing service, which began last year. Now, with the Gateway Load Balancer, life is more straightforward with the creation of a single gateway that distributes traffic evenly over the network and will scale appliances up and down, as needed.

RansomEXX Has a New Version Targeting Linux Systems

While most ransomware targets the Microsoft Windows operating system, a newly discovered version of RansomEXX is targeting Linux systems.

On November 6th, researchers at Kaspersky Labs detected and announced the Linux variant of RansomEXX. The researchers say it is a highly targeted trojan. It also includes the name of the target organization hardcoded into it.

Both the encrypted file extension and the email address for contacting the threat actors make use of the victim’s name, which is a new twist.

After it deploys, the variant generates a 256-bit key that it uses to encrypt all the files that it can reach belonging to the victim by using the AES block cipher. This new variant does have some limitations. The researchers note that it can’t connect to a command-and-control server, and it doesn’t deploy anti-security tools that would let it avoid detection.

Although it is not usual, ransomware that targets Linux systems has made the rounds previously. For example, Tycoon was seen in June, which targets both Windows and Linux using a relatively obscure Java image format.

RansomEXX was involved in the attacks on IP Photonics Corp., the Texas Department of Transport, Konica Minolta Inc., and Brazil’s court system.

Ragnar Locker Hits the Italian Drinks Manufacturer Campari

Davide Campari-Milano S.p.A., or Campari, as it is best known, says a ransomware attack was detected on their systems on November 2nd and encrypted some of their data. Its operations went offline. It has brought in a cybersecurity firm to contain the incident and put additional cybersecurity measures in effect; it has also contacted law enforcement and the FBI.

The firm didn’t confirm the form of the attack, but it points to ransomware, as it has said that data was encrypted. The ransom note refers to having access to servers throughout the world and then details the types of data stolen. It’s claimed to include accounting files, bank statements, and employee personal information. In all, the threat actors compromised two terabytes of data.

Threatpost says it was a Ragnar Locker cyberattack, and the threat actors behind it have demanded $15 million in bitcoin as payment.

Compal Electronics Suffers Ransomware Attack With a Demand for $17 Million

Compal Electronics is a Taiwan-based laptop maker hit by a DoppelPaymer ransomware attack recently. The cybercriminals have demanded $17 million in bitcoin.

Taiwanese media first reported the ransomware attack. However, the laptop manufacturer denied the attack, claiming it was an “abnormality” in the office automation system.

BleepingComputer has since confirmed that a DoppelPaymer ransomware attack hit Compal. They obtained the ransom note left in the attack.

The usual method employed by DoppelPaymer is that of gaining access to admin credentials. They then use them to spread over a Windows network. Once they access the Windows domain controller, they deploy ransomware payloads devices throughout the system.

The compromised data is used to extort a payment from the victims. In the absence of that payment, the data would be released to data leak sites.

The ransom demand is usually an asking or starting price that the victim may negotiate to a much smaller amount if and when they decide to pay it.

That's a Wrap for News You Might've Missed

I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.