News You Might’ve Missed. 16-20 March

What's new this week in the news for MSPs? The world has changed, but that doesn't stop cyber or ransomware attacks.

The Department of Defense goes back to court, and a foreign state may be behind a cyberattack against HHS. It's been a busy week! Let's see what's going on.

The Pentagon Mulls Over $10bn Jedi Contract

The Department of Defense wants to reconsider its decision to award Microsoft the $10bn Jedi contract. According to documents they filed with the US Court of Federal Claims, they are responding to AWS's original injunction against the award of the contract and the February 13th ruling by Judge Patricia E. Campbell-Smith.

In the filing made with Microsoft, the DOD requested the court to remand the case to them for 120 days so they can "reconsider certain aspects of the challenged agency decision." It appears that the DOD now realizes that there were issues with the original award.

NetWalker Ransomware Attack

Cybercriminals launched an attack on the Illinois Champaign-Urbana Public Health District (CUPHD) website by means of NetWalker (Mailto) ransomware, according to a report in The News-Gazette. The attack was discovered when CUPHD staff tried to deliver a COVID-19 update and found they couldn't access specific files.

NetWalker ransomware was first discovered in August 2019 by IDRansomware and was initially named “Mailto”, based on the extension that was added to encrypted files. It uses an embedded configuration that adds a ransom note template and ransom note file names, along with various configuration options.

To guard your business against a NetWalker attack, experts recommend the following preventative actions:

• Open emails only from senders you know and trust
• Download software only from known and trusted sources
• Use antivirus and anti-malware software and update it regularly

Cyberattack on US Health and Human Services Department

Officials believe that the recent cyberattack against the US Health and Human Services Department may be the work of a foreign state. During this attack, the perpetrator attempted to overload their servers with millions of hits over several hours. Fortunately, they didn't succeed in slowing servers down significantly, according to an anonymous informer.

"We had no penetration into our networks, we had no degradation of the functioning of our networks," Health and Human Services Secretary Alex Azar said at a White House briefing on the coronavirus. In a statement, an HHS spokeswoman said that as it prepares to respond to the coronavirus outbreak, it has also increased security.

The National Security Council issued a tweet warning without further explanation on Sunday night about "fake" text messages. They had received a message from an unknown sender, warning that he had information that the President would order a two-week compulsory quarantine for the nation. The tweet was in response to the message.

Officials believe the message may be related to the cyberattack on HHS.

Snake Ransomware Preparedness

Protecting your network against cyberattacks and ransomware infections is essential, especially right now. Snake ransomware could encrypt all the computers on your system, and it is best to prepare your organization with a protection strategy.

Snake ransomware first appeared in January 2020. It attempts to extort from victims by encrypting their files. In the absence of other options, businesses are paying hackers. This ransomware is comparable to MegaCortex, which was making the rounds in 2019.

Snake ransomware's objective is to encrypt a business network completely. Ransomware has become an evil infection that not only encrypts files but digs deep into business data. Even once clear of the encryption, there's no way to be sure your data won't end up for sale on the dark web.

By analyzing bitcoin wallets and ransom notes, FBI special agent Joel DeCapua has been able to follow the money paid by victims. He estimates that from 2013 until November 2019, $144,350,000 was paid out.

Snake ransomware disables ICS processes before encrypting files to make analysis difficult. It has been noted that Snake doesn't attempt to spread; instead, its pathway to infect networks includes email attachments and the exploitation of unpatched or poorly secured network services.

Emails from many cybercriminals can mimic company CEOs' emails successfully, leading staff to respond quickly, wanting to impress the boss. Nozomi Networks Labs has been following and analyzing Snake ransomware from the beginning. Many businesses put off patching their systems due to cost concerns, and this leaves the door wide open to ransomware attacks.

Due to Snake ransomware's aggressive nature, it's essential to have multiple controls in place to detect and prevent it. Experts suggest these guidelines:

• Security awareness across the organization to avoid falling victim to phishing
• Making sure all devices and services are patched, despite the costs and complexity
• Mail content scanning and filtering
• Applying a health check to network infrastructure, ensuring that correct network segregation and firewall policies are in place
• Implementing a resilient backup policy that will support fast access to impacted files

That's a Wrap

That's the week in summary. I hope this overview has been helpful. MSP360 is your resource for MSP news. Stay healthy and check back next week for more highlights.