What's new this week in the news for MSPs?
Nutanix introduces new services to help pandemic-affected companies; AWS launches Amazon Honeycode; Maze ransomware allegedly strikes LG Electronics; newcomer WastedLocker ransomware leveraging fake program updates; and CLOP Ransomware hits Indiabulls group. Let's see what it's all about.
Nutanix Introduces New Services to Help Pandemic-Affected Companies
Datacenter company Nutanix, Inc. announced the launch of its new services that may help companies that are struggling due to the pandemic to deploy, troubleshoot, and upgrade their cloud system remotely.
With many employees working from home, Nutanix said its clients had been grappling with managing their cloud infrastructure as seamlessly as before. Their new Nutanix Foundation Central service will integrate with its HCI software. Deploying private cloud infrastructure at scale from a single interface will now be straightforward for its clients.
The company said they have plans to launch more services soon, which will help their customers maintain their systems, keep them updated, and troubleshoot any issues.
AWS Launches Amazon Honeycode
With the launch of Amazon Honeycode, Amazon Web Services, Inc.has stepped into low-code software development. Last year, research firm Gartner, Inc. revealed that low-code and no-code tools might account for more than 65% of all application development within organizations by 2024.
Honeycode is a fully managed service and will let organization workers build web and mobile-based apps without programming skills. According to Amazon, the goal of Honeycode is to allow customers to make apps that will leverage an Amazon database, from complex project management apps that will merge multiple workflows to simple task-tracking applications.
The new Amazon Honeycode service is in beta now and gives AWS an entry into this quickly growing market of no-code and low-code software development tools. These resources let employees become more productive by building apps that can help them, without needing help from other development departments.
"Amazon has very few white spots within its portfolio of tools, but low-code and no-code was one of them," according to Constellation Research, Inc. analyst Holger Mueller.
Maze Ransomware Allegedly Strikes LG Electronics
According to the Maze ransomware website, their operators have hacked the LG Electronics network and locked it. They claim to have stolen proprietary information from the company for projects that involve US companies.
Like many other ransomware operators, Maze publishes details from their victims when they're not paid or when communications between them and the victim stalls. This week in a "press release" posted on their data leak site, they announced that they would be providing details regarding their hacking of the LG Electronics network and the source code they have stolen.
There is no data on how Maze was able to break into the LG Electronics network at present. Previous methods attempted by them include connecting an infected remote desktop and then, from compromised domain administrator accounts, turning to more valuable hosts.
Newcomer WastedLocker Ransomware Leveraging Fake Updates
Evil Corp., the Russian cybercrime organization, has a brand-new ransomware in its collective, called WastedLocker. They are using it to conduct attacks against targeted businesses.
As the group evolved, they became an association centered on the distribution of Dridex, a downloader and banking trojan that uses an email phishing method.
The BitPaymer ransomware, also made by the group, is delivered using the Dridex malware for attacks against targeted companies' networks.
Since the findings against Evil Corp. associates Maksim Viktorovich Yakubets and Igor Olegovich Turashev, the Evil Corp. group began reorganizing and has started the distribution of the new ransomware WastedLocker. Evil Corp. hacks sites to inject dangerous code that shows fake alerts from the SocGholish fake update framework which then allows program software updates to deliver the ransomware.
The Cobalt Strike penetration testing and post-exploitation toolkit is one of the payloads in these attacks and is used by Evil Corp. to access the compromised device. According to Fox-IT, it differs from attacks by DoppelPaymer, a ransomware made by a group who left Evil Corp. in 2019, in that WastedLocker doesn't seem to steal data before encrypting files in its attacks. After it is initialized, the ransomware tries to encrypt all drives on a computer, but it skips files in some folders or with specific extensions.
The ransomware will combine the 'wasted' string and the company's initials to generate an extension and append it to the victim's encrypted files.
For now, WastedLocker appears to be secure, and there is no way to decrypt files for free.
Learn about common ransomware attack scenarios and what to do if one of these attacks affects your clients:
Further reading Ransomware Attack Scenarios
CLOP Ransomware Gives Indiabulls Group 24 Hours to Contact
The group behind the CLOP ransomware has claimed it hacked the Indiabulls Group's network in India and has posted screenshots of the stolen data.
The Indiabulls Group is a corporation in India with revenue of $3.5 billion, over 19,000 workers, and various subsidiaries. Its business focuses on personal finance, housing, lending, infrastructure, and pharmaceuticals.
CLOP threat actors are known to steal unencrypted files before deploying the ransomware during a ransomware attack. Then they post the data on their 'CL0P^_- LEAKS' site, along with a threat to post more if the ransom goes unpaid.
It is unknown when the attack happened or how much CLOP has demanded in ransom.
That's a Wrap
I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back next week for more highlights.