{"id":50277,"date":"2021-03-27T01:29:27","date_gmt":"2021-03-26T21:29:27","guid":{"rendered":"https:\/\/www.msp360.com\/resources\/?p=50277"},"modified":"2021-03-27T01:30:17","modified_gmt":"2021-03-26T21:30:17","slug":"news-you-mightve-missed-22-25-mar","status":"publish","type":"post","link":"https:\/\/www.msp360.com\/resources\/blog\/news-you-mightve-missed-22-25-mar\/","title":{"rendered":"News You Might&#8217;ve Missed.  22 &#8211; 25 Mar"},"content":{"rendered":"<p>What's new this week in the news for MSPs? Acer in REvil ransomware attack; Black Kingdom ransomware targeting Microsoft Exchange servers; Stratus Technologies hit by ransomware; and Sierra Wireless in a ransomware attack.<!--more--><\/p>\n<p>Let's see what it's all about.<\/p>\n<h2>Acer in REvil Ransomware Attack<\/h2>\n<p>Acer Inc. has been <a href=\"https:\/\/siliconangle.com\/2021\/03\/21\/revil-ransomware-gang-demands-50m-ransom-payment-acer\/\"target=\"_blank\" rel=\"noopener noreferrer\">hit by REvil ransomware<\/a>. The REvil ransomware gang shared a statement on their data leak site on March 18th that they had compromised the Taiwan company. They also share images of the alleged stolen data as proof of the compromise.<\/p>\n<p>The REvil gang is demanding $50 million in ransom from Acer, which is notable, as experts say it is the highest demand on record for a ransomware attack. Analysts note that Acer has not acknowledged the ransomware hit until now. It\u2019s also unknown whether the Taiwanese company is subject to Western regulations such as those imposed by the European Union GDPR.<\/p>\n<p>There is speculation that the REvil group used a highly publicized Microsoft Exchange vulnerability in its attack on Acer. Security experts say they anticipated that the vulnerability would be leveraged in an attack, considering the current climate.<\/p>\n<h2>Black Kingdom Ransomware Targeting Microsoft Exchange Servers<\/h2>\n<p>The ransomware group known as Black Kingdom is leveraging the Microsoft Exchange Server ProxyLogon vulnerability <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-exchange-servers-now-targeted-by-black-kingdom-ransomware\/\"target=\"_blank\" rel=\"noopener noreferrer\">for server encryption<\/a>.<\/p>\n<p>MalwareTech Blog researcher Marcus Hutchins said that a threat actor was compromising Microsoft Exchange servers in a tweet, referring to ProxyLogon vulnerabilities to the spreading of ransomware.<\/p>\n<p id=\"last\">Based on his honeypot\u2019s logs, he states that the threat actor uses the vulnerability to execute a PowerShell script. It enables them to then push the malware out on to the network to other connected computers.<\/p>\n<div id=\"slidebox\"><a class=\"close\">\u00a0<\/a><!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper hs-cta-deferred\" id=\"hs-cta-wrapper-4a146d91-d63d-4e82-9aab-1f5f0c43f780\" data-portal=\"5442029\" data-id=\"4a146d91-d63d-4e82-9aab-1f5f0c43f780\"><span class=\"hs-cta-node hs-cta-4a146d91-d63d-4e82-9aab-1f5f0c43f780\" id=\"hs-cta-4a146d91-d63d-4e82-9aab-1f5f0c43f780\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/5442029\/4a146d91-d63d-4e82-9aab-1f5f0c43f780\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-4a146d91-d63d-4e82-9aab-1f5f0c43f780\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/4a146d91-d63d-4e82-9aab-1f5f0c43f780.png\" alt=\"CTA\"><\/a><\/span><\/span><!-- end HubSpot Call-to-Action Code --><\/div>\n<p>The first submissions from the Black Kingdom appeared on March 18th on the site ID Ransomware. The creator of the site, Michael Gillespie, told BleepingComputer that his system has observed over 30 specific entries, and many came directly from mail servers.<\/p>\n<div class=\"call-to-action\">\n<div class=\"call-to-action__left\" style=\"width: 40%;\"><img decoding=\"async\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/06\/Ransomware-Awareness-Poster-Pack-2.png\" alt=\"Poster Pack\" \/><\/div>\n<div class=\"call-to-action__right\" style=\"width: 60%;\">\n<div class=\"call-to-action__title\">MSP's Ransomware Awareness Poster Pack<\/div>\n<div class=\"call-to-action__text\">\n<p>4 white-label posters to help you educate your end-users on how not to get hit by ransomware.<\/p>\n<\/div>\n<!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper hs-cta-deferred\" id=\"hs-cta-wrapper-38530902-54cb-489c-9f02-772612f0072d\" data-portal=\"5442029\" data-id=\"38530902-54cb-489c-9f02-772612f0072d\"><span class=\"hs-cta-node hs-cta-38530902-54cb-489c-9f02-772612f0072d\" id=\"hs-cta-38530902-54cb-489c-9f02-772612f0072d\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/5442029\/38530902-54cb-489c-9f02-772612f0072d\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-38530902-54cb-489c-9f02-772612f0072d\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/38530902-54cb-489c-9f02-772612f0072d.png\" alt=\"CTA\"><\/a><\/span><\/span><!-- end HubSpot Call-to-Action Code -->\n<\/div>\n<\/div>\n<h2>Stratus Technologies Hit by Ransomware<\/h2>\n<p>A <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/high-availability-server-maker-stratus-hit-by-ransomware\/\"target=\"_blank\" rel=\"noopener noreferrer\">ransomware attack hit Stratus Technologies<\/a>, obliging them to take their systems offline to stop the spread of the attack.<\/p>\n<p>Stratus Technologies is best known for its ftServer fault-tolerant server solution and ztC edge computing devices, categorized as high-availability products. Businesses needing<br \/>\nover 99.999% uptime, such as banks, emergency call centers, telecommunications providers, and healthcare, generally use Stratus products.<\/p>\n<p>This week, Stratus Technologies reported that they had shut down some of their services and part of their network as a result of being hit by a ransomware attack that they needed to isolate.<\/p>\n<p>Stratus also took their Stratus Service Portal and ActiveService Network (ASN) off-line as part of their response. To provide additional support, Stratus says they contacted all of their ASN customers.<\/p>\n<h2>Sierra Wireless in a Ransomware Attack<\/h2>\n<p>Leading IoT manufacturer Sierra Wireless was <a href=\"https:\/\/www.msspalert.com\/cybersecurity-breaches-and-attacks\/ransomware\/sierra-wireless-pulls-financial-forecast\/\"target=\"_blank\" rel=\"noopener noreferrer\">struck by a ransomware attack<\/a> this week that led to a complete stoppage of some of its internal operations and production work.<\/p>\n<p>On March 20th, the company was first struck by the ransomware, which took its IT systems off-line and disrupted manufacturing production at various sites. The company\u2019s website is also down and shows that it\u2019s under maintenance.<\/p>\n<p>The company says all of its departments immediately acted to counter the attack once it became aware of the incident, following its cybersecurity procedures and policies, which it put in place using third-party advisors.<\/p>\n<p>Subsequently, the company withdrew its 2021 third-quarter guidance, since they suspect there will be financial damages related to the attack.<\/p>\n<p>Sierra Wireless says that it doesn\u2019t believe that customer-facing products have been affected.<\/p>\n<p>The kind of ransomware used in the attack is unknown at this time.<\/p>\n<h2>That's a Wrap for News You Might've Missed<\/h2>\n<p>I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What&#8217;s new this week in the news for MSPs? Acer in REvil ransomware attack; Black Kingdom ransomware targeting Microsoft Exchange servers; Stratus Technologies hit by ransomware; and Sierra Wireless in a ransomware attack.<\/p>\n","protected":false},"author":84,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[877,885],"tags":[],"class_list":["post-50277","post","type-post","status-publish","format-standard","hentry","category-blog-articles","category-other"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/50277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/users\/84"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/comments?post=50277"}],"version-history":[{"count":0,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/50277\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media?parent=50277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/categories?post=50277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/tags?post=50277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}