Ethical Hacking

On September 20, eResearch Technology (ERT) was attacked, this company specializes in clinical services, they collect, analyze, and distribute electronic patient-reported outcomes. Many companies were using this technology to track clinical trials on Covid-19 treatments. Due to the attack, the researchers had to revert to pen and paper, to track the outcomes and caused delays in trials conducted. Other healthcare companies affected by ransomware attacks are IQVIA(hired to assist AstraZeneca’s COVID Vaccine Trials) and Bristol-Myers Squibb(Drug manufacturers). Since then, the company has taken its systems offline and the incident has been reported to the FBI. However, the perpetrators have not even linked yet, and there isn’t conclusive information about whether or not the ransom was met, or how much they asked for.

https://www.infosecurity-magazine.com/news/ransomware-disrupts-covid19/

A new type of vaccine has been created to help defend against ransomware called raccine.exe. The program will not stop ransomware from being installed on a PC, but it can help with the recovery process. This vaccine will terminate any processes that try to delete the shadow copies volume on a windows machine. Windows creates daily backups of your system and data files (when activated) and stores them as snapshots in Shadow Volume Copy. These snapshots are useful for recovering files if they are accidentally changed or deleted.

Many ransomware programs do not want their victims to use this feature as it can aid them in recovering their files for free. One of the first things most ransomware programs do is to delete all Shadow Volume copies on the computer. This generally executed by the command “vssadmin delete shadows /all /quiet.” The new vaccine is an executable that is a debugger for vssadmin.exe. Anytime vssadmin is executed on a computer raccine.exe will launch as well and check to see if vssadmin is trying to delete shadow copies and terminate the process.

https://www.bleepingcomputer.com/news/security/new-ransomware-vaccine-kills-programs-wiping-windows-shadow-volumes/

Cyber criminals are exploiting Facebook’s offering of $100 million in cash grants to businesses affected by the coronavirus pandemic.
Potential victims see an article seemingly from CNBC, a world leader in business news with a monthly audience in the hundreds of millions, saying Facebook is giving grants to users hit by COVID-19 and including a link to apply for a grant. The grammar should give away the game, and the URL, which does not start with cnbc.com, is another suspicious element.
Those who turn a blind eye to the clumsy English and wrong URL are taken to another portal that bears more than a striking resemblance to the official site of Mercy Corps, a charity that helps victims of natural disasters and armed conflicts. However, the only topic on this one is Facebook grants, and the victim is asked to specify how many years they have been a user of the social network. Victims are asked for their Facebook username and password credentials which go straight to the cybercriminals. Then, to accept the application, the site requires a lot more information, supposedly to verify your account: your address, social security number (for US citizens), and even a scan of both sides of your ID. No fields can be left blank, and the site diligently prompts you about any omissions.

Reference: https://www.kaspersky.com/blog/facebook-grants/37181/?web_view=true