Updated: Apr 2, 2021
In this week's digest we discuss some of the most high-profile attacks so far in 2021, including the largest ever ransom demand in the Acer ransomware attack and the cyber attack which impacted energy giant Shell. Keep reading to hear about the biggest cyber security stories of the week.
Computer giant Acer was hit by a ransomware attack where the threat actors demanded the largest known ransom to date, $50,000,000. The group REvil are responsible for the attack; they announced the attack when they leaked images and documents that include financial spreadsheets, bank balances, and bank communications belonging to Acer. The REvil attackers offered Acer a "20% discount" if they paid the ransom by a particular date. REvil is known for their high ransom demands, with their highest demand previously being $30 million in the Dairy Farm cyber attack.
The Energy giant is the latest victim of a series of attacks on users of the Accellion legacy File Transfer Appliance. Attackers were able to gain access to various files containing personal and company data from both Shell and some of its stakeholders. However, its core IT systems were unaffected by the breach as the file transfer service is isolated from the rest of Shell's digital infrastructure.
The attackers targeted the Uyghur community and lured them into downloading malicious software that would allow surveillance of their devices. The hackers are believed to be part of the Earth Empusa or Evil Eye. Facebook said the highly focused campaign was aimed at collecting information about these targets by infecting their devices with malicious code for surveillance purposes. The links that were shared through Facebook included links to both legitimate and lookalike news websites and fake Android app stores.
This week it was confirmed that CNA suffered an attack by a new ransomware known as 'Phoenix CryptoLocker.'. It is believed to be a new ransomware family released by Evil Corp based on similarities in the code. The threat actors were able to encrypt over 15,000 devices on the CNA network, including the computers of employees working remotely who were logged into the company's VPN at the time of the attack.
There is an upgraded variant of Purple Fox malware with worm capabilities that is being deployed in an attack campaign that is rapidly expanding. Purple Fox first appeared in 2018; it is an active malware campaign that until recently required user interaction or a third-party tool to infect Windows machines. However, according to new research, the attackers behind the campaign have added new functionality that can brute force it's way into victims' systems on its own.