Rewterz Threat Alert – Hive Ransomware – Active IOCs
August 30, 2022Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 31, 2022Rewterz Threat Alert – Hive Ransomware – Active IOCs
August 30, 2022Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 31, 2022Severity
High
Analysis Summary
On August 23, Baker & Taylor, one of the world’s major books to libraries distributors, was hit by a ransomware attack. The event caused disruptions to the company’s phone systems, offices, and service centers.
Baker & Taylor is a privately held corporation that was created over 190 years ago and is a top supplier of library material and software in the United States and across the world.
The company declared on August 24 that the attack had disrupted several of its business-critical services and that its technical team is trying to restore the affected servers.
“As an update, we would like to inform you that the disruption is being caused by a ransomware attack that was launched against our network over the weekend, which we are now attempting to resolve,” statement given by Baker & Taylor
“We’d want to take this opportunity to thank you again for your continued patience and cooperation as we work through the service outage.” We realize how stressful it has been, and we appreciate your patience.,” the firm added today.
“Remedializing and sanitizing our systems have been our top priorities. As soon as that work is over, our attention shifts to restoration, getting our systems online, and gradually starting up again”.
There is currently no information available on the ransomware gang or affiliate responsible for the attack or if the threat actors have stolen its data. Nonetheless, based on the company’s assurance that it is attempting to restore damaged systems, Baker & Taylor will not pay the ransom demand.
General Remediations For Ransomware Attack
- Maintain cyber hygiene by updating your anti-virus software and implement a patch management lifecycle.
- Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.
- Block all threat indicators at your respective controls.
- Search for Indicator of compromise (IOCs) in your environment utilizing your respective security controls
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using a multi-layered protection is necessary to secure vulnerable assets