当前位置:网站首页>Renbao, a notebook computer maker in Taiwan Province, was attacked by extortion software, demanding $17 million

Renbao, a notebook computer maker in Taiwan Province, was attacked by extortion software, demanding $17 million

2020-11-10 17:24:05 Zongen

image.png

Renbao computer, a notebook computer manufacturer in Taiwan Province, suffered over the weekend DoppelPaymer Blackmail software attacks , The attacker asked for near 1700 A ransom of ten thousand dollars . As one of the world 500 Renbao computer group , It's the world's largest manufacturer of laptops ,2018 year 7 month , Renbao computer is in "2018 year 《 Wealth 》 The world 500 strong " In the middle 404 position .2019 year 7 month “ Release 2019《 Wealth 》 The world 500 strong , Renbao computer is on the list 390 position .

This is not DoppelPaymer for the first time 「 famous 」, The data show that in the past DoppelPaymer Other victims of the attack included Torrens, California 、 University of Newcastle 、 Hall County, Georgia and Brittany Telecom 、 Chile's Ministry of agriculture, etc .

Extortion confirmed the intrusion of Renbao computer

Recently, media in Taiwan Province of China reported that Renbao computer was attacked by Internet , But the laptop maker claims that it's just part of its office automation system “ abnormal ”.

Renbao computer Lu Qingxiong said :" The main reason is that the office automation system is abnormal . The company is suspected of hacking . Most of the vulnerabilities have been urgently fixed , And hopefully it will return to normal today . Lu Qingxiong also stressed that , Renbao has not been blackmailed by hackers as reported , At present, all production is normal .”

But foreign media BleepingComputer adopt 「 Extortion of bills 」 Confirm that Renbao computer suffered from DoppelPaymer Blackmail software attacks .


Renbao extorts bills

DoppelPaymer Blackmail Software

DoppelPaymer Blackmail Software , To gain access to enterprise administrator credentials and use them throughout Windows Spread through the Internet , It's famous for attacking corporate targets again . Once they get to Windows Access to the domain controller , The ransomware payload is deployed to all devices on the network .

According to the link in the ransom record DoppelPaymer Tor Payment sites , The blackmail Gang asked for 1,100 The currency ( About us 16,725,500.00 dollar ) To receive the decryptor .

DoppelPaymer Ransom demand

According to ransom records and DoppelPaymer The past history of , An attacker may steal unencrypted data as part of an attack .

then , The stolen data will be used as a double extortion strategy , In this strategy , Blackmail software gangs threaten to say , If you don't pay a ransom , Will release the files on the data disclosure site . But the ransom for blackmail is 「 start 」 price , According to previous cases , In the end, the price negotiated by both parties is usually much lower than this price .

How to deal with

DoppelPaymer The virus originated from BitPaymer, But more than BitPaymer More ferocious , There is a lot of evidence that , It's probably the operation DoppelPaymer The threat actor has since had Bitpaymer Split up in the criminal organization of , Opened their own path of crime .

For enterprises and ordinary users, the most important thing is to do a good job in security protection ,DopplePaymer Use a lightning payload in less than 7 The execution time for the host exceeds 2000 Malicious operations . It means , Traditional detection and response methods cannot prevent this kind of attack , The defender's response to blackmail software often starts after the blackmail software has reached its goal .

The defender should centrally manage the evaluation of device configuration compliance , Implementation is very important to reduce the attack area , Incompatible devices should be reconfigured and hardened . Strengthen the connection 、 Enforcing disk encryption and port control will reduce the attack surface of blackmail software . Patch management is also critical .

Of course, we should also strengthen the management of people , Especially to raise people's awareness of e-mail security . For inbound or archived e-mail URL scanning , It is not allowed to click on the target website until the website is checked for malware ; Before sending an email , Detect email with attack attachment in mailbox , And redirect to sandbox before clicking , Prevent fake domain name theft and cover up . Doing this can greatly reduce the risk of blackmail .

image.png

版权声明
本文为[Zongen]所创,转载请带上原文链接,感谢