No Cloud Is An Island breakingdefense.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from breakingdefense.com Daily Mail and Mail on Sunday newspapers.
Average ransomware cost triples, says report
The average amount paid out by ransomware victims has grown almost threefold to more than $300,000 per incident, according to a report
Share this item with your network: By Published: 17 Mar 2021 15:30
The average ransom paid by victim organisations in Europe, the US and Canada has almost trebled from $115,123 (€96,666/£82,788) in 2019 to $312,493 in 2020, and with the spread of double extortion tactics this number is continuing to grow, according to statistics gathered by threat researchers at Palo Alto Networks’s Unit 42.
In the
Ransomware threat report 2021 study, Unit 42 drew both on its own data and that gathered through Palo Alto’s incident response unit Crypsis to analyse the ransomware threat landscape and reveal how extortion through ransomware has become a highly lucrative business.
The FreakOut botnet is targeting Linux-based systems that include the TerraMaster operating system, which manages TerraMaster network-attached storage servers; the Zend framework, designed to build web application services using PHP; and Liferay Portal, a web application platform that enables users to create portals and websites.
Each of these open-source systems has a vulnerability that the FreakOut botnet attempts to exploit, the researchers say. In the TerraMaster OS, the remote code execution flaw is tracked as CVE-2020-28188. The Zend framework deserialization bug is listed as CVE-2021-3007. And the deserialization vulnerability within the Liferay Portal is CVE-2020-7961.
Researchers urge users to patch these flaws to keep their devices from being recruited into the botnet army.
Postřehy z bezpečnosti: SolarWinds Orion a útok supply chain root.cz - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from root.cz Daily Mail and Mail on Sunday newspapers.
Published December 14, 2020, 9:43 AM
According to researchers at Palo Alto Networks Unit 42, the botnet works by performing brute force attacks on Internet-accessible PostgreSQL databases.
PostgreSQL, also known as Postgres, is one of the most-used open-source relational database management systems (RDBMS) for production environments.
PGMiner randomly selects a wide range of public networks then it scans for PostgreSQL port 5432. When it finds an active PostgreSQL system the botnet starts to bruteforce the server in an attempt to compromise it.
The botnet abuses PostgreSQL “COPY from PROGRAM” function to escalate access to the server and hijack the entire Operating system.
Compromised servers are forced to mine Monero cryptocurrency.