Risky Business #619 -- REvil crew demands $50m from Acer

PLUS: Why we were wrong on Exchangapalooza '21...
24 Mar 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • REvil demands US$50m from Acer in ransomware attack
  • Shell added to Accellion victim list
  • Governments banding together to tackle ransomware
  • BEC theft hits $1.8bn in 2021: FBI
  • Exchange tyre fire is, surprisingly, almost under control
  • MORE

Remediant’s Paul Lanzi will pop along in this week’s sponsor interview to talk about how they’ve integrated their PAM solution with Carbon Black. It’s an integration that is actually somewhat obvious in hindsight: if a box has been popped then some accounts have, too, so tying these things together does make sense.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransomware gang demands $50 million from computer maker Acer | The Record by Recorded Future
Ransomware attacks hit event-management, wireless technology firms
Energy giant Shell impacted in Accellion hack
Ransomwared Bank Tells Customers It Lost Their SSNs
New global model needed to dismantle ransomware gangs, experts warn
FBI: Cybercrime losses exceeded $4.2 billion in 2020 | The Record by Recorded Future
Suspected BEC gang arrested in Nigeria amid internet fraud crackdown efforts | The Record by Recorded Future
US racing to address Microsoft vulnerabilities, especially for small businesses
Microsoft Exchange server patching efforts are going extraordinarily well | The Record by Recorded Future
The Peculiar Ransomware Piggybacking Off of China’s Big Hack | WIRED
Microsoft Exchange servers targeted by second ransomware group | The Record by Recorded Future
Chinese cyberspies go after telco providers, 5G secrets | The Record by Recorded Future
Finland pins Parliament hack on Chinese hacking group APT31 | The Record by Recorded Future
Line app allowed Chinese firm to access personal user data | The Record by Recorded Future
Cars Have Your Location. This Spy Firm Wants to Sell It to the U.S. Military
Encrypted Phone Firm 'Sky' Shuts Down
Threat actors start attacking F5 devices using recent vulnerability | The Record by Recorded Future
Google: A mysterious hacking group used 11 different zero-days in 2020 | The Record by Recorded Future
Attackers are trying awfully hard to backdoor iOS developers’ Macs | Ars Technica
Facebook's ‘Red Team X’ Hunts Bugs Beyond the Social Network's Walls | WIRED
Space jam: Researchers and satellite start-ups meet to discuss celestial cybersecurity | The Daily Swig
Google awards Uruguayan researcher $133,337 top prize in cloud security competition | The Daily Swig
Verkada hacker charged in the US for hacking more than 100 companies | The Record by Recorded Future
Russian who tried to hack Tesla last summer pleads guilty | The Record by Recorded Future
Roll still doesn’t know how its hot wallet was hacked | TechCrunch
Microsoft blames crypto key rotation snafu for 365 outage | The Daily Swig