{"id":859,"date":"2024-02-19T19:18:53","date_gmt":"2024-02-19T17:18:53","guid":{"rendered":"https:\/\/demo.artureanec.com\/themes\/neuros\/exploring-deep-learning-unleashing-the-power-of-neural-networks-copy\/"},"modified":"2024-07-16T12:34:52","modified_gmt":"2024-07-16T10:34:52","slug":"estateransomware-nutzt-schwachstelle-in-veeam-backup-software","status":"publish","type":"post","link":"https:\/\/www.neonotu.com\/en\/estateransomware-nutzt-schwachstelle-in-veeam-backup-software\/","title":{"rendered":"New ransomware threat: EstateRansomware exploits vulnerability in Veeam backup software"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

In the ever-evolving landscape of cybersecurity, a new ransomware group called EstateRansomware has caused quite a stir. This group exploits a recently patched vulnerability in Veeam Backup & Replication software, emphasizing the importance of regular software updates.<\/strong><\/p>\n

The discovery: The Singapore-based company Group-IB discovered this new threat in early April 2024. The attackers exploited the vulnerability CVE-2023-27532, which has a CVSS score of 7.5 - a clear sign of high risk.<\/p>\n

The attack vector:<\/p>\n

    \n
  1. Initial access: Via a Fortinet FortiGate Firewall SSL VPN using an inactive account.<\/li>\n
  2. Lateral movement: From the firewall to the failover server using RDP connections.<\/li>\n
  3. Persistence: Installation of a backdoor called \u201csvchost.exe\u201d, which is executed daily via a scheduled task.<\/li>\n
  4. Further exploitation: Exploitation of the Veeam vulnerability to activate xp_cmdshell and create a malicious user account.<\/li>\n
  5. Network exploration: Use of tools such as NetScan, AdFind and NitSoft.<\/li>\n
  6. Final phase: Deactivation of Windows Defender and execution of the ransomware on all accessible systems.<\/li>\n<\/ol>\n\n
    \n
    \n

    New ransomware group EstateRansomware exploits Veeam backup vulnerability. Attack via Fortinet firewall, followed by backdoor installation. Regular updates and strong security strategies are crucial to protect against such threats.<\/p>\n<\/blockquote>\n<\/figure>\n\n

    Broader implications: This discovery comes at a time when Cisco Talos is seeing a shift in the ransomware landscape. New groups such as Hunters International, Cactus and Akira are specializing in specific niches and attack methods.<\/p>\n

    Connection to the Akira ransomware: Interestingly, the same Veeam vulnerability was also exploited by the Akira ransomware group, as demonstrated by a recent attack on a Latin American airline. This illustrates how quickly vulnerabilities are picked up by different threat actors.<\/p>\n

    Recommendations for prevention:<\/p>\n

      \n
    1. Performing regular software updates<\/li>\n
    2. Implementing multifactor authentication<\/li>\n
    3. Use network segmentation to contain potential attacks<\/li>\n
    4. Developing comprehensive backup strategies<\/li>\n
    5. Training employees in cyber security<\/li>\n<\/ol>\n

      neonotu security is at the forefront of the fight against such threats. Our experts offer customized solutions to protect your IT infrastructure from ransomware and other cyber threats.<\/p>\n

      Contact us today for a comprehensive security consultation and let us protect your digital assets together.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\n
      \n
      \n Request your free security analysis now <\/span><\/span> \n <\/span>\n <\/a>\n <\/div>\n <\/div>\n \t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

      In the ever-evolving landscape of cybersecurity, a new ransomware group called EstateRansomware has caused quite a stir. This group exploits a recently patched vulnerability in Veeam Backup & Replication software, emphasizing the importance of regular software updates. The discovery: The...<\/p>","protected":false},"author":1,"featured_media":14388,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[62,63],"tags":[21,22,23],"class_list":["post-859","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberanriff","category-ransomware","tag-ai","tag-chat-gpt","tag-neural"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.neonotu.com\/en\/wp-json\/wp\/v2\/posts\/859","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.neonotu.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.neonotu.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.neonotu.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.neonotu.com\/en\/wp-json\/wp\/v2\/comments?post=859"}],"version-history":[{"count":0,"href":"https:\/\/www.neonotu.com\/en\/wp-json\/wp\/v2\/posts\/859\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.neonotu.com\/en\/wp-json\/wp\/v2\/media\/14388"}],"wp:attachment":[{"href":"https:\/\/www.neonotu.com\/en\/wp-json\/wp\/v2\/media?parent=859"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.neonotu.com\/en\/wp-json\/wp\/v2\/categories?post=859"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.neonotu.com\/en\/wp-json\/wp\/v2\/tags?post=859"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}