Subscribe to Email Updates


Author: Bogdan Botezatu

Bogdan Botezatu has spent the past 12 years as Director of Threat Research at Bitdefender. His areas of expertise include malware deobfuscation, detection, removal and prevention. Bogdan is the author of A History of Malware and Botnets 101. Before joining Bitdefender, he worked at one of Romania's largest and oldest universities as network administrator in charge of SecOps and policies.

All about Virtualization and Cloud Security | Recent Articles:

Infrastructure Attack Highlights That Ransomware Operators Are Aiming for Business Disruption

May 12 by Bogdan Botezatu
Ransomware continues to be the ultimate business disruptor. This week Colonial Pipeline, a private operator of the largest refined products pipeline in the United States, transporting more than 100 million gallons of fuel daily, announced they were a victim of a ransomware attack by the organization known as “Darkside.” The attack propelled Colonial to take systems offline, halting operations and threatening to cause the price of oil to rise.

This attack against the U.S. infrastructure is yet another harsh reminder of how fragile critical infrastructure can become when targeted by ransomware and may become the final catalyst for an executive order on cybersecurity from U.S. President Biden. According to the New York Times, the speculated order will “require federal agencies to take a “zero trust” approach to software vendors, granting them access to federal systems only when necessary, and require contractors to certify that they comply with steps to ensure that the software they deliver has not been infected with malware or does not contain exploitable vulnerabilities.”

Since August of 2020, Darkside operators (the group behind the Colonial Pipeline ransomware attack) have become increasingly active, targeting bigger names across a diverse array of industries, culminating in more attacks against critical infrastructure operators.

Darkside also started reorganizing the ransomware business by adopting novel tactics such as creating a press center on their website to announce upcoming leaks and to encourage reporters to get in touch with them. They started partnering with dubious data recovery companies who help victims disguise ransomware payments as “data recovery fees.” Like a digital Robin Hood, the group has also been taking some proceeds from their attacks and donating to charities to show “moral principles.” 

Since the release of  our free Darkside decryptor this January, Bitdefender has seen an increased number of companies and Managed Service Providers (MSPs) reach out to us for help with decryption – a strong indicator that targeted ransomware attacks have become more frequent and effective.
This incident is not the first and will not be the last, as U.S. critical infrastructure, spans across the continent. Ransomware operators take advantage of vast networks of systems in remote areas, by probing networks for weak points of entry or by buying phished credentials to remote desktop instances that they can use to mount an attack.

Critical infrastructure is increasingly appealing to ransomware operators – particularly those who are involved in Ransomware-as-a-Service (RaaS) schemes because of several reasons:
  • Increased Notoriety - High-profile critical infrastructure attacks are extensively covered by the media which brings added attention to ransomware operators and their attacks. This increases their visibility and adds an extra pressure point on the victims to pay up faster.

  • Added “Affiliates” - In the RaaS space, reputation is paramount. The more high-profile victims a group compromises, the more likely additional “affiliates” will join their team and share illicit revenue obtained through extortion.

  • Likely to Negotiate – Last, but not least, competition among ransomware groups is fierce, with as many as 15 new families of ransomware showing up every month. Ransomware groups know that operators of critical infrastructure don’t have the luxury of losing data or shutting down operations (without massive loss) – not to mention regulatory fines. Ransomware groups know infrastructure operators may more open to negotiation than companies in less critical areas.

The current situation with Darkside and the Colonial Pipeline shows once again that protection and prevention are key factors, and that one missed sample can have dire consequences not only for the business in question but also for the local or global economy as well.

If you are worried about your organization becoming a victim of ransomware – here are three things you can do to become more cyber resilient against ransomware and avoid business disruption:

Basic security hygiene – It’s obvious but true that many of the most pervasive cyber-attacks have been possible because of an unpatched machine, or outdated antimalware. You should apply patches immediately and audit your systems regularly to ensure everything is up to date.

Read More

Bitdefender blocks CVE-2020-0796 ‘EternalDarkness Bug’ at Network Level

Mar 17 by Bogdan Botezatu

A new vulnerability in the SMB protocol allows an unauthenticated attacker to run arbitrary code on vulnerable computers. Bitdefender detects and blocks this type of exploitation at the network level as Exploit.SMB.CVE-2020-0796.EternalDarkness, via the Network Attack Defense module in Bitdefender GravityZone.

Read More

Thwarting GandCrab in the New Era of Agile Computer-Jackers

Mar 06 by Bogdan Botezatu

New Bitdefender decryptor can be deployed across the network to automate recovery

Read More

More Organizations Are Adopting Biometrics for Security—But Barriers Still Remain

Jul 24 by Bogdan Botezatu

For years, biometrics technology has been discussed as a possible solution for more effectively controlling access to systems and networks. But the technology has often been deemed to be too expensive for many organizations and too invasive for end users—and as a result adoption has been slower than some might have thought.

Read More

How Blockchain Can Improve Internet of Things Security

Jun 26 by Bogdan Botezatu

Two of the hottest technology trends today are the rise in Internet of Things (IoT) and blockchain adoption. A recent report by the Cloud Security Alliance (CSA) brings these two areas together—in a potentially good way.

Read More

Emergence of the Internet of Things and Other Issues are Raising Concerns about the Security of Wi-Fi Networks

Jun 08 by Bogdan Botezatu

Private and public Wi-Fi networks have become critical parts of the technology infrastructure of many organizations, particularly with the rise of mobile device users in the workplace. Many people rely on these networks to access the Internet, leverage corporate applications and data, and collaborate with their colleagues—among other uses.

Read More

Ransomware Attacks Emerge as Key Cyber Security Threat, Verizon Report Says

May 09 by Bogdan Botezatu

Ransomware attacks have emerged as a key cyber security threat for global organizations, according to the recently released 2018 Data Breach Investigations Report from Verizon.

Read More

Are You Ready for GDPR Compliance? Many Organizations Are Not

Apr 30 by Bogdan Botezatu

The deadline for one of the most highly publicized and impactful data privacy regulations in the world is approaching, and many companies are still not prepared.

Read More

Your Protection Is Our Mission, and We’re Serious About It

Apr 17 by Bogdan Botezatu

In 2001, a team of 30 cyber security experts in Romania had a dream: to provide excellent protection in the rapidly growing, often dangerous new world of the internet. Today, more than 1,300 security experts on three continents work passionately to offer security solutions for more than 500 million users in 150 countries.

Read More

Thinking of Moving ERP to the Cloud? Don’t Forget About Security

Apr 12 by Bogdan Botezatu

Enterprise resource planning (ERP) continues to be a mainstay of corporate IT, providing the backbone for a variety of business processes including finance, human resources, procurement, and services.

Read More

Small Gains, Big Wins – When Facing Cyber Threats, a Swift Response Could Save Your Company

Mar 28 by Bogdan Botezatu

Speed is the critical factor in mitigating the damage of a cyber attack, and will remain so for the foreseeable future. This is according to 74 percent of the C–level information security executives who participated in our brand new Small Gains, Big Wins Study, which looks at the cyber security attitudes of 250 CIOs/ CISOs/ CSOs in UK-based companies with 500+ employees.

Read More

Small Gains, Big Wins – Security Threats Cause Sleepless Nights for UK CISOs

Mar 22 by Bogdan Botezatu

Security threats are keeping CISOs awake at night. We have this on good authority: around two thirds (65 percent) of C-level information security executives surveyed admitted to it as part of our brand new Small Gains, Big Wins Study, which looks at the cyber security attitudes of 250 CIOs/ CISOs/ CSOs in UK-based companies with 500+ employees.

Read More

Cloud Security

Subscribe to Blog Updates

Latest Tweets