Play ransomware infection routine

A ransomware gang named “Play” was discovered on the Dark Web. Along with them, a list of 22 victims has been revealed. There is a piece of evidence that points to a possible connection between Play ransomware and Quantum ransomware, which is an offshoot of the notorious Conti ransomware group. The Cobalt Strike beacons that were used in Play’s attacks bear the same watermark, 206546002, as those previously dropped by Emotet and SVCReady botnets that have also been observed in Quantum ransomware attacks. This suggests that the two ransomware groups share some of the same infrastructure. Play Ransomware specifically targets backup solutions in order to ensure that the victim has no other option to recover the data. Play group is particularly methodical in developing and implementing backup removal techniques. Here’s a blog post on the infection routine and backup environment attack method.

 

Continue reading

Identify a piece of malware with Yara

Yara rules classify and identify malware samples by creating descriptions of malware families (it is a tool used to identify files, based on textual or binary pattern). YARA rules are like a piece of programming language, they work by defining a number of variables that contain patterns found in a sample of malware. If some or all of the conditions are met, depending on the rule, then it can be used to successfully identify a piece of malware.

Continue reading

Critical Veeam Backup for Google Cloud Vulnerability – CVE-2022-43549

A critical security vulnerability has been discovered in Veeam Backup for Google Cloud (KB4374). If you don’t have automatic updates enabled, then better take a look at this.

Veeam

Continue reading

VMware Explore General Session Recap

VMware Explore General Session Recap – Looking forward to an exciting week full of knowledge acquisition and networking, the event has begun with the General Session at VMware Explore in Barcelona. Basically, the keynote provides some very good techie announcements, but it needs to also apply more of a business perspective of how these deliver business value. If you’re in Barcelona for the big event and still have some space to fill in your schedule, be sure to meet Monaco Digital’s teams and talk about Cloud, Edge, Data Protection, and Security.

VMware Explore

Continue reading

Veeam v12 Platform Overview

Veeam Platform v12 advances enterprise-grade recovery capabilities that ensure confidence in the face of disaster or cyber attack. New direct-to-object storage, advanced cloud application backups (Veeam Backup for Salesforce), greater cyber security protection, and operational efficiencies allow you to protect mire and recover faster, all from a single platform, and new features in v12.

Veeam

Continue reading