No Patch Tax –
Unpatched PulseSecure VPN appears to have let cybercriminals in to steal, encrypt data.
Sean Gallagher –**************************
Travelex, the foreign currency exchange and travel insurance company, appears to be the latest victim of the group. On New Year’s Eve, the company was hit by Sodinokibi ransomware, also known as REvil. The ransomware operatorscontacted the BBC and said they want Travelex to pay $ 6m (£ 4.6mThey also claimed to have had access to Travelex’s network for six months and to have extracted five gigabytes of customer data — including dates of birth, credit card information, and other personally identifiable information.
“In the case of payment, we will delete and will not use that [data] base and restore them the entire network , “the individual claiming to be part of the Sodinokibi operation told the BBC. “The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base.”
pic.twitter.com/0Katzxd7aW(******************************* (January 6,****************************REvil is starting the year strong, asking for some serious cash. We are working on a blog describing just how bad it is, hoping to launch end of the month.
cc @ GossiTheDog
The Sodinokibi / REvil ransomware campaign emerged last spring. It was firstidentified by Cisco Talos in April of 2020in an attack that exploited an Oracle WebLogic server vulnerability. The ransomware itself exploits a vulnerability in Windows’ Win k component that allows elevation of its privileges, allowing it to kill a list of processes that could keep it from encrypting files, wipe the contents of some folders, and encrypt the contents of others — including network shares.
GIPHY App Key not set. Please check settings