Acronis New Corner

Acronis Cyber Protection Operation Center

Update from November 2nd, 2022

Sales Pitch Summary

CPOC News Playlist with the latest news from our Cyber Protection Operation Center. Spend just 10 minutes to get equipped for the next partner's call!

Pendragon Group, with more than 200 car dealerships in the U.K., and revenue of over USD 3,9 billion, suffered a cyberattack from the LockBit ransomware gang. The Active Protection included in Acronis Cyber Protect detects and blocks ransomware from Lockbit and other groups, keeping your data safe from encryption or extortion.

Tata Power, India’s largest power generation company, which serves more than 12 million customers through its distributors, and has revenue of over USD 5 billion, was hit by the Hive ransomware gang. The Active Protection included in Acronis Cyber Protect keeps your data safe from encryption or extortion, while Advanced Data Loss Prevention monitors access to your data and helps to prevent any data exfiltration.

Medibank, one of the largest Australian private health insurance providers, with about 3.9 million customers across the country, disclosed a data breach following a recent ransomware attack. Medibank has over 4000 employees. Acronis Advanced Data Loss Prevention monitors your data movement and prevents any data exfiltration helping the companies to stay compliant.

Researchers have discovered a new phishing campaign spreading Warzone Rat in Hungary. Acronis Advanced Email Security prevents malicious emails from reaching your inbox, the multi-layered detection included in Acronis Cyber Protect detects and blocks malware used in such attacks.

The US National Hurricane Center reported that the Category 3 storm struck the Mexican state of Nayarit with sustained winds reaching 195km/h. The Disaster Recovery solution in Acronis Cyber Protect gets your business back up and running quickly after a disaster by allowing you to spin up virtual machines in the Acronis Cloud, from your cloud backups.

Lockbit Demands USD 60 million from Pendragon

Pendragon Group, with more than 200 car dealerships in the U.K., and revenue of over USD 3,9 billion, suffered a cyberattack from the LockBit ransomware gang. The attackers demanded USD 60 million to decrypt the files and not leak them.

Pendragon owns CarStore, Evans Halshaw, and Stratstone luxury car retailer, that sells car brands for all budgets, from Jaguar, Porsche, Ferrari, Mercedes-Benz, BMW, Land Rover, or Aston Martin, to Renault, Ford, Hyundai, Nissan, Peugeot, Vauxhall, Citroen, DS, Dacia, and DAF. Pendragon group is listed on the London Stock Exchange.

Pendragon notified the UK authorities about the incident and the report has been transferred to law enforcement agencies for investigation. Interestingly, the digital attack took place when Sweden-based company Hedin Mobility Group offered to acquire Pendragon for over USD 450 million.

The Active Protection included in Acronis Cyber Protect detects and blocks ransomware from Lockbit and other groups, keeping your data safe from encryption or extortion.

Hive Hits Tata Power

Tata Power, India’s largest power generation company, which serves more than 12 million customers through its distributors and has revenue of over USD 5 billion, was hit by the Hive ransomware gang. This security breach impacted some of its IT systems.

The attackers posted the stolen data on their leak website. The files include contracts, financial and business documents, engineering projects, and employees’ personally identifiable information (PII) such as Aadhar card numbers. Additionally, the data dump contains engineering drawings, financial and banking records as well as client information.

The electricity giant immediately responded to the incident and restored the impacted systems, although some of the customers were complaining that the payments for bills were not being processed for sometime.

The Active Protection included in Acronis Cyber Protect keeps your data safe from encryption or extortion, while Advanced Data Loss Prevention monitors access to your data and helps to prevent any data exfiltration.

Medibank Exposed the Data of 3.9 Million Customers

Medibank, one of the largest Australian private health insurance providers, with about 3.9 million customers across the country, disclosed that the personal information of its customers had been accessed without authorization following a recent ransomware attack. Medibank has over 4000 employees.

In the investigation update, the firm reported that the personal data belonging to its ahm health insurance subsidiary and international students have been breached, though it is not clear how many customers in total have been affected. The compromised data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers, and passport numbers. Medibank stressed that it found no evidence that direct debit details have been accessed.

The company notified Australian Federal Police (AFP), acknowledging that they have been contacted by a criminal actor claiming to have obtained 200GB of data. Medibank estimated the costs incurred by the incident, to be between USD 16 million and USD 22 million.

Acronis Advanced Data Loss Prevention monitors your data movement and prevents any data exfiltration helping the companies to stay compliant.

Warzone Rat Targets Hungary

Researchers have discovered a new phishing campaign spreading Warzone Rat in Hungary. Earlier, in September, The Hungarian National CyberSecurity Center issued a warning in regard. The campaign consists of a well-crafted fake government email that lures the users to execute the attached malware.

The recipient gets an email impersonating a Hungarian government portal, which is used to conduct official business operations online such as submitting documents, ordering IDs, and others. The email informs the recipient that the new credentials to access the portal are attached in the zipped file. Once the attachment is executed, it extracts the Warzone Rat and runs it.

Warzone Rat is a prevalent trojan operating as a Malware-as-a-Service (MaaS). It can be bought on a subscription basis for USD 37 per month. Cybercriminals can use this trojan to download and upload various files, execute and delete them, send commands to the infected computer's CMD (Command Prompt), view and kill processes via Task Manager, as well as browse the web using the computer's IP address. Warzone can be used to access the victim's webcam, and to steal saved passwords from browsers, and email clients.

Acronis Advanced Email Security prevents malicious emails from reaching your inbox, the multi-layered detection included in Acronis Cyber Protect detects and blocks malware used in such attacks.

Hurricane Roslyn Makes Landfall in Mexico

The US National Hurricane Center said the Category 3 storm struck the Mexican state of Nayarit with sustained winds reaching 195km/h.

The Federal Electricity Commission reported that over 150,000 homes had lost power as a result of the storm and that by midday Sunday, service had been restored to about one-third of those customers.

The National Water Commission said rains from Roslyn could cause mudslides and flooding over the rugged terrain inland.

Hurricanes and other natural disasters are unpredictable, but what can be predictable is how you respond to them. The Disaster Recovery solution in Acronis Cyber Protect gets your business back up and running quickly after a disaster by allowing you to spin up virtual machines in the Acronis Cloud, from your cloud backups.