SoftServe ransomware victim

The Ukrainian software company and service provider ς έπεσε θύμα επίθεσης ransomware την 1η Σεπτεμβρίου που ενδέχεται να έχει οδηγήσει σε κλοπή του πηγαίου κώδικα των πελατών τους.

Με περισσότερους από 8.000 υπαλλήλους και 50 γραφεία παγκοσμίως, η SoftServe είναι μία από τις μεγαλύτερες εταιρείες της Ουκρανίας και προσφέρει ανάπτυξη λογισμικού και συμβουλευτικές υπηρεσίες s.

News of a cyber attack on SoftServe first surfaced on the Telegram DС8044 Kyiv Info channel, where an alleged message was sent by the company to its employees.

"Today at 1 p.m. SoftServe was attacked. The hackers have access to the company's infrastructure and managed to start ransomeware encryption along with some other malware. "

In a later statement on a Ukrainian technology news page, SoftServe confirmed that an attack had taken place, prompting them to disconnect their customers to prevent it from spreading.

"Yes, there was an attack today. The most important consequences of the attack are the temporary loss of functionality of a part of the mail system and the interruption of some of the auxiliary test environments. "As far as we can tell, this is the biggest impact of the attack and the other systems or customer data were not affected."

"In order to prevent the spread of the attack, we have isolated certain parts of our network and restricted communication with customer networks. We prepare a message to our customers about the situation. At the same time as resuming services, we are investigating the incident itself, so we are not prepared to comment on who exactly did it. " said Adrian Pavlicevic, Senior Vice President of Informatics at SoftServe.

According to the SoftService incident, the attackers exploited a DLL vulnerability that violated the legal application Rainmeter to develop their ransomware.

Rainmeter is a legitimate Windows customization tool that loads a Rainmeter.dll at startup.

During the attack, hackers replaced the legal Rainmeter.dll with a malicious version written from the source code of the application.

According to her scouts VirusTotal, Rainmeter.dll is recognized as Win32 / PyXie.A.

In one reference της BlackBerry από το 2019, το PyXie είναι ένα trojan απομακρυσμένης πρόσβασης Python (RAT) που είναι γνωστό ότι εκμεταλλεύεται ευπάθειες με κακόβουλα DLL σε άλλο λογισμικό όπως το LogMeIn και το .

BlackBerry researchers say they have seen evidence that this RAT has been used in ransomware attacks.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).