Rackspace outage crashes share price; Silent teleport steals data from financial institutions; Open source Cryptonite “accidentally” destroys data. This Week in Ransomware – Sunday, Dec 11, 2022

When one percent of revenue yields a 30 per cent drop in share value – could investors begin to question cloud for mission critical applications?

On December 2, Rackspace experienced an outage for its Hosted Exchange environment. The company blamed a “security incident.” A status update issued by the company noted, “We proactively shut down the environment to avoid any further issues while we continue work to restore service.”

One week later, the outage continues, and the company has confirmed that it is due to a ransomware attack. Rackspace has not indicated how much data might be lost, whether it will pay the ransom, or when the managed exchange service will resume. This is the only information from the section of the website dealing with the press.

In an announcement on its investors page, the company notes that the hosted exchange business accounts for less that one per cent of the company’s revenue and reassures investors that the company has cyber insurance.

But the attempt to reassure investors may not be working. In an article on December 10, investment blog MarketWatch criticized the company for being “frustratingly closed mouthed” about the incident, and noted that the company’s stock price had declined.

The article notes, “Since the incident came to light, Rackspace shares have tumbled by a third. This is a relatively small part of the company’s business, only about US$30 million a year in revenue. But the bad blood that Rackspace is generating will leave a lasting stain.”

The stinging critique of the company’s communication is significant, but another quote from the article raises an issue that could extend beyond Rackspace to the entire cloud industry. The writer notes, “While I remain a big believer in cloud computing, the Rackspace attack is an urgent reminder of the risks in relying on it for mission-critical applications if your provider isn’t keeping up with software patches and paying attention to security risks.”

The use of cloud computing, even for mission critical applications, has grown rapidly for years, but that growth has accelerated in the past year and is predicted to further accelerate in the next 24 months.

Senior management has bought into cloud in a big way. But could investor nervousness from the Rackspace outage have an impact on attitudes in the boardroom? When a service that gives you one per cent of your revenue leads to a drop of 30 per cent in your share price, cloud proponents may, to quote Ricky Ricardo, have some “splainin’ to do.”

Silence teleport evades detection while stealing from banks  

The Russian-speaking hacking group known as Silence has gained a reputation for big heists against financial institutions.  In 2017, they are reported to have attacked ATM systems and stolen more than US$100,000 in one night.

Since that time, they have stolen at least US$4.2 million, starting with banks in the former Soviet Union and moving into Europe, Latin America, and Asia.

The group uses some standard tools and approaches, but has recently added a tool they call Teleport, built in C++, which, as its name suggests, is a new stealth tool that can operate without detection.

In a report entitled “Silence Moving into the Darkside” (registration required) security company Group-1B has described Silence as “highly skilled” and capable of both “reverse engineering” existing tools and, as in the case of Teleport, developing their own tools.

Accidental Cryptonite – open source tool has a bug that destroys data

Cryptonite – yes this is the correct spelling – is an open-source tool set that, unlike other tools, was not sold, but until recently was available for free on GitHub from a threat actor named CYBERDEVILZ.

The source code has since been removed from that repository, as well as all of its forks. Despite that, the code, or at least a variant of it, has “escaped into the wild” and a new version is circulating, according to an article in the Hacker News. That new version is, unfortunately, even more dangerous.

This new code has a bug that crashes the software when attempting to display the ransom note. An unfortunate consequence of that crash is that it leaves no way to decrypt the data. This new version, unintendedly, functions as a data wiper.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jim Love
Jim Love
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Featured Reads