Hackers used Billing Software Zero-day to Deploy Ransomware

A critical error in the SQL injection, which was found in the time and accounting solution of the BillQuick Web Suite, is currently used by an as yet unidentified Ransomware group to deploy ransomware in the networks of the targets.

According to Huntress ThreatOps researchers, the vulnerability can easily be triggered by login requests with invalid characters in the username field.

While it is not clear whether the Ransomware is used as a decoy to cover up other malicious activities, investigations by Bleeping Computer showed that Ransomware is in use since May 2020, and as soon as she is used on target systems, she will add the [email protected] extension to all encrypted files.

While the vulnerability was patched on October 7 after Huntress Labs notified BQE of the software bug, 8 unpatched vulnerabilities could also be exploited for initial access/code execution.

Speaking about the ransomware and the gang behind it, Huntress Labs security expert Caleb Stewart explained: “The actor we observed did not align with any known/large threat actor of which we are aware. It’s my personal opinion this was a smaller actor and/or group based on their behavior during exploitation and post-exploitation. However, based on the issues we’ve identified/disclosed, I would expect further exploitation by others moving forward is likely. We observed the activity over Columbus Day weekend (08-10 October 2021).”

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web