EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Ransomware Is Everywhere, It Seems

EclecticIQ Threat Research Team May 20, 2021

Biweekly Blog banner Week 20

Summary of Findings

    • A major fuel pipeline in the United States shuts down after a ransomware attack.
    • CaptureRX, a healthcare administrative company based in the United States, suffers a ransomware attack.
    • Microsoft investigates a business email compromise (BEC) campaign that targeted organizations using a gift card scam.
    • Pirated software downloaded by a university student opens the door to a Ryuk ransomware attack on a life sciences research institute.

Ransomware Attack Shuts Down Colonial Pipeline, Causing Fuel Shortages

A ransomware attack disrupted the largest refined gasoline and jet fuel pipelines in the United States [1]. The Colonial Pipeline was shut down as a precautionary measure after it was discovered that the company operating the pipeline’s corporate network was compromised. Part of the nation’s critical infrastructure, the Colonial Pipeline extends approximately 8850 kilometers (5,500 miles) [2] and carries 45 percent of the U.S. East Coast’s fuel supplies.

The U.S. Federal Bureau of investigation (FBI) identified the ransomware used as DarkSide [3]. This new ransomware-as-a-service (RaaS) platform is advertised on the Russian-language forums exploit.in and xss.is [4].

Various incidents of fuel shortages have been reported after the incident [5] [6]. The operator of the pipeline stated that it had initiated an operational restart but supply restoration would take several days [7]. Colonial Pipeline reportedly paid a $5 million ransom to the threat actors [8].

CaptureRx Suffers Ransomware Attack Leading to Theft of Patient Data

Texas-based CaptureRx, an administrative services provider to healthcare organizations such as hospitals and health centers, suffered a ransomware attack that led the theft of confidential information for thousands of patients [9]. The data acquired by the threat actors included names, dates of birth, prescription information and, for a limited number of patients, medical record numbers.

The incident occurred in February 2021, and CaptureRx assessed the scope of the information theft throughout February and March. The company started notifying the affected healthcare providers at the end of March[10].

It is not currently known which ransomware variant was used in the attack, but historically the Ryuk ransomware has been deployed [11] to target the healthcare sector.

Business Email Compromise Campaign Is Complex, According to Microsoft

Microsoft published research [12] detailing a business email compromise (BEC) campaign that used attacker-created email infrastructure to facilitate gift card theft. The threat actors used typo-squatted domains to make the emails appear as if they were originating from valid senders. Tailored email messages coaxed the target into buying gift cards for a supposed legitimate business reason, such as a reward for a team member. The gift card codes were sent by the unsuspecting target to the attacker, who could cash out the funds or resell the codes.

As Microsoft noted, this seemingly simple attack was actually quite complicated, involving reconnaissance and targeting, social engineering, and delivery infrastructure. In this instance, the threat actors registered over 120 typo-squatted domains to impersonate actual businesses. They targeted organizations in the consumer goods, process manufacturing and agriculture, real estate, and professional services sectors.

“Cracked” Software Creates Opening for Ransomware Attack on Research Institute

A European biomolecular research institute with university partnerships was the victim of a Ryuk ransomware attack [13]. The institute, which is involved with COVID-19-related research, lost a week’s worth of vital data because it failed to back up its most recent work.

It was determined that a student who was allowed to access the institute's network without two-factor authentication inadvertently downloaded a trojan to his personal computer. The trojan was embedded in a “cracked” version of a data visualization software tool that the student installed. The trojan was used to create a remote desktop protocol (RDP) account on the institute's network. This account was then used to launch the ransomware attack.



References



1.https://www.nytimes.com/2021/05/08/us/politics/cyberattack-colonial-pipeline.html
2. https://en.wikipedia.org/wiki/Colonial_Pipeline
3. https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-network-disruption-at-colonial-pipeline
4. https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html
5. https://www.washingtonpost.com/business/2021/05/12/faq-gas-shortages/
6. https://alexandrialivingmagazine.com/news/fuel-shortage-hits-alexandria-gas-stations/
7. https://www.nytimes.com/2021/05/12/business/energy-environment/pipeline-shutdown-latest-news.html
8. https://www.cnbc.com/2021/05/13/colonial-pipeline-paid-ransom-to-hackers-source-says.html
9. https://www.hipaajournal.com/capturerx-ransomware-attack-affects-multiple-healthcare-provider-clients/
10. https://www.zdnet.com/article/ransomware-attack-on-healthcare-admin-company-capturerx-exposes-multiple-providers-across-united-states/#ftag=RSSbaffb68
11. https://www.lexology.com/library/detail.aspx?g=1bf1f11c-12be-4dba-8cdf-c9bd54225db1
12. https://www.microsoft.com/security/blog/2021/05/06/business-email-compromise-campaign-targets-wide-range-of-orgs-with-gift-card-scam/
13. https://news.sophos.com/en-us/2021/05/06/mtr-in-real-time-pirates-pave-way-for-ryuk-ransomware/


Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (115)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo