Security News > 2021 > October > Hackers used billing software zero-day to deploy ransomware

An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing solution to deploy ransomware on their targets' networks in ongoing attacks.

According to the researchers, since the attacks have begun, a U.S. engineering company already had its systems encrypted after a vulnerable BillQuick server was hacked and used as the initial point of access to its network.

The ransomware gang behind these attacks is unknown, and its operators haven't dropped ransom notes on encrypted systems to make it easier to identify them or ask their victims to pay ransom in exchange for decryptors.

It's not clear if the ransomware is used as a decoy to cover up other malicious activity, such as data theft, or if the victims are expected to know to email the threat actor from the extension appended to encrypted files.

In August, the FBI and CISA warned organizations not to let down their defenses against ransomware attacks during weekends or holidays in a joint cybersecurity advisory.

The two federal government agencies said they "Observed an increase in highly impactful ransomware attacks occurring on holidays and weekends-when offices are normally closed-in the United States, as recently as the Fourth of July holiday in 2021.".

News URL

https://www.bleepingcomputer.com/news/security/hackers-used-billing-software-zero-day-to-deploy-ransomware/