Security News > 2021 > October > Hackers used billing software zero-day to deploy ransomware
An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing solution to deploy ransomware on their targets' networks in ongoing attacks.
According to the researchers, since the attacks have begun, a U.S. engineering company already had its systems encrypted after a vulnerable BillQuick server was hacked and used as the initial point of access to its network.
The ransomware gang behind these attacks is unknown, and its operators haven't dropped ransom notes on encrypted systems to make it easier to identify them or ask their victims to pay ransom in exchange for decryptors.
It's not clear if the ransomware is used as a decoy to cover up other malicious activity, such as data theft, or if the victims are expected to know to email the threat actor from the extension appended to encrypted files.
In August, the FBI and CISA warned organizations not to let down their defenses against ransomware attacks during weekends or holidays in a joint cybersecurity advisory.
The two federal government agencies said they "Observed an increase in highly impactful ransomware attacks occurring on holidays and weekends-when offices are normally closed-in the United States, as recently as the Fourth of July holiday in 2021.".
News URL
Related news
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025 (source)
- Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)