icefire attacks Aman Plaza SKIF Enterprises Private Limited
Incident Date:
August 20, 2022
Overview
Title
icefire attacks Aman Plaza SKIF Enterprises Private Limited
Victim
Aman Plaza SKIF Enterprises Private Limited
Attacker
Icefire
Location
First Reported
August 20, 2022
IceFire Ransomware Targets Aman Plaza SKIF Enterprises Private Limited
About Aman Plaza SKIF Enterprises Private Limited
Aman Plaza SKIF Enterprises Private Limited is a holding company or conglomerate, which typically involves managing multiple businesses or assets under a single umbrella. The company's website provides limited information about its operations and services.
Vulnerabilities and Targeting
The IceFire ransomware group has been observed targeting Linux enterprise networks, including those in the media and entertainment sector. The group has been exploiting a deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986) to deploy their payloads. This vulnerability has been used to target Linux systems, which are less susceptible to common infection methods like phishing or drive-by downloads.
Impact and Response
The IceFire ransomware does not encrypt all files on Linux systems, instead focusing on user and shared directories. Upon execution, the IceFire Linux version downloads two separate payloads that encrypt files and then delete the malware. The ransomware demands payment in exchange for the key to decrypt the encrypted files.
Mitigation Strategies
To mitigate the risk of ransomware attacks, organizations should implement robust security measures, such as:
- Regularly patching and updating software, including file-sharing applications like IBM Aspera Faspex.
- Enforcing strong passwords and access controls.
- Educating employees about phishing and other social engineering tactics.
- Implementing network segmentation and data backups.
- Monitoring for unusual network activity and suspicious file changes.
Sources
- New variant of the IceFire ransomware targets Linux enterprise systems
- IceFire Ransomware Targets Linux Enterprise Networks
- IceFire Ransomware Portends a Broader Shift From Windows to Linux
- IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux Enterprise Networks
- IceFire Ransomware Attacks Both Windows and Linux
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.