【Attack Alert】Surge in Ransomware Attacks by Hacker Group – Organizations Urged to Strengthen Defenses
publish date :
2025-04-07
update date :
2025-04-07
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025040110044949 | Publication Time | 2025/04/01 13:19 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/04/01 13:19 |
| Impact Level | Medium | ||
| [Subject] 【Attack Alert】Surge in Ransomware Attacks by Hacker Group – Organizations Urged to Strengthen Defenses |
|||
| [Content] Recently, numerous ransomware attacks targeting businesses, universities, and hospitals in Taiwan have been reported. The hacker group Crazy Hunter exploits system vulnerabilities to carry out lateral movements across networks. Once inside, they deploy ransomware to multiple systems, encrypting files and disrupting services. Known malicious executables linked to this group include:bb.exe, crazyhunter.exe, crazyhunter.sys, zam64.sys, go3.exe, and go.exe. Since late January 2025, Crazy Hunter has targeted a wide range of entities, including schools, hospitals, publicly listed companies, and enterprise groups. It is recommended that schools review whether any associated vendors have been affected by this ransomware group. If such cases are found, schools should be vigilant regarding any potential data leakage in communications with those vendors and report the situation to:service@cert.tanet.edu.tw. Proactive defense is key in preventing ransomware attacks. Organizations are advised to not only perform regular backups, but also implement offline backups, and regularly review and patch the security status of internal servers. Strengthen password policies by: • Using strong, unique passwords • Avoiding reuse of admin credentials across multiple servers • Enhancing VPN and remote access controls Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] All |
|||
| [Recommended Actions] 1.Update systems and antivirus software regularly. If updates are not feasible, implement compensating security measures. 2.Beware of suspicious emails. Verify sender addresses and avoid opening emails or attachments from unknown sources. Scan attachments before opening, especially if filenames include suspicious extensions or reverse-ordered executable types like: exe.pdf, exe.doc, pdf.zip, .lnk, .rcs, .exe, .moc. 3.Implement network segmentation to limit the number of potentially compromised hosts. 4.Strengthen privileged account monitoring – lock accounts after excessive login attempts, log activities, and detect suspicious behaviors. 5.Enable multi-factor authentication (MFA) to enhance identity verification. 6.Adopt the 3-2-1 backup rule: • Maintain at least 3 copies of your data • Use at least 2 different backup media • Store 1 copy offsite 7.Deploy EDR (Endpoint Detection and Response) solutions on critical systems to detect and investigate suspicious activities, aiming to mitigate ransomware threats. |
|||
| [Reference] https://www.twcert.org.tw/newepaper/cp-65-10042-adb7d-3.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center
