Microsoft has announced that it has fixed a zero-day vulnerability, present on all versions of Windows. The flaw, according to reports from the experts of Kasperskyhas been exploited by several hackers to spread ransomware against SMEs.
“Zero-day” vulnerabilities are defects unknown to the developer (or to the house that created a particular piece of software). These are flaws that emerge only when problems arise or, as in this case, following a hacker attack.
Hackers used the Microsoft Windows vulnerability to spread Nokoyawa
Kaspersky explained that the flaw was used to distribute a ransomware known as Nokoyawa, which mainly targets small and medium business Windows servers in the Middle East, North America and Asia. In his report Kaspersky (via Ansa) states that the flaw was used to hit financial targets.
“Cybercriminal groups are becoming more advanced, using zero-day exploits in their attacks,” he said Boris Larin, security researcher at Kaspersky. “In the past, zero-day breaches were predominantly a tool of organized crime gangs, but now hackers have the resources to create zero-days and use them frequently in their attacks.”
Nokoyawa was first taken over in February 2022 and is thought to be related to the hacker group, which has since been dissolved. Hive. Nokoyawa malware encrypts files on the systems it infects, making them inaccessible. It can also steal sensitive information and then blackmail the victim with a ransom note in bitcoins. The US information security agency, Cisa, has added the now fixed Windows flaw to its catalog of known exploited vulnerabilities and has called on federal agencies to update their systems quickly.