Extra Bytes, Information Security

New Cyber Threat CosmicBeetle is Exploiting Vulnerabilities Across the Globe

Bugs in the system.

Ryan Uliss

Contributing Writer

Save

A newly identified cybercriminal group known as CosmicBeetle has been wreaking havoc on small and midsize businesses (SMBs) across Europe and Asia. Their primary strategy involves exploiting outdated vulnerabilities in widely used business software to deploy a ransomware strain dubbed ScRansom.

Although lacking in sophistication, ScRansom has caused significant disruption, leading to data loss and affecting key sectors such as healthcare, pharmaceuticals, and education. The malware remains under active development, with its erratic encryption processes causing further complications for victims, including multiple encryptions and, in some cases, irreversible data loss.

CosmicBeetle’s unpredictable tactics have only amplified the risks. Experts strongly advise businesses targeted by the group to proceed with extreme caution when considering ransom payments, as faulty encryption often prevents full data recovery.

Operating opportunistically, CosmicBeetle capitalizes on organizations that are slow to apply critical software patches and security updates, exploiting these weaknesses for maximum damage.

Why It Matters: CosmicBeetle poses an increasing threat to SMBs around the world, especially those lacking the resources to defend against ransomware. While their focus has been international, U.S. businesses could be next due to their reliance on well-known vulnerabilities. The group’s use of outdated flaws and unreliable decryption methods has caused chaos for victims. With evolving ransomware and possible ties to more seasoned cybercriminals, businesses need to be aware of this new threat, particularly those with outdated software.

Low Sophistication, High Damage Potential: CosmicBeetle operates with a “chaotic encryption scheme” and custom ransomware, ScRansom, which often fails during decryption meaning potentially permanent file and data loss.

Opportunistic Global Targeting: CosmicBeetle has attacked businesses in Turkey, Spain, India, South Africa, and other regions. Their targets span various industries, indicating that no sector or region is immune to this threat.

Affiliations with More Notorious Groups: To compensate for its immaturity, CosmicBeetle is trying to associate itself with better-known ransomware gangs like LockBit and RansomHub, borrowing their tools and reputations to gain credibility.

Exploiting Known Vulnerabilities: The group commonly exploits vulnerabilities like those found in Veeam Backup & Replication (CVE-2023-27532) and Microsoft Active Directory (CVE-2021-42278, CVE-2021-42287), posing a risk to any organization using these systems without proper patch management.

Go Deeper -> Amateurish ‘CosmicBeetle’ Ransomware Stings SMBs in Turkey – Dark Reading

New but ‘Immature’ Ransomware Group CosmicBeetle Targets Small Businesses – The Record

Save

September 13, 2024

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.