Hackers used Billing Software Zero-day to Deploy Ransomware

Share post:

A critical error in the SQL injection, which was found in the time and accounting solution of the BillQuick Web Suite, is currently used by an as yet unidentified Ransomware group to deploy ransomware in the networks of the targets.

According to Huntress ThreatOps researchers, the vulnerability can easily be triggered by login requests with invalid characters in the username field.

While it is not clear whether the Ransomware is used as a decoy to cover up other malicious activities, investigations by Bleeping Computer showed that Ransomware is in use since May 2020, and as soon as she is used on target systems, she will add the pusheken91@bk.ru extension to all encrypted files.

While the vulnerability was patched on October 7 after Huntress Labs notified BQE of the software bug, 8 unpatched vulnerabilities could also be exploited for initial access/code execution.

Speaking about the ransomware and the gang behind it, Huntress Labs security expert Caleb Stewart explained: “The actor we observed did not align with any known/large threat actor of which we are aware. It’s my personal opinion this was a smaller actor and/or group based on their behavior during exploitation and post-exploitation. However, based on the issues we’ve identified/disclosed, I would expect further exploitation by others moving forward is likely. We observed the activity over Columbus Day weekend (08-10 October 2021).”

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs


Related articles

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

LinkedIn introduces verification for recruiters to combat scams

LinkedIn announced today the launch of a new verification process for job recruiters, a move aimed at curtailing...

Cyber Security Today, Week in Review for week ending Friday, April 5, 2024

This episode features a discussion on a highly critical report on the hacking of Microsoft Exchange Online email accounts, a case study of a ransomware attack and the discovery of a years-long infiltration of an open source group to insert a backdoor

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways