Last Updated on 22/02/2022 by Nidhi Khandelwal
Because the harmful websites are updated on a regular basis, there is always a new set of lures to get people to visit the virus distribution sites.
Visitors to these sites are sent via a succession of pages before arriving at the delivery page, therefore the landing page could be on a compromised legitimate site being exploited for SEO poisoning.
We’ve seen the same malware operators utilize bogus VPN sites in the past to deliver CryptBot to victims, so this isn’t a new tactic.
The Meyer data breach notification states, “On or around December 1, 2021, our investigation identified potential unauthorized access to Meyer employee information [including employees of Meyer’s subsidiaries Hestan Commercial Corporation, Hestan Smart Cooking, Hestan Vineyards, and Blue Mountain Enterprises, LLC].”
While Meyer’s declaration doesn’t go into depth about the cyberattack that led to the data leak, we discovered a pertinent item on the Conti extortion site that dates from November 7, 2021.
On Conti’s page, Meyer has a ZIP file that contains 2% of the data allegedly seized by the ransomware gang during the cyberattack.
However, in the months afterwards, the notorious ransomware organization has failed to publish the remaining 98 percent, indicating either a readiness to bargain forever or a loss of interest.
In any case, since Meyer has made the issue public and offered identity protection services to those who have been harmed, there can be no conclusion that benefits the criminals.