Converged security and networking to securely connect any user, device, or site to any workload or application.

Versa Secure Access Fabric Versa Zero Trust Everywhere Versa Titan Versa SASE Architecture Versa AI
Security Service Edge (SSE)

Secure user access to the web, cloud services, and private applications

Versa Secure Private Access

Zero Trust Network Access (ZTNA)

Versa Secure Internet Access

Secure Web Gateway (SWG) Firewall-as-a-Service (FWaaS) Cloud Access Security Broker (CASB) Data Loss Prevention (DLP) Remote Browser Isolation (RBI)

Versa Zero Trust - Premises

Secure Networking

Software-defined networking solutions with security built-in

Versa Secure SD-WAN Versa Secure SD-NIC Versa Secure SD-LAN Versa Routing Product Component
Solution Overview Work-from-Home Solutions WAN Edge Solutions Secure SD-WAN Security Routing Lean IT Solutions
Industry Solutions Architecture Education Energy & Utilities Engineering & Construction Federal Government Financial Services Healthcare Hospitality
  Legal Manufacturing Public Sector Retail Satellite ISP Technology Transportation
SASE ROI Calculator

SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.

Try It Now
Our Customers Customer Acclaim Customer Videos Customer Support
Case Studies Top Energy Firm Global Satellite Provider Global Pharmaceutical Company Large Food Retailer National Dental Practice Global Retailer Global Financial Services Firm
  Global Credit Card Payments Company Cloud/SaaS Digital Marketing Firm McLaren Racing Limited Leading Media and Communications Service Provider Fortune 500 Financial Services Company
Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

Case Study
Partner Overview Program Summary Technology Partners Microsoft Azure Google Cloud Dell Technologies
Titan for Partners Find a Partner Become a Partner Partner Portal
 
Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

Read the Report
What’s New SASE ROI Calculator Analyst Reports Webinars
Videos Datasheets Solution Briefs White Papers & eBooks
Certificates Versatility 2023 Product Documentation Versa Academy
Gartner Magic Quadrant for WAN Edge Infrastructure

Gartner Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Read the Report
Company Overview Leadership Team Our Investors Awards Contact Us
News Latest News Press Releases Media Coverage Events
Careers Current Openings Life at Versa Cultural Values
Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Watch the Video
Secure Access Service Edge What are the Major SASE Components? What is Secure Web Gateway? What is ZTNA? What is CASB?
A Quick Introduction to SASE Architecture How to Adopt SASE Primary SASE Challenges Network Transformation with 5G
Why is SASE Necessary? What Kind of Company Should Use SASE? What are the Primary SASE Benefits? How Can SASE Help You and Your Organization?
Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location.

Read the Brief
What is SD-WAN? SD-WAN Tutorial SD-WAN Technology Choosing a Vendor
Hybrid WAN Cloud WAN IDS/IPS
 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

Read the Brief

The Versa Networks Blog

Research Lab

Blackcat/ALPHV Ransomware and What To Do

versa-threat-research-lab
By Versa Threat Research Lab
Versa Networks
April 27, 2022

The FBI, chief investigating agency of the U.S., has triggered an alert concluding that more than 60 organizations worldwide have been a victim of the sophisticated ransomware attack by Blackcat also known as ALPHV/Noberus. The ransomware first came to light when the investigation revealed it to be the first ransomware using the memory-safe programming language RUST, known for its improved performance.

Many of the developers of Blackcat are linked with more popular ransomware groups Darkside and Blackmatter who large groups with the experience to carry out operations with a well-established network to support logistics. The advantage of using the RUST programming language renders a very low detection ratio among Antivirus vendors since most static analysis tools aren’t well adapted to the new programming language.

Like other RaaS groups, the motive behind the development of Blackcat/ALPHV ransomware involves data theft, before executing any ransom activities, by leveraging user credentials to gain access to the target system. Initial analysis by Vedere Labs, reveals two distinct exploitations

  1. Penetration of internet-exposed SonicWALL firewall
  2. Lateral movement to encrypt VMware ESXI virtual farm

Blackcat/ALPHV, alongside Conti and LockBit are currently designated by FBI to be most dangerous and active ransomware groups. It is important to watch out for any Indicators of its existence. A few of the IOCs are listed below:

PowerShell Scripts
Filename MD5 Hash
amd – Copy.ps1 861738dd15eb7fb50568f0e39a69e107
ipscan.ps1 9f60dd752e7692a2f5c758de4eab3e6f
Run1.ps1 09bc47d7bc5e40d40d9729cec5e39d73
Additional File Names  
[###].ps1, CME.ps1, [#].ps1, Run1.ps1, mim.ps1, [##].ps1, psexec.ps1, Systems.ps1, System.ps1  
Batch Scripts
CheckVuln.bat f5ef5142f044b94ac5010fd883c09aa7
Create-share-RunAsAdmin.bat 84e3b5fe3863d25bb72e25b10760e861
LPE-Exploit-RunAsUser.bat 9f2309285e8a8471fce7330fcade8619
RCE-Exploit-RunAsUser.bat 6c6c46bdac6713c94debbd454d34efd9
est.bat e7ee8ea6fb7530d1d904cdb2d9745899
runav.bat 815bb1b0c5f0f35f064c55a1b640fca5
Executables and DLLs
http_x64.exe 6c2874169fdfb30846fe7ffe34635bdb
spider.dll 20855475d20d252dda21287264a6d860
spider_32.dll 82db4c04f5dcda3bfcd75357adf98228
powershell.dll fcf3a6eeb9f836315954dae03459716d
rpcdump.exe 91625f7f5d590534949ebe08cc728380
mimikatz.exe (SHA1 Hash) d241df7b9d2ec0b8194751cd5ce153e27cc40fa4
run.exe (SHA1 Hash) 4831c1b113df21360ef68c450b5fca278d08fae2
zakrep_plink.exe (SHA1 Hash) fce13da5592e9e120777d82d27e06ed2b44918cf
beacon.exe (SHA1 Hash) 3f85f03d33b9fe25bcfac611182da4ab7f06a442
win1999.exe (SHA1 Hash) 37178dfaccbc371a04133d26a55127cf4d4382f8
[compromised company].exe (SHA1 Hash) 1b2a30776df64fbd7299bd588e21573891dcecbe
Additional File Names  
test.exe, xxx.exe, Mim.exe, xxxw.exe, Services.exe, plink.exe, crackmapexec.exe, Systems.exe, PsExec64.exe  
BlackCat Ransomware SHA1 Hashes
731adcf2d7fb61a8335e23dbee2436249e5d5753977ec465754c6b699e9bf161f837f1cd60e9941aa60f7be50a8f2aaaac380f560db8ee001408f35c1b7a97cb731adcf2d7fb61a8335e23dbee2436249e5d5753977ec465754c6b699e9bf16180dd44226f60ba5403745ba9d18490eb8ca12dbc9be0a317dd2b692ec041da28
C2C IP’s
89.44.9.243, 142.234.157.246, 45.134.20.66, 185.220.102.253, 37.120.238.58, 152.89.247.207, 198.144.121.93, 89.163.252.230, 45.153.160.140, 23.106.223.97, 139.60.161.161, 146.0.77.15, 94.232.41.155 
Recommended Mitigations

While it is essential for an organization to look out for IOCs to check if they have been already attacked by ransomware, it is also necessary to, at a minimum, follow the steps below to protect your organization from such sophisticated attacks. 

  1. Follow recommended patching strategy of an organization, which involves reviewing code and issuing the latest security patches for all the network infrastructure devices.
  2. Check for any known footage of IOCs within the network.
  3. Monitor networks for any access by an unknown IP address
  4. Have a dedicated team to review security policies and implement the same.
  5. Consider network segmentation, if possible, in order to minimize lateral movement of attack vectors.
  6. Perform regular backups of all the critical infrastructure devices.

Topics



Recent Posts

Versa Security Research Team
Versa Security Bulletin: Palo Alto Networks PAN-OS GlobalProtect Zero-Day Vulnerability under Active Exploitation
By Versa Security Research Team
April 19, 2024
Brad LaPorte, Gartner Veteran and Industry Expert, Lionfish Tech Advisors & Jon Taylor, Director and Principal of Security, Versa Networks
Data Defense in Depth: Unifying Data Protection and Zero Trust through SASE for Ultimate Data Protection with Versa Networks
By Brad LaPorte, Gartner Veteran and Industry Expert, Lionfish Tech Advisors & Jon Taylor, Director and Principal of Security, Versa Networks
April 17, 2024
Jon Taylor
CyberRatings.org Recommends Versa Networks as a Top Tier Next Generation Firewall for Cloud Deployments
By Jon Taylor
April 3, 2024
Versa Security Research Team
Versa Security Bulletin: ConnectWise ScreenConnect Authentication Bypass and Path-Traversal Vulnerabilities
By Versa Security Research Team
March 8, 2024
Versa Security Research Team
Versa Security Bulletin: Volt Typhoon Exploitation of N-Day and Zero-Day Vulnerabilities
By Versa Security Research Team
February 28, 2024


Top Tags


Gartner Research Report

Gartner Magic Quadrant for WAN Edge Infrastructure

Gartner Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.