Category Archives: sage

Top ERP software vendors for 2023

Posted on by

Are you an IT manager or executive trying to make the case for a new ERP vendor? Compare the top ERP software companies with our list today.
The post Top ERP software vendors for 2023 appeared first on TechRepublic.
Continue reading Top ERP software vendors for 2023

Scanco partners with CoreChain to automate the payment process with blockchain technology

Posted on by

Scanco Software and CoreChain Technologies announce that they are partnering to co-develop an integration of the CoreChain payments network with Scanco’s software products. The co-developed solutions, including an enhanced version of Scanco Purchase Ag… Continue reading Scanco partners with CoreChain to automate the payment process with blockchain technology

Sage selects Cloud at Work as an approved Strategic Hosting Provider

Posted on by

Cloud at Work announced that it has been selected by Sage as an approved Strategic Hosting Provider to help Sage Partners migrate customers to the cloud. Cloud at Work allows Sage customers in the U.S. currently using on-premises solutions, including S… Continue reading Sage selects Cloud at Work as an approved Strategic Hosting Provider

Stromberg Carlson Charactron Tube

Posted on by

Flat panel TVs have spoiled us. It used to be that a big display took up a lot of room on your desk or living room because of the depth of the CRT’s electron gun. We wonder what the designers of the charactron would think if they could see our big flat screens today. Never heard of a charactron? Check out [uniservo’s] video of one of these old character display tubes.

You might think the device is just a simple small CRT. However, it is much stranger than that. Inside the tube was a stencil that contained all the characters …read more

Continue reading Stromberg Carlson Charactron Tube

Oracle Provides Workaround for Critical Flaw in Identity Manager

Posted on by

Oracle has warned customers about a critical vulnerability in the Oracle Identity Manager (OIM) that could allow an attacker to gain complete control over the user management system. OIM is part of Oracle’s Fusion Middleware suite of business applications and provides user provisioning and management. Companies use this application to add new accounts for employees..

The post Oracle Provides Workaround for Critical Flaw in Identity Manager appeared first on Security Boulevard.

Continue reading Oracle Provides Workaround for Critical Flaw in Identity Manager

Notes on Sage 2.2 ransomware version

Posted on by

Sage, also known as SageCrypt, is an interesting ransomware variant – emerged somewhere in December last year, and is believed to be a variant of the CryLocker ransomware.

There’s a good blog post on BleepingComputer on the first version of Sage, id est “Sage 2”.

Yesterday, a personal friend of mine reached out, as his “computer started talking” and his files appeared to be encrypted. And indeed, it appears he suffered the latest variant of Sage: Sage 2.2

Sage 2.2 appears to have been out for a while, at least since February of this year:

Sage 2.2 sample (at 11/58): https://t.co/XsWMsPcXsj
From: nrcommerce[.]com/system/config/spam1.exe – that filename… 👏
More samples: pic.twitter.com/a2J157kjJk

— MalwareHunterTeam (@malwrhunterteam) February 21, 2017

Some figures of Sage 2.2 follow below:

Figure 1 – Sage 2.2 desktop background

Figure 2 – Sage 2.2 file recovery instructions
The message reads:

You probably noticed that you can not open your files and that some software stopped working correctly.
This is expected. Your files content is still there, but it was encrypted by “SAGE 2.2 Ransomware”.
Your files are not lost, it is possible to revert them back to normal state by decrypting.
The only way you can do that is by getting “SAGE Decrypter” software and your personal decryption key.


Typical features of Sage 2.2, include, but are not limited to:

  • Refresh or update of payment pages is possible;
  • Ransom note (!HELP_SOS) and portal, including CAPTCHA;

And…

It speaks! Just like Cerber did at some point, Sage 2.2 has a message for the victim using Microsoft SAPI:

Figure 3 – VBscript which will speak to the victim (click to enlarge)

Interestingly enough, even though the version number still indicates 2.2, there’s at least one slight change:

  • Deletion or purge of backup catalog/history by using:
    wbadmin delete catalog -quiet

The portal or decryption pages look as follows, stepping through:

Figure 4 – Sage 2.2 user login portal
Figure 5 – Captcha
Figure 6 – Language selection
Figure 7 – Final portal

The victim can choose from a multitude of languages, and, at the final portal, there is a special prize for the decryption, for a selected time (7 days): currently 0.17720 BTC, which is about $1000.

As usual, there’s a Payment, Test decryption, Instructions, and even a Support tab:

Figure 8 – Payment tab
Figure 9 – Test Decryption tab
Figure 10 – Instructions tab
Figure 11 – Support requests tab

Sage 2.2 will append the .sage extension to encrypted files and currently, it does not appear files can be decrypted without the cybercriminal’s help.

As always, try to restore from a backup if possible, and avoid paying the ransom.

Additionally, have a look at my ransomware prevention page, on how to protect yourself.

IOCs

The post Notes on Sage 2.2 ransomware version appeared first on Security Boulevard.

Continue reading Notes on Sage 2.2 ransomware version

Fake Your Sage subscription invoice is Due delivers malware

Posted on by

An email with the subject of Your Sage subscription invoice is Due pretending to come from Sage but actually coming from a look-a-like domain SAGE UK <message@sagemailsupport14.top>  with a malicious word doc attachment  is another one of today’s  spoofs of a well-known company, bank or public authority delivering what I think Continue reading → Continue reading Fake Your Sage subscription invoice is Due delivers malware