Group items tagged

"Ransomware hunters: the self-taught tech geniuses fighting cybercrime"

"The January snow lay thick on the Moscow ground, as masked officers of the FSB - Russia's fearsome security agency - prepared to smash down the doors at one of 25 addresses they would raid that day. Their target was REvil, a shadowy conclave of hackers that claimed to have stolen more than $100m (£74m) a year through "ransomware" attacks, before suddenly disappearing. As group members were led away in cuffs, FSB officers gathered crypto-wallets containing untold volumes of digital currency such as bitcoin. Others used money-counting machines to tot up dozens of stacks of hundred dollar bills."

"Virtually every company and organisation now has - indeed has to have - an online presence. But many still take only rudimentary cybersecurity precautions and are sitting ducks for hackers. For most of companies, that's a matter for them and their boards of directors - it's their lookout if a ransomware attack makes them insolvent."

"Ransomware analysts offered several possible explanations for why the master key has now appeared. It is possible Kaseya, a government entity, or a collective of victims paid the ransom. The Kremlin in Russia also might have seized the key from the criminals and handed it over through intermediaries, experts said."

"JBS, the world's biggest meat processor, has paid an $11m (£7.8m) ransom after a cyber-attack shut down operations, including abattoirs in the US, Australia and Canada. While most of its operations have been restored, the Brazilian-headquartered company said it hoped the payment would head off any further complications including data theft."

""This is the largest impact on the energy system in the United States we've seen from a cyberattack, full stop," says Rob Lee, CEO of the critical-infrastructure-focused security firm Dragos. Aside from the financial impact on Colonial Pipeline or the many providers and customers of the fuel it transports, Lee points out that around 40 percent of US electricity in 2020 was produced by burning natural gas, more than any other source. That means, he argues, that the threat of cyberattacks on a pipeline presents a significant threat to the civilian power grid. "You have a real ability to impact the electric system in a broad way by cutting the supply of natural gas. This is a big deal," he adds. "I think Congress is going to have questions. A provider got hit with ransomware from a criminal act, this wasn't even a state-sponsored attack, and it impacted the system in this way?""

"In a statement, the company said: "Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already under way, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline."

"Let's say you have an IoT device that is well protected with functions that can be accessed through a well-defined API; even if you can control the device through the API, you probably can't do too much harm. Firmware, the programming inside the device has logical constraints that don't allow you, for example, to close garage doors while someone is in the way of them or overheat a device so that it combusts.  We used to trust that hardware, such as a common kitchen appliance, could be trusted and could not be easily altered without physically dismounting the device. But with today's "smart" appliances, this is no longer the case."

"As hospitals face a surge in patients and critical equipment shortages stemming from the coronavirus pandemic, they are increasingly becoming the target of hackers who see health care facilities as easy prey. Ransomware attacks, in which hackers lock up a network and demand payment to return access to these systems, have presented a growing threat to hospitals since January. "

"Victims of a major ransomware cyberattack that has spread through the US and Europe can no longer unlock their computers even if they pay the ransom. The "Petya" ransomware has caused serious disruption at large firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. Infected computers display a message demanding a Bitcoin ransom worth $300. Those who pay are asked to send confirmation of payment to an email address. However, that email address has been shut down by the email provider. "

" respite was thanks to a sloppy bit of programming from the worm's creator, who'd left a killswitch in the code: newly infected systems checked to see if a certain domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) existed before attempting to spread the infection; by registering this domain, security researchers were able to freeze the worm.The respite was thanks to a sloppy bit of programming from the worm's creator, who'd left a killswitch in the code: newly infected systems checked to see if a certain domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) existed before attempting to spread the infection; by registering this domain, security researchers were able to freeze the worm. But a day later, it's back, and this time, without the killswitch. Security researchers running honeypots have seen new infections by versions of the worm that can spread even when the iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com domain is live."

"Computer security experts suggested that the crisis could reflect weaknesses in the NHS's cybersecurity. Ross Anderson, of Cambridge University, said the attack appeared to exploit a weakness in Microsoft's software that was fixed by a "critical" software patch earlier this year but which may not have been installed across NHS computers."

"Indeed, this scam is far subtler. It works like this: fraudsters are able to register domains with characters plucked from various alphabets other than the default Latin script. When displayed, it's all but impossible to tell apart a Greek "O" from a Cyrillic "O" from a Latin "O," for instance."

"The criminals who took over the library system want $35,000 in Bitcoin to give it back.The criminals who took over the library system want $35,000 in Bitcoin to give it back. The FBI is investigating. The library does not store sensitive patron data, so the hack does not expose patrons to data-breach risks."

"That is when the alarm bells went off for Mr Ang. "I saw that there was a text file inside the encrypted folder that showed that it was ransomware, asking for payment to decrypt the files." The company decided not to pay the ransom of US$1,000 (S$1,447). Instead, it spent a week rebuilding about 3,000 infected files with data of the accounts and stocks from hard copy files."

"A new strain of ransomware has been targeting government agencies and educational institutions in the United States, through scam emails that pretend to be something important. The malware, dubbed as 'MarsJoke' by Proofpoint security researchers, reportedly began a large-scale email campaign which distributed the cryptomalware last week. The developers are sending out emails which seems to be masked as a message from an airline company."

"There are now more than 120 separate families of ransomware, said experts studying the malicious software. Other researchers have seen a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns."

"Petya ransomware victims can now unlock infected computers without paying. An unidentified programmer has produced a tool that exploits shortfalls in the way the malware encrypts a file that allows Windows to start up. In notes put on code-sharing site Github, he said he had produced the key generator to help his father-in-law unlock his Petya-encrypted computer."