Category: ALPHV

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.

Image: Shutterstock.

In September 2023, a Russian ransomware group known as ALPHV/Black Cat claimed credit for an intrusion at the MGM Resorts hotel chain that quickly brought MGM’s casinos in Las Vegas to a standstill. While MGM was still trying to evict the intruders from its systems, an individual who claimed to have firsthand knowledge of the hack contacted multiple media outlets to offer interviews about how it all went down.

One account of the hack came from a 17-year-old in the United Kingdom, who told reporters the intrusion began when one of the English-speaking hackers phoned a tech support person at MGM and tricked them into resetting the password for an employee account.

The security firm CrowdStrike dubbed the group “Scattered Spider,” a recognition that the MGM hackers came from different hacker cliques scattered across an ocean of Telegram and Discord servers dedicated to financially-oriented cybercrime.

Collectively, this archipelago of crime-focused chat communities is known as “The Com,” and it functions as a kind of distributed cybercriminal social network that facilitates instant collaboration.

But mostly, The Com is a place where cybercriminals go to boast about their exploits and standing within the community, or to knock others down a peg or two. Top Com members are constantly sniping over who pulled off the most impressive heists, or who has accumulated the biggest pile of stolen virtual currencies.

And as often as they extort victim companies for financial gain, members of The Com are constantly trying to wrest stolen money from their cybercriminal rivals — often in ways that spill over into physical violence in the real world.

CrowdStrike would go on to produce and sell Scattered Spider action figures, and it featured a life-sized Scattered Spider sculpture at this year’s RSA Security Conference in San Francisco.

But marketing security products and services based on specific cybercriminal groups can be tricky, particularly if it turns out that robbing and extorting victims is by no means the most abhorrent activity those groups engage in on a daily basis.

KrebsOnSecurity examined the Telegram user ID number of the account that offered media interviews about the MGM hack — which corresponds to the screen name “@Holy” — and found the same account was used across a number of cybercrime channels that are entirely focused on extorting young people into harming themselves or others, and recording the harm on video.

In one post on a Telegram channel dedicated to youth extortion, this same user can be seen asking if anyone knows the current Telegram handles for several core members of 764, an extremist group known for victimizing children through coordinated online campaigns of extortion, doxing, swatting and harassment.

HOLY NAZI

Holy was known to possess multiple prized Telegram usernames, including @bomb, @halo, and @cute, as well as one of the highest-priced Telegram usernames ever put up for sale: @nazi. A source close to the investigation said @Holy also was a moderator on “Harm Nation,” an offshoot of 764.

People affiliated with harm groups like 764 will often recruit new members by lurking on gaming platforms, social media sites and mobile applications that are popular with young people, including Discord, Minecraft, Roblox, Steam, Telegram, and Twitch.

“This type of offence usually starts with a direct message through gaming platforms and can move to more private chatrooms on other virtual platforms, typically one with video enabled features, where the conversation quickly becomes sexualized or violent,” warns a recent alert from the Royal Canadian Mounted Police (RCMP) about the rise of sextortion groups on social media channels.

“One of the tactics being used by these actors is sextortion, however, they are not using it to extract money or for sexual gratification,” the RCMP continued. “Instead they use it to further manipulate and control victims to produce more harmful and violent content as part of their ideological objectives and radicalization pathway.”

The 764 network is among the most populated harm communities, but there are plenty more. Some of the largest such known groups include CVLT, Court, Kaskar, Leak Society, 7997, 8884, 2992, 6996, 555, Slit Town, 545, 404, NMK, 303, and H3ll.

In March, a consortium of reporters from Wired, Der Spiegel, Recorder and The Washington Post examined millions of messages across more than 50 Discord and Telegram chat groups.

“The abuse perpetrated by members of com groups is extreme,” Wired’s Ali Winston wrote. “They have coerced children into sexual abuse or self-harm, causing them to deeply lacerate their bodies to carve ‘cutsigns’ of an abuser’s online alias into their skin.” The story continues:

“Victims have flushed their heads in toilets, attacked their siblings, killed their pets, and in some extreme instances, attempted or died by suicide. Court records from the United States and European nations reveal participants in this network have also been accused of robberies, in-person sexual abuse of minors, kidnapping, weapons violations, swatting, and murder.”

“Some members of the network extort children for sexual pleasure, some for power and control. Some do it merely for the kick that comes from manipulation. Others sell the explicit CSAM content produced by extortion on the dark web.”

KrebsOnSecurity has learned Holy’s real name is Owen David Flowers, and that he is the previously unnamed 17-year-old who was arrested in July 2024 by the U.K.’s West Midlands Police as part of a joint investigation with the FBI into the MGM hack.

Early in their cybercriminal career (as a 15-year-old), @Holy went by the handle “Vsphere,” and was a proud member of the LAPSUS$ cybercrime group. Throughout 2022, LAPSUS$ would hack and social engineer their way into some of the world’s biggest technology companies, including EA Games, Microsoft, NVIDIA, Okta, Samsung, and T-Mobile.

JUDISCHE/WAIFU

Another timely example of the overlap between harm communities and top members of The Com can be found in a group of criminals who recently stole obscene amounts of customer records from users of the cloud data provider Snowflake.

At the end of 2023, malicious hackers figured out that many major companies have uploaded massive amounts of valuable and sensitive customer data to Snowflake servers, all the while protecting those Snowflake accounts with little more than a username and password (no multi-factor authentication required). The group then searched darknet markets for stolen Snowflake account credentials, and began raiding the data storage repositories used by some of the world’s largest corporations.

Among those that had data exposed in Snowflake was AT&T, which disclosed in July that cybercriminals had stolen personal information and phone and text message records for roughly 110 million people — nearly all its customers.

A report on the extortion group from the incident response firm Mandiant notes that Snowflake victim companies were privately approached by the hackers, who demanded a ransom in exchange for a promise not to sell or leak the stolen data. All told, more than 160 organizations were extorted, including TicketMaster, Lending Tree, Advance Auto Parts and Neiman Marcus.

On May 2, 2024, a user by the name “Judische” claimed on the fraud-focused Telegram channel Star Chat that they had hacked Santander Bank, one of the first known Snowflake victims. Judische would repeat that claim in Star Chat on May 13 — the day before Santander publicly disclosed a data breach — and would periodically blurt out the names of other Snowflake victims before their data even went up for sale on the cybercrime forums.

A careful review of Judische’s account history and postings on Telegram shows this user is more widely known under the nickname “Waifu,” an early moniker that corresponds to one of the more accomplished SIM-swappers in The Com over the years.

In a SIM-swapping attack, the fraudsters will phish or purchase credentials for mobile phone company employees, and use those credentials to redirect a target’s mobile calls and text messages to a device the attackers control.

Several channels on Telegram maintain a frequently updated leaderboard of the 100 richest SIM-swappers, as well as the hacker handles associated with specific cybercrime groups (Waifu is ranked #24). That leaderboard has long included Waifu on a roster of hackers for a group that called itself “Beige.”

Beige members were implicated in two stories published here in 2020. The first was an August 2020 piece called Voice Phishers Targeting Corporate VPNs, which warned that the COVID-19 epidemic had brought a wave of voice phishing or “vishing” attacks that targeted work-from-home employees via their mobile devices, and tricked many of those people into giving up credentials needed to access their employer’s network remotely.

Beige group members also have claimed credit for a breach at the domain registrar GoDaddy. In November 2020, intruders thought to be associated with the Beige Group tricked a GoDaddy employee into installing malicious software, and with that access they were able to redirect the web and email traffic for multiple cryptocurrency trading platforms.

The Telegram channels that Judische and his related accounts frequented over the years show this user divides their time between posting in SIM-swapping and cybercrime cashout channels, and harassing and stalking others in harm communities like Leak Society and Court.

Mandiant has attributed the Snowflake compromises to a group it calls “UNC5537,” with members based in North America and Turkey. KrebsOnSecurity has learned Judische is a 26-year-old software engineer in Ontario, Canada.

Sources close to the investigation into the Snowflake incident tell KrebsOnSecurity the UNC5537 member in Turkey is John Erin Binns, an elusive American man indicted by the U.S. Department of Justice (DOJ) for a 2021 breach at T-Mobile that exposed the personal information of at least 76.6 million customers.

Binns is currently in custody in a Turkish prison and fighting his extradition. Meanwhile, he has been suing almost every federal agency and agent that contributed investigative resources to his case.

In June 2024, a Mandiant employee told Bloomberg that UNC5537 members have made death threats against cybersecurity experts investigating the hackers, and that in one case the group used artificial intelligence to create fake nude photos of a researcher to harass them.

ViLE

In June 2024, two American men pleaded guilty to hacking into a U.S. Drug Enforcement Agency (DEA) online portal that tapped into 16 different federal law enforcement databasesSagar “Weep” Singh, a 20-year-old from Rhode Island, and Nicholas “Convict” Ceraolo, 25, of Queens, NY, were both active in SIM-swapping communities.

Singh and Ceraolo hacked into a number of foreign police department email accounts, and used them to make phony “emergency data requests” to social media platforms seeking account information about specific users they were stalking. According to the government, in each case the men impersonating the foreign police departments told those platforms the request was urgent because the account holders had been trading in child pornography or engaging in child extortion.

Eventually, the two men formed part of a group of cybercriminals known to its members as “ViLE,” who specialize in obtaining personal information about third-party victims, which they then used to harass, threaten or extort the victims, a practice known as “doxing.”

The U.S. government says Singh and Ceraolo worked closely with a third man — referenced in the indictment as co-conspirator #1 or “CC-1” — to administer a doxing forum where victims could pay to have their personal information removed.

The government doesn’t name CC-1 or the doxing forum, but CC-1’s hacker handle is “Kayte” (a.k.a. “KT“) which corresponds to the nickname of a 23-year-old man who lives with his parents in Coffs Harbor, Australia. For several years (with a brief interruption), KT has been the administrator of a truly vile doxing community known as the Doxbin.

A screenshot of the website for the cybercriminal group “ViLE.” Image: USDOJ.

People whose names and personal information appear on the Doxbin can quickly find themselves the target of extended harassment campaigns, account hacking, SIM-swapping and even swatting — which involves falsely reporting a violent incident at a target’s address to trick local police into responding with potentially deadly force.

A handful of Com members targeted by federal authorities have gone so far as to perpetrate swatting, doxing, and other harassment against the same federal agents who are trying to unravel their alleged crimes. This has led some investigators working cases involving the Com to begin redacting their names from affidavits and indictments filed in federal court.

In January 2024, KrebsOnSecurity broke the news that prosecutors in Florida had charged a 19-year-old alleged Scattered Spider member named Noah Michael Urban with wire fraud and identity theft. That story recounted how Urban’s alleged hacker identities “King Bob” and “Sosa” inhabited a world in which rival cryptocurrency theft rings frequently settled disputes through so-called “violence-as-a-service” offerings — hiring strangers online to perpetrate firebombings, beatings and kidnappings against their rivals.

Urban’s indictment is currently sealed. But a copy of the document obtained by KrebsOnSecurity shows the name of the federal agent who testified to it has been blacked out.

The final page of Noah Michael Urban’s indictment shows the investigating agent redacted their name from charging documents.

HACKING RINGS, STALKING VICTIMS

In June 2022, this blog told the story of two men charged with hacking into the Ring home security cameras of a dozen random people and then methodically swatting each of them. Adding insult to injury, the men used the compromised security cameras to record live footage of local police swarming those homes.

McCarty, in a mugshot.

James Thomas Andrew McCarty, Charlotte, N.C., and Kya Christian Nelson, of Racine, Wisc., conspired to hack into Yahoo email accounts belonging to victims in the United States. The two would check how many of those Yahoo accounts were associated with Ring accounts, and then target people who used the same password for both accounts.

The Telegram and Discord aliases allegedly used by McCarty — “Aspertaine” and “Couch,” among others — correspond to an identity that was active in certain channels dedicated to SIM-swapping.

What KrebsOnSecurity didn’t report at the time is that both ChumLul and Aspertaine were active members of CVLT, wherein those identities clearly participated in harassing and exploiting young teens online.

In June 2024, McCarty was sentenced to seven years in prison after pleading guilty to making hoax calls that elicited police SWAT responses. Nelson also pleaded guilty and received a seven-year prison sentence.

POMPOMPURIN

In March 2023, U.S. federal agents in New York announced they’d arrested “Pompompurin,” the alleged administrator of Breachforums, an English-language cybercrime forum where hacked corporate databases frequently appear for sale. In cases where the victim organization isn’t extorted in advance by hackers, being listed on Breachforums has often been the way many victims first learned of an intrusion.

Pompompurin had been a nemesis to the FBI for several years. In November 2021, KrebsOnSecurity broke the news that thousands of fake emails about a cybercrime investigation were blasted out from the FBI’s email systems and Internet addresses.

Pompompurin took credit for that stunt, and said he was able to send the FBI email blast by exploiting a flaw in an FBI portal designed to share information with state and local law enforcement authorities. The FBI later acknowledged that a software misconfiguration allowed someone to send the fake emails.

In December, 2022, KrebsOnSecurity detailed how hackers active on BreachForums had infiltrated the FBI’s InfraGard program, a vetted network designed to build cyber and physical threat information sharing partnerships with experts in the private sector. The hackers impersonated the CEO of a major financial company, applied for InfraGard membership in the CEO’s name, and were granted admission to the community.

The feds named Pompompurin as 21-year-old Peeksill resident Conor Brian Fitzpatrick, who was originally charged with one count of conspiracy to solicit individuals to sell unauthorized access devices (stolen usernames and passwords). But after FBI agents raided and searched the home where Fitzpatrick lived with his parents, prosecutors tacked on charges for possession of child pornography.

DOMESTIC TERRORISM?

Recent actions by the DOJ indicate the government is well aware of the significant overlap between leading members of The Com and harm communities. But the government also is growing more sensitive to the criticism that it can often take months or years to gather enough evidence to criminally charge some of these suspects, during which time the perpetrators can abuse and recruit countless new victims.

Late last year, however, the DOJ signaled a new tactic in pursuing leaders of harm communities like 764: Charging them with domestic terrorism.

In December 2023, the government charged (PDF) a Hawaiian man with possessing and sharing sexually explicit videos and images of prepubescent children being abused. Prosecutors allege Kalana Limkin, 18, of Hilo, Hawaii, admitted he was an associate of CVLT and 764, and that he was the founder of a splinter harm group called Cultist. Limkin’s Telegram profile shows he also was active on the harm community Slit Town.

The relevant citation from Limkin’s complaint reads:

“Members of the group ‘764’ have conspired and continue to conspire in both online and in-person venues to engage in violent actions in furtherance of a Racially Motivated Violent Extremist ideology, wholly or in part through activities that violate federal criminal law meeting the statutory definition of Domestic Terrorism, defined in Title 18, United States Code, § 2331.”

Experts say charging harm groups under anti-terrorism statutes potentially gives the government access to more expedient investigative powers than it would normally have in a run-of-the-mill criminal hacking case.

“What it ultimately gets you is additional tools you can use in the investigation, possibly warrants and things like that,” said Mark Rasch, a former U.S. federal cybercrime prosecutor and now general counsel for the New York-based cybersecurity firm Unit 221B. “It can also get you additional remedies at the end of the case, like greater sanctions, more jail time, fines and forfeiture.”

But Rasch said this tactic can backfire on prosecutors who overplay their hand and go after someone who ends up challenging the charges in court.

“If you’re going to charge a hacker or pedophile with a crime like terrorism, that’s going to make it harder to get a conviction,” Rasch said. “It adds to the prosecutorial burden and increases the likelihood of getting an acquittal.”

Rasch said it’s unclear where it is appropriate to draw the line in the use of terrorism statutes to disrupt harm groups online, noting that there certainly are circumstances where individuals can commit violations of domestic anti-terrorism statutes through their Internet activity alone.

“The Internet is a platform like any other, where virtually any kind of crime that can be committed in the real world can also be committed online,” he said. “That doesn’t mean all misuse of computers fits within the statutory definition of terrorism.”

The RCMP’s warning on sexual extortion of minors over the Internet lists a number of potential warning signs that teens may exhibit if they become immeshed in these harm groups. The FBI urges anyone who believes their child or someone they know is being exploited to contact their local FBI field office, call 1-800-CALL-FBI, or report it online at tips.fbi.gov.

The Department of State, in its ongoing efforts to combat cybercrime, has announced a $10 million reward for information leading to the apprehension of ALPHV, also known as the Blackcat Ransomware Gang. This significant bounty underscores the severity of the threat posed by such criminal organizations.

In addition to targeting the leaders of the Blackcat Gang, the Department of State is prepared to offer rewards for information regarding their affiliates, access brokers, and other associates. These rewards are part of the US Transnational Organized Crime Rewards Program, which has disbursed over $135 million since its inception in 1986 to combat various forms of criminal activity, including cybercrime, narcotics trafficking, and child exploitation.

The decision to announce this reward comes in the wake of findings by the FBI linking the Blackcat Gang to more than 60 data breaches worldwide. These breaches involve the theft of sensitive information from servers, which is then encrypted by the hackers until a ransom in cryptocurrency is paid. It is estimated that the gang may have collected as much as $300 million in ransom payments from over 1,000 victims between December 2022 and September of the following year, with projections indicating a potential doubling of these figures in the current year.

Despite the efforts of law enforcement agencies, apprehending such criminals presents significant challenges. Many operate from foreign jurisdictions, utilizing virtual private networks (VPNs) to conceal their online activities. Even when their whereabouts are identified, legal barriers in their home countries often impede extradition efforts.

Russia, for instance, has offered limited cooperation with American cybercrime investigators, with instances of disavowal being more common. Similarly, countries like China, North Korea, and Iran typically refrain from supporting international law enforcement efforts, exacerbating the difficulty of apprehending cybercriminals.

Furthermore, these criminal enterprises not only pose a direct threat through their cyber-attacks but also contribute to the funding of illicit activities, including nuclear proliferation efforts. The example of North Korean leader Kim Jong Un’s regime highlights the intersection of cybercrime and geopolitical instability, underscoring the urgent need for international cooperation in combating this growing threat to global security.

The post US State Department offers $10m reward on leads on ALPHV aka Blackcat ransomware appeared first on Cybersecurity Insiders.

In 2023, the BlackCat, also known as ALPHV ransomware group, achieved remarkable success by nearly accumulating $700 million through the encryption of databases. Among its victims were three Fortune 500 companies, numerous financial institutions, and businesses in the hospitality sector, including MGM Resorts International, Tipalti, MeridianLink, Fidelity National Finance, Air Comm Corp, Fu Yu Corp, and Seiko.

For those seeking effective strategies to intelligently mitigate the risks associated with the BlackCat ransomware, here are key takeaways:

Employee Training: Investing in employee training is crucial for enhancing their ability to defend against phishing attempts and other social engineering threats, which often serve as entry points for file-encrypting malware.

Layered Security Approach: Implementing a comprehensive layered security approach involves deploying network security, application security tools, data encryption at rest and in motion, and endpoint protection in IT environments. This multi-faceted approach helps fortify defenses against such attacks.

Zero Trust Framework: Deploying a zero-trust environment enables organizations to closely monitor every user and device connecting to the network, allowing access only to authenticated users and enhancing overall security.

Network Testing: Regularly conducting penetration tests is vital for detecting anomalies in the network that could be exploited by ALPHV criminals. Identifying vulnerabilities proactively is key to preventing potential breaches.

Incident Response Plan: Establishing an incident response team or, at the very least, having a well-defined plan in place facilitates swift recovery from any cyber incident. This proactive approach minimizes downtime and mitigates financial losses.

Backup and Recovery: Implementing a robust data backup plan that can be activated as needed proves invaluable in the event of an attack, providing a means to restore essential data and systems.

Threat Intelligence: Despite cost-cutting measures in the face of economic challenges, maintaining in-house expertise or having access to a team of forensic experts is crucial. This ensures swift procedural and recovery measures in the aftermath of a cyber-attack, minimizing losses and facilitating a quicker return to normal operations.

The post How to smartly tackle BlackCat Ransomware group appeared first on Cybersecurity Insiders.

It’s widely known that the Ryhsida Ransomware gang successfully infiltrated the servers of Insomniac, a company specializing in X-Men game development, including the Wolverine series co-developed with Sony Inc. The gang stole crucial data files, totaling 1.67 terabytes, and is now asserting its data breach by gradually releasing the information. Despite not receiving the demanded 50 bitcoins or $2 million, the group has opted to release the stolen data in installments by the year-end, indicating a willingness to sell the information to the highest bidder. The FBI is actively monitoring these developments and is in the process of creating a free decryption tool.

In a contrasting scenario, another ransomware gang, BlackCat, faced a setback when the US Department of Justice directed the FBI to seize its dark web-based URL. BlackCat, also known as ALPHV, managed to regain control of its website and is now demanding a minimum of $4.5 million from its 500-plus victims worldwide. The group plans to double the ransom amount as law enforcement agencies intensify their efforts. In response, the FBI, collaborating with US CERT, has instructed developers to create a free decryption tool for the victims by early January 2024.

HCL Technologies, an IT company specializing in software, made headlines as it experienced a business downgrade by Kotak Institutional Equities due to a ransomware attack. The company’s failure to safeguard customer data led to these business challenges. Despite the malware infecting its cloud environment, HCL Technologies has isolated the threat and is implementing measures outlined in its efficient disaster recovery plan to mitigate risks.

Kaspersky, a Russian-based cybersecurity firm, has identified the Akira Ransomware criminals expanding their global impact by targeting Windows and Linux systems worldwide. Notably, the criminal group has extended its reach to MacOS, considered one of the most secure OS environments provided by Apple Inc. During the holiday season, the threat level has escalated significantly, with cybercriminal gangs engaging in double and triple extortion schemes to secure monetary gains.

The post Ransomware news on FBI, BlackCat, and Game plan release appeared first on Cybersecurity Insiders.

In a groundbreaking development in the realm of ransomware, ALPHV, also known as BlackCAT, has taken an unprecedented step by filing a complaint with the Security and Exchange Commission (SEC) against a victim who failed to adhere to the stipulated rule mandating disclosure of a cyber attack within a 4-day timeframe.

The targeted victim in this case is Meridian Link, a trading company specializing in providing tech solutions to financial institutions and banks. BlackCAT’s recent action indicates an alarming escalation in the tactics employed by cybercriminals, as they venture into publicly shaming their victims. Previously, ransomware groups typically resorted to tactics such as encrypting a victim’s database until a ransom was paid. Subsequently, they elevated their extortion methods by stealing sensitive data and issuing threats to release or sell it, applying pressure on the victim. A further tactic involved threatening to damage the victim’s reputation among competitors, partners, or customers. Now, these criminal entities seem to have reached a new low by formally filing a complaint with the SEC against their victim.

The SEC, however, systematically reviews such complaints, scrutinizing the technical aspects while assessing the credibility of the entity filing the complaint. And in this case, the SEC will collaborate with law enforcement agencies to appropriately address the situation.

ALPHV underscored its audacious move by publishing a screenshot of the complaint form submitted on the SEC website in a public Telegram channel.

In response, MeridianLink has acknowledged the authenticity of the data breach news and has expressed its intention to seek assistance from law enforcement in addressing the matter. Nevertheless, the company has yet to disclose specific details about the breach, including the timing of the cyber attack, when it was identified, and the extent of data loss.

The post ALPHV Ransomware gang files SEC Complaint against a victim appeared first on Cybersecurity Insiders.

This is unimaginable, but is taking place in practical, seriously! Russian ransomware gang BlackCat Ransomware group has targeted a hospital operating in Pennsylvania this time and are threatening to leak intimate photos of the patient, say their private parts, taken during a radiology or some kind of scan tests.

Lehigh Valley Health Network (LVHN), Lackawanna County, is the healthcare organization that has been attacked and cyber crooks stole patient information related to her radiation oncology treatment.

BlackCat aka ALPHV is threatening to leak the data related to the single patient and will follow a similar process in the near future if their demands are not met on time.

Based on the condition of anonymity, a source reveals that the criminal gang also had access to some sensitive data of some female patients and are threatening to leak the information, if the organization doesn’t play heed to their demands.

This reveals us the desperation and willingness of the criminals to do anything and everything to mint money from the targets who refuse to pay.

A few days ago, Medusa Ransomware gang was also trending on the Google news headlines for stealing some sensitive details of school pupil related to Minneapolis Public Schools. They demanded $1 million ransomware and, as the victims failed to pay the crypto currency on time; they leaked some screenshots related to the scanned copies of some handwritten notes related to two male and female students facing allegations of Se$u@l Assault.

NOTE- So, if the law enforcement doesn’t take serious action against these gangs, they can turn heinous and take this crime to the next level, where victims can suffer a lot than what they are suffering, currently. From the Biden government’s POV, they are already taking steps to curb such incidents on national infrastructure and have also implemented strict laws such as slapping sanctions against criminals and keeping a track of the digital currency payments taking place in the crypto world. On the victims’ part, first they should start proactively securing their infrastructure and try to keep such criminals at bay from their network. And if the unfortunate happens, then consider recovery measures and stop paying the criminals. As such prompt payments not only increase crime but also don’t guarantee a decryption key for sure.

 

The post Ransomware hackers turn nasty by sharing intimate patient photos appeared first on Cybersecurity Insiders.

A mining firm shut down its operations in Southern British Columbia in order to contain the repercussions developed from a ransomware attack. The Canadian Copper Mountain Mining Corporation is the firm that had to shut down its offices in Vancouver during the weekend as most part of its corporate computer network was held hostage by a file encrypting malware demanding millions to offer a decryption key.

The copper and precious metals mining company says that it is suspecting Lockbit ransomware group behind the incident. But chose to reveal confirmed details after thorough investigation.

In other news that is related to ransomware, but shows us the humanity side of the criminals is related to a Hospital for Sick Children. If we go into the details, as soon as the LockBit Ransomware gang learnt it encrypted the network of SickKids, they immediately apologized for the incident and handed over a free decryption key, showing us their kind heartedness.…. unbelievable… isn’t it?

Cybersecurity Insiders learnt that the attack took place on December 18th of last year, causing delays to diagnosis and treatment of patients. However, the criminals gang realized their mistake and returned the decryption key, thus helping the staff to restore their systems on priority.

Third is the news related to BlackCat Ransomware, also known as ALPHV. The ransomware gang has not only introduced an innovation into their threatening tactics but also implemented it in the new year.

As per the details available, Alphv hacked into the network of a financial company and stole their data. And as the victim failed to pay attention to their demands, they released the stolen details for sale on the dark web.

Not stopping by this deed, BlackCat also created a replication of the victim’s company website and published all the stolen data into the website, to surprise and gather logins from the web portal users.

Port of Lisbon, the busiest seaport in Europe, stated that it has reportedly become a victim of a cyber attack of ransomware genre. Portuguese News resource Publico made this news official and confirmed that the incident took place on the Christmas day, a week ago.

LockBit malicious software spreading gang is suspected behind the Christmas season attack and the ransom they are demanding is $1.5 million and that too they want the payment by January 18th of this year.

 

The post Ransomware news trending on Google appeared first on Cybersecurity Insiders.