Category: BlackCat

APT29 moves from Government infrastructure towards Cloud Service Providers

APT29, also known as Midnight Blizard or Cozy Bear and associated with Russian Intelligence, appears to have altered its approach from targeting government infrastructure to focusing on cloud service providers. This strategic shift is driven by the increased challenges posed by law enforcement efforts against infiltrations into government systems. Cloud services offer a more lucrative avenue for malicious actors, as compromising them can have far-reaching consequences, such as impacting global supply chains, as seen in incidents like SolarWinds and the recent MoveIT File transfer software breach.

BlackCat Claims Responsibility for Pharmacy Prescription Delays

Following a recent disruption to Change Health’s IT infrastructure, resulting in halted prescription deliveries to numerous pharmacies, the ransomware gang BlackCat, also known as ALPHV, has asserted control over the servers of both Change Health and United Health’s Optum subsidiary. They are demanding $13 million in exchange for decrypting the compromised data. Mandiant, the cybersecurity arm of Google’s parent company Alphabet Inc., has been engaged to investigate the breach and assist the affected pharmaceutical companies in resolving the situation.

Cyber Attack on the Royal Canadian Mounted Police

The Royal Canadian Mounted Police (RCMP) has confirmed an ongoing investigation into a cyber incident affecting its computer network, resulting in the RCMP website being inaccessible for the past 24 hours with an HTTP 404 error message. Visitors to the site are being redirected to a nonexistent webpage, indicating a potential cyber-attack rather than a technical error, as initially suspected.

Germany ThyssenKrupp falls prey to a ransomware attack

ThyssenKrupp, a German steel producing company, has reported a ransomware attack targeting its Automotive division at the onset of last week. This breach has disrupted automotive chassis production to some extent, with the full extent of the damage yet to be determined. While investigations are ongoing, suspicions point towards a ransomware-based cyber-attack as the cause of the breach.

Google’s AI Cyber Defense Gains Momentum

Numerous Fortune 500 companies have expressed interest in Google’s latest AI Cyber Defense initiative, aimed at revolutionizing the cybersecurity landscape through the integration of artificial intelligence. This initiative seeks to address the Defender’s Dilemma by proactively enhancing security postures in alignment with evolving threats. Reports indicate that out of 70 prospects, 35 have shown interest in Google’s initiative, with an additional 13 expected to follow suit by May of this year.

The post Trending Cyber Attack news headlines on Google appeared first on Cybersecurity Insiders.

The Department of State, in its ongoing efforts to combat cybercrime, has announced a $10 million reward for information leading to the apprehension of ALPHV, also known as the Blackcat Ransomware Gang. This significant bounty underscores the severity of the threat posed by such criminal organizations.

In addition to targeting the leaders of the Blackcat Gang, the Department of State is prepared to offer rewards for information regarding their affiliates, access brokers, and other associates. These rewards are part of the US Transnational Organized Crime Rewards Program, which has disbursed over $135 million since its inception in 1986 to combat various forms of criminal activity, including cybercrime, narcotics trafficking, and child exploitation.

The decision to announce this reward comes in the wake of findings by the FBI linking the Blackcat Gang to more than 60 data breaches worldwide. These breaches involve the theft of sensitive information from servers, which is then encrypted by the hackers until a ransom in cryptocurrency is paid. It is estimated that the gang may have collected as much as $300 million in ransom payments from over 1,000 victims between December 2022 and September of the following year, with projections indicating a potential doubling of these figures in the current year.

Despite the efforts of law enforcement agencies, apprehending such criminals presents significant challenges. Many operate from foreign jurisdictions, utilizing virtual private networks (VPNs) to conceal their online activities. Even when their whereabouts are identified, legal barriers in their home countries often impede extradition efforts.

Russia, for instance, has offered limited cooperation with American cybercrime investigators, with instances of disavowal being more common. Similarly, countries like China, North Korea, and Iran typically refrain from supporting international law enforcement efforts, exacerbating the difficulty of apprehending cybercriminals.

Furthermore, these criminal enterprises not only pose a direct threat through their cyber-attacks but also contribute to the funding of illicit activities, including nuclear proliferation efforts. The example of North Korean leader Kim Jong Un’s regime highlights the intersection of cybercrime and geopolitical instability, underscoring the urgent need for international cooperation in combating this growing threat to global security.

The post US State Department offers $10m reward on leads on ALPHV aka Blackcat ransomware appeared first on Cybersecurity Insiders.

In 2023, the BlackCat, also known as ALPHV ransomware group, achieved remarkable success by nearly accumulating $700 million through the encryption of databases. Among its victims were three Fortune 500 companies, numerous financial institutions, and businesses in the hospitality sector, including MGM Resorts International, Tipalti, MeridianLink, Fidelity National Finance, Air Comm Corp, Fu Yu Corp, and Seiko.

For those seeking effective strategies to intelligently mitigate the risks associated with the BlackCat ransomware, here are key takeaways:

Employee Training: Investing in employee training is crucial for enhancing their ability to defend against phishing attempts and other social engineering threats, which often serve as entry points for file-encrypting malware.

Layered Security Approach: Implementing a comprehensive layered security approach involves deploying network security, application security tools, data encryption at rest and in motion, and endpoint protection in IT environments. This multi-faceted approach helps fortify defenses against such attacks.

Zero Trust Framework: Deploying a zero-trust environment enables organizations to closely monitor every user and device connecting to the network, allowing access only to authenticated users and enhancing overall security.

Network Testing: Regularly conducting penetration tests is vital for detecting anomalies in the network that could be exploited by ALPHV criminals. Identifying vulnerabilities proactively is key to preventing potential breaches.

Incident Response Plan: Establishing an incident response team or, at the very least, having a well-defined plan in place facilitates swift recovery from any cyber incident. This proactive approach minimizes downtime and mitigates financial losses.

Backup and Recovery: Implementing a robust data backup plan that can be activated as needed proves invaluable in the event of an attack, providing a means to restore essential data and systems.

Threat Intelligence: Despite cost-cutting measures in the face of economic challenges, maintaining in-house expertise or having access to a team of forensic experts is crucial. This ensures swift procedural and recovery measures in the aftermath of a cyber-attack, minimizing losses and facilitating a quicker return to normal operations.

The post How to smartly tackle BlackCat Ransomware group appeared first on Cybersecurity Insiders.

It’s widely known that the Ryhsida Ransomware gang successfully infiltrated the servers of Insomniac, a company specializing in X-Men game development, including the Wolverine series co-developed with Sony Inc. The gang stole crucial data files, totaling 1.67 terabytes, and is now asserting its data breach by gradually releasing the information. Despite not receiving the demanded 50 bitcoins or $2 million, the group has opted to release the stolen data in installments by the year-end, indicating a willingness to sell the information to the highest bidder. The FBI is actively monitoring these developments and is in the process of creating a free decryption tool.

In a contrasting scenario, another ransomware gang, BlackCat, faced a setback when the US Department of Justice directed the FBI to seize its dark web-based URL. BlackCat, also known as ALPHV, managed to regain control of its website and is now demanding a minimum of $4.5 million from its 500-plus victims worldwide. The group plans to double the ransom amount as law enforcement agencies intensify their efforts. In response, the FBI, collaborating with US CERT, has instructed developers to create a free decryption tool for the victims by early January 2024.

HCL Technologies, an IT company specializing in software, made headlines as it experienced a business downgrade by Kotak Institutional Equities due to a ransomware attack. The company’s failure to safeguard customer data led to these business challenges. Despite the malware infecting its cloud environment, HCL Technologies has isolated the threat and is implementing measures outlined in its efficient disaster recovery plan to mitigate risks.

Kaspersky, a Russian-based cybersecurity firm, has identified the Akira Ransomware criminals expanding their global impact by targeting Windows and Linux systems worldwide. Notably, the criminal group has extended its reach to MacOS, considered one of the most secure OS environments provided by Apple Inc. During the holiday season, the threat level has escalated significantly, with cybercriminal gangs engaging in double and triple extortion schemes to secure monetary gains.

The post Ransomware news on FBI, BlackCat, and Game plan release appeared first on Cybersecurity Insiders.

In a groundbreaking development in the realm of ransomware, ALPHV, also known as BlackCAT, has taken an unprecedented step by filing a complaint with the Security and Exchange Commission (SEC) against a victim who failed to adhere to the stipulated rule mandating disclosure of a cyber attack within a 4-day timeframe.

The targeted victim in this case is Meridian Link, a trading company specializing in providing tech solutions to financial institutions and banks. BlackCAT’s recent action indicates an alarming escalation in the tactics employed by cybercriminals, as they venture into publicly shaming their victims. Previously, ransomware groups typically resorted to tactics such as encrypting a victim’s database until a ransom was paid. Subsequently, they elevated their extortion methods by stealing sensitive data and issuing threats to release or sell it, applying pressure on the victim. A further tactic involved threatening to damage the victim’s reputation among competitors, partners, or customers. Now, these criminal entities seem to have reached a new low by formally filing a complaint with the SEC against their victim.

The SEC, however, systematically reviews such complaints, scrutinizing the technical aspects while assessing the credibility of the entity filing the complaint. And in this case, the SEC will collaborate with law enforcement agencies to appropriately address the situation.

ALPHV underscored its audacious move by publishing a screenshot of the complaint form submitted on the SEC website in a public Telegram channel.

In response, MeridianLink has acknowledged the authenticity of the data breach news and has expressed its intention to seek assistance from law enforcement in addressing the matter. Nevertheless, the company has yet to disclose specific details about the breach, including the timing of the cyber attack, when it was identified, and the extent of data loss.

The post ALPHV Ransomware gang files SEC Complaint against a victim appeared first on Cybersecurity Insiders.