Category: ransomware

It’s widely known that the Ryhsida Ransomware gang successfully infiltrated the servers of Insomniac, a company specializing in X-Men game development, including the Wolverine series co-developed with Sony Inc. The gang stole crucial data files, totaling 1.67 terabytes, and is now asserting its data breach by gradually releasing the information. Despite not receiving the demanded 50 bitcoins or $2 million, the group has opted to release the stolen data in installments by the year-end, indicating a willingness to sell the information to the highest bidder. The FBI is actively monitoring these developments and is in the process of creating a free decryption tool.

In a contrasting scenario, another ransomware gang, BlackCat, faced a setback when the US Department of Justice directed the FBI to seize its dark web-based URL. BlackCat, also known as ALPHV, managed to regain control of its website and is now demanding a minimum of $4.5 million from its 500-plus victims worldwide. The group plans to double the ransom amount as law enforcement agencies intensify their efforts. In response, the FBI, collaborating with US CERT, has instructed developers to create a free decryption tool for the victims by early January 2024.

HCL Technologies, an IT company specializing in software, made headlines as it experienced a business downgrade by Kotak Institutional Equities due to a ransomware attack. The company’s failure to safeguard customer data led to these business challenges. Despite the malware infecting its cloud environment, HCL Technologies has isolated the threat and is implementing measures outlined in its efficient disaster recovery plan to mitigate risks.

Kaspersky, a Russian-based cybersecurity firm, has identified the Akira Ransomware criminals expanding their global impact by targeting Windows and Linux systems worldwide. Notably, the criminal group has extended its reach to MacOS, considered one of the most secure OS environments provided by Apple Inc. During the holiday season, the threat level has escalated significantly, with cybercriminal gangs engaging in double and triple extortion schemes to secure monetary gains.

The post Ransomware news on FBI, BlackCat, and Game plan release appeared first on Cybersecurity Insiders.

The United Kingdom government is teetering on the brink of a potential catastrophic ransomware attack, according to the Joint Committee on the National Security Strategy (JCNSS). Interestingly, the JCNSS’s report suggests that Home Secretary Suella Braverman has shown minimal interest in engaging with Rishi Sunak on this critical matter.

The Home Office, however, emphasizes a focus on small boats and illegal immigration, diverting attention from the pressing issue of cybersecurity and the need to mitigate ransomware threats.

Recognizing the urgency of the situation, there is a call to delegate more powers to the Deputy Prime Minister and empower the Cabinet Office to make independent decisions regarding ransomware threats in consultation with the National Cyber Security Centre, the cyber arm of GCHQ.

Dame Margaret Beckett, the leader of JCNSS, supports the report’s assertions, highlighting that despite being the most targeted nation for cyber-attacks, the British government is failing to meet international standards in countering state-funded cyber threats.

The UK is now at risk of succumbing to a catastrophic ransomware attack unless swift action is taken. A Counter Ransomware Initiative becomes imperative, especially as the digital realm braces for a potential third-world war, with escalating tensions between Russia and the West.

It is worth noting that in 2017, the WannaCry Ransomware attack targeted the UK’s NHS, disrupting over 37,000 computers in the network and causing a health system catastrophe. Emergency services were either halted or diverted to alternative networks, underscoring the severity and immediate need for a comprehensive cybersecurity strategy.

The post Catastrophic Ransomware cyber threat looming on UK appeared first on Cybersecurity Insiders.

Sony has initiated an inquiry into a security breach affecting its game developer division, ‘Insomniac Games.’ The investigation has confirmed that the incident resulted in the unauthorized access and leakage of employee information, as well as details related to upcoming game designs and coding. Among the victims is Yuri, the voice behind the character Peter Parker in Spider-Man 2, whose Passport details were compromised.

The full extent of the situation is still under examination, as the severity of the breach is yet to be determined. The responsible criminal group, known as Rhysida, has further substantiated their claims by releasing a screenshot of the upcoming Wolverine Game.

This isn’t the first time Sony Entertainment has been targeted; a similar attack occurred in May of this year, primarily exploiting a vulnerability in MoveIT software.

Recognizing the gravity of the cyber threat, the US Department of Justice, in collaboration with the Cybersecurity and Infrastructure department, issued an alert to all government organizations. The advisory recommends reinforcing security infrastructure through the implementation of Multi-Factor Authentication and raising awareness among employees about the current cyber threat landscape.

Meanwhile, the Rhysida Ransomware group has issued a 7-day ultimatum to Insomniac staff. Failure to pay the ransom of BTC 50 within the specified timeframe will result in the public release or sale of all stolen data on the dark web.

Interestingly, the criminals have assured that upon successful payment recovery, all stolen data will be promptly deleted from their servers. They have also added a peculiar note, stating that potential bidders for the data will be served with a one-time transaction, with no subsequent resale of the information permitted….pure business ethics…ahh!

The post Rhysida Ransomware targets Sony Insomniac appeared first on Cybersecurity Insiders.

Microsoft is actively engaged in the development of a glass-based data storage medium slated for integration into its data centers that facilitate Azure Cloud services. This innovative ceramics-based storage solution is specifically designed for archival purposes and is touted to be impervious to ransomware attacks. In contrast to conventional SSD and Hard Disk drives, this technology is resistant to infiltration by cybercriminals seeking to deploy file-encrypting malware.

The Windows OS giant showcased its advancements in a 16-page white paper during the 29th ACM Symposium, drawing considerable attention from the tech community. Referred to as ‘Cerabyte,’ this new technology utilizes quartz glass as its foundation for information storage, presenting itself as a virtually eternal storage solution with the remarkable capability to store 1TB of information in just 1 square centimeter.

Cerabyte consists of square glass platters, and the process involves the use of high-speed Femtosecond lasers to inscribe information across the surface. These platters are then vertically stacked using a distinct procedure. Polarized microscopic technology is applied to image the platter in Z patterns, and an AI tool processes and decodes the information into analog signals, seamlessly converting between digital and analog data.

Microsoft asserts that this ransomware-resistant medium holds great potential for application in critical sectors such as healthcare, finance, and research, making cloud data centers more resilient against malware attacks.

It’s crucial to note that while this technology is still in the early stages of development and requires significant research and development efforts to become practical, the use of quartz glass, AI tools for data encoding and decoding, and related technologies may pose economic challenges. As of now, tape storage remains a more economically viable option for archival needs.

The post Microsoft to offer glass based storage tech that is ransomware proof appeared first on Cybersecurity Insiders.

Microsoft, the prominent American technology giant, has issued a cautionary alert regarding the proliferation of Cactus ransomware attacks disguised as the Danabot malvertising campaign. The primary goal of this malicious activity is to pilfer sensitive information, including credentials, or serve as a conduit for injecting additional harmful payloads.

The hacking group identified as Storm 0216 (UNC2198/Twisted Spider), previously associated with the dissemination of Qakbot malware, has now been identified as participating in the propagation of the DanaBot Trojan, ultimately leading to the deployment of Cactus Ransomware.

In November of this year, DanaBot was detected infecting online users in Australia and Poland and has since expanded its reach to Italy and neighboring nations, according to research conducted by Cybaze ZLab.

Interestingly, the revelation of DanaBOT aligns with the discovery by security researchers that another cybercriminal group, Artic Wolf, is spreading Cactus ransomware by exploiting a critical vulnerability in the Qlik Business Analytics platform, widely utilized in the corporate realm.

The Microsoft Threat Intelligence teams are actively monitoring cyber threats and their impact on end-users, particularly those using the Windows 11 operating system.

Meanwhile, the Cactus criminals have been operating in the shadows since March 2023, demonstrating a proficiency in exploiting vulnerabilities in VPN appliances. Once infiltrating a connected network, the malware adeptly transforms itself to elude detection by threat monitoring solutions. Unlike some of its counterparts like LockBit, Cactus ransomware typically demands a ransom amount ranging from $1 million to $3 million, rather than reaching into the double-digit millions.

The post Microsoft issues alert on Cactus Ransomware spreading through DanaBOT Ransomware appeared first on Cybersecurity Insiders.

1.) A cloud computing firm named ‘Trellance‘ recently fell victim to hackers spreading ransomware, causing disruptions and outages for approximately 60 credit unions in the United States. The National Credit Union Administration (NCUA), responsible for overseeing technology related to federal credit unions, confirmed the incident. NCUA assured the public that systems would be restored within the next few days. The impacted insurer’s union’s response to paying a ransom remains uncertain. However, reports suggest that the targeted technology provider, Trellance, has a robust business continuity plan in place, indicating a resistance to yielding to the cybercriminals’ demands. Interestingly, this cyber attack coincided with a file-encrypting malware assault on the water authority in Pennsylvania.

2.) The notorious BlackCat Ransomware gang, also known as ALPHV, has shared screenshots on the dark web showcasing stolen data from platforms such as Tipalti, Roblox, and Twitch. This revelation confirms the successful infiltration of data servers belonging to these companies. The cybercriminals, who breached the servers in September, managed to remain undetected for an extended period. Initial assessments suggest that the criminals exfiltrated a combined total of approximately 256 GB of data, including information about employees and customers from an accounting software firm, a gaming platform, and a video streaming service. ALPHV, known for employing phishing and other social engineering tactics, likely used similar methods to compromise the networks of Roblox, Tipalti, and Twitch.

3.) A recently identified ransomware group, named Qilin, has been discovered infecting VMware ESXi servers with encryptors. Security analysts believe that Qilin may have connections to the Babuk source code. According to the MalwareHunterTeam, the Linux ELF64 has the capability to infect virtual machines and swiftly erase snapshots after encryption. Sophos’ security analysts found that Qilin initially existed as ‘Agenda Ransomware’ before August 2022. For unknown reasons, the developers behind this malware rebranded it as Qilin and commenced its propagation in September of the same year.

The post Ransomware news currently trending on Google appeared first on Cybersecurity Insiders.

Japan Aerospace Exploration Agency, commonly referred to as JAXA, recently fell victim to a cyber attack believed to be a ransomware variant. While an official confirmation on the nature of the cyber incident has been issued, specific details regarding the ransomware remain under investigation.

According to a source within JAXA, it is suspected that the system may have been compromised during the summer of this year. The breach, however, was only detected during routine IT audits, highlighting the sophisticated nature of the attack.

Reports from Yomiuri Shimbun, a prominent Japanese newspaper, suggest that the security breach might have occurred through the exploitation of vulnerabilities in the Active Directory Servers. Additionally, credentials may have been illicitly obtained through phishing or other means, as clarified by the newspaper.

This cyber attack on JAXA bears resemblance to a large-scale incident that unfolded in 2016 and 2017. Subsequent investigations by the government revealed the involvement of the Chinese People’s Liberation Army, leading to the indictment of a member linked to the Communist Party of China.

In response to the recent incident, JAXA has promptly notified law enforcement and government officials. As a precautionary measure, the agency has taken steps to contain the potential repercussions by temporarily shutting down its intranet services.

In the context of geopolitical tensions in Asia, neighboring nations often find themselves entangled in border conflicts. The strained relations between China and Japan, influenced by various catalysts, contribute to the heightened concerns regarding cyber attacks.

The year 2023 has seen a surge in cyber threats targeting Japanese companies. Notably, entities such as Seiko, Yamaha, Casio, and EISAI, a major trading port in Japan, have also faced cyber intrusions, raising alarm bells across various sectors.

The post Japan Aerospace Agency hit by ransomware attacks appeared first on Cybersecurity Insiders.