Category: ransomware

George Kurtz, the CEO of Crowd-Strike, has proposed a strategy for leveraging Artificial Intelligence (AI) to combat ransomware attacks. During an interview with CNBC’s Jim Cramer, Kurtz emphasized that AI could play a crucial role in identifying novel ransomware variants developed for the first time.

Despite the potential benefits of using AI for cybersecurity, Kurtz acknowledged that hackers are also harnessing this technology to create sophisticated tools, such as the recent emergence of FraudGPT. This malicious online tool has gained prominence in the realm of DarkAI, showcasing the dual-edge nature of technological advancements.

Kurtz stressed the importance of preventive measures, asserting that early identification of threats could safeguard the global community from online vulnerabilities. He reiterated the adage that prevention is better than cure, emphasizing the proactive role AI can play in fortifying digital defenses.

Elon Musk, CEO of Tesla and SpaceX, previously issued warnings about the potential risks of AI in both February and September of this year. Musk expressed concerns about AI posing a threat to humanity, particularly with the rise of deepfakes on social media, contributing to the spread of hatred and misinformation.

Microsoft CEO Satya Nadella echoed similar sentiments, acknowledging the potential threats posed by AI but emphasizing that the real danger arises when this technology falls into the wrong hands.

Meanwhile, cyber-criminal groups specializing in ransomware are utilizing AI tools to develop malware with not only data-encrypting capabilities but also the potential to wipe entire servers if deemed necessary for their criminal activities.

The question arises: should the development of Artificial Intelligence be halted or paused? It’s a complex dilemma, as innovation is essential for propelling humanity into the future. Fears about the future should not hinder present progress, though cautious considerations are necessary to strive for a more secure future, albeit to a certain extent.

The post CrowdStrike CEO suggests to use AI to curb ransomware spread appeared first on Cybersecurity Insiders.

The Allen & Overy law firm, currently engaged in a Merger and Acquisition deal with Shearman & Sterling, has fallen prey to the LockBit ransomware group, a notorious faction known for spreading file-encrypting malware. Despite assurances from trade analysts that the cyber attack has not impacted the firm’s operations or data access, concerns linger regarding whether the criminal group pilfered critical data or sensitive archives.

Information sourced from a Telegram channel reveals that the LockBit gang has set a deadline of November 30, 2023. Post this date, they intend to release data on the dark web for sale. The impending threat prompts questions about how the law firm plans to navigate this situation. While specifics remain unclear, sources indicate that the business has taken proactive measures to mitigate risks. It has also engaged with law enforcement and security experts to strategize the best course of action.

Typically, LockBit monetizes such information on the dark web. However, when law firms fall victim, these criminal groups often aim to tarnish the company’s online image, impacting relationships with customers, partners, and competitors.

In response to the escalating threat landscape, the law enforcement faces persistent challenges. Groups like BlackCat and the now-defunct Hive continue to evolve, employing new levels of sophistication and innovation.

A notable development in 2023 involves these cybercriminals taking legal action against victimized firms. One case involved filing with the SEC against a targeted firm that allegedly failed to notify its customers and employees about a potential cyber attack within a mandated four-day timeframe.

The post Ransomware attack on Law Firm can halt its M&A appeared first on Cybersecurity Insiders.

Numerous hospitals affiliated with Ardent Health Services have fallen victim to a ransomware variant, forcing patients and staff to reschedule appointments or redirect those in need to alternative medical facilities. The affected healthcare institutions include Hillcrest Healthcare Systems in Oklahoma, Lovelace Health System in Mexico, and UT Health in Texas.

Adding to the growing list of impacted medical centers are Hackensack Meridian Mountainside Medical Center and Pascack Valley Medical Center, currently grappling with a network outage resulting from a malicious malware attack.

According to the latest update from the United States Computer Emergency Readiness Team (US-CERT), the cyber-attack occurred on November 22, 2023, just before Thanksgiving. Initial estimates suggest that the infiltration may have taken place around November 20, 2023.

Interestingly, cybercriminals have expanded their reach beyond the United States, affecting healthcare networks in Canada. A recent incident involved diverting an emergency case across the U.S. border due to a server outage in Ontario, causing disruptions and emergency diversions.

In response to these cyber threats, Europol, in collaboration with law enforcement agencies from various countries, initiated a sting operation resulting in the arrest of six individuals responsible for victimizing more than 1800 people globally.

Ukraine Cyber Police, in coordination with Europol, conducted a search operation targeting two criminals utilizing tools associated with LockerGaga and Mega Cortex Ransomware. Unfortunately, as law enforcement focuses on dismantling one cybercriminal organization, others quickly emerge. The complexity and sophistication of cyber-crimes seem to present an ongoing challenge, unlike traditional crimes where cessation of demand can lead to effective prevention.

The post Ardent Health Services hit by ransomware appeared first on Cybersecurity Insiders.

Sabre Insurance, a London-based company specializing in motor insurance services, fell victim to a ransomware attack that resulted in a breach of information and data theft by hackers. Although the company asserts that the accessed information was non-critical and related to archival data, IT experts have been mobilized to conduct a thorough investigation into the incident. Initial findings indicate that the compromise originated at the IT management company providing technological services to the insurance business.

The prime suspects behind the attack are believed to be either the LockBit Ransomware group or the BlackCat, also known as the ALPHV gang. However, concrete evidence linking them to the incident is yet to be recovered.

In a separate incident, Fidelity National Finance (FNF), a Fortune 500 business, reported to the SEC that it had fallen prey to a cyber attack, seemingly involving a variant of ransomware. The company disclosed that certain data systems were compromised, leading to disruptions in applications and downtime.

Typically, in a ransomware attack, hackers encrypt server data and demand a ransom for its release, mirroring the situation with FNF. The common thread between these incidents is the utilization of file-encrypting malware as the primary means of compromise. Addressing this growing threat may require concerted global efforts against nations and governments supporting these criminal activities. Until such measures are taken, the spread of malware may persist unabated.

Law enforcement agencies can respond to instances of ransomware, but their ability to preemptively thwart the intentions of cybercriminals remains limited. As these incidents underscore the need for enhanced cybersecurity measures, businesses and governments alike must collaborate on proactive strategies to counter the evolving tactics of malicious actors in the digital realm.

The post Two Insurance companies come under the influence of Ransomware Attacks appeared first on Cybersecurity Insiders.

Who gets to decide who should be CEO of OpenAI? ChatGPT or the board? Plus a ransomware gang goes a step further than most, reporting one of its own data breaches to the US Securities and Exchange Commission. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Last month, the British Library Computer Network fell victim to a ransomware attack, purportedly carried out by the Rhysida Ransomware, a newly identified malware variant. The perpetrators are now demanding a ransom of 20 bitcoins to decrypt the compromised database and return the stolen data.

Despite the ransom demand, the British Library staff has opted not to comply and has enlisted the assistance of law enforcement and forensic experts to navigate the situation. The decision is rooted in the cautionary advice provided by the US-CERT, in collaboration with the FBI, which highlights the uncertainty surrounding the hackers’ commitment to returning the data even if the ransom is paid. Additionally, there is a significant risk that the stolen information might be released on the dark web in the future.

While the London research library has not issued an official statement on the matter, a credible source from the National Library of the United Kingdom suggests that the HR database may have been compromised. This could potentially expose details related to salaries, pay raises, and certain staff information.

The cyber attack occurred on October 28, 2023, and the assailants have given the library management a 7-day grace period to meet their ransom demands, following a 15-day window since the initial breach. Failure to comply within this timeframe may result in serious consequences for the library staff.

It’s worth noting that a recent incident involving the ransomware group ALPHV, also known as BlackCat, saw the group filing a complaint with the SEC against Meridian Link. The complaint alleges that Meridian Link failed to promptly inform its customers about a cyber attack within a prescribed 4-day timeframe.

The post Rhysida Ransomware demands 20 BTC from British Library appeared first on Cybersecurity Insiders.

A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days.

This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs are now going through the data, looking for particularly important or embarrassing pieces of data to threaten executives with exposing. I have heard stories of executives’ families being threatened, of consensual porn being identified (people regularly mix work and personal email) and exposed, and of victims’ customers and partners being directly contacted. Ransoms are in the millions, and gangs do their best to ensure that the pressure to pay is intense.

As per an advisory from the FBI and US-CISA, a forthcoming ransomware variant is set to enter the cybersecurity landscape, marking itself as a rebrand or offshoot of the Royal Ransomware gang, notorious for purportedly amassing around $275 million in 2022.

This marks the fourth malware iteration linked to the Royal Ransomware lineage, joining the ranks of Blackmatter (a derivative of Darkside ransomware), Hunters International (formerly known as Hive), and NoEscape (previously identified as Avaddon).

Evidently, law enforcement agencies have intensified their efforts against the Royal Ransomware variant, prompting the criminal group to opt for a rebranding strategy to sustain its operations within the dark web.

Over the past few months, US law enforcement, in collaboration with Interpol and global police agencies, has been diligently working to thwart the activities of cybercriminal organizations. Their endeavors involve tracing operational hubs, seizing assets, conducting investigations, and scrutinizing the motivations of these groups and the governments potentially backing them. Notably, many of these criminal entities have been linked to Russia or North Korea, while others have ties to countries such as Iran and China.

Despite concerted governmental efforts to eradicate these online threats, cybercriminal groups continue to proliferate, showcasing increased levels of sophistication.

A common strategy to combat such threats is to refrain from paying ransoms and instead recover data from secure backups. However, challenges arise with double extortion tactics, where hackers not only steal data but also threaten to release or sell it on the dark web.

Encrypting stored data serves as a preventive measure, making it inaccessible to data thieves even if the information is compromised. Reporting such incidents to law enforcement is crucial, as these agencies possess the expertise to track and promptly prosecute cybercriminals, effectively dismantling their infrastructure.

Alternatively, succumbing to hackers’ demands and paying a ransom becomes an option, albeit a risky one. There’s no guarantee that hackers will provide a decryption key or delete stolen data from their servers after receiving payment. Vigilance, preventive measures, and collaboration with law enforcement remain essential components of a robust defense against the evolving landscape of cyber threats.

The post Blacksuit Ransomware linked to Royal Ransomware appeared first on Cybersecurity Insiders.