Category: ransomware

A ransomware gang has begun to publish data on the dark web stolen from Australia's largest health insurer Medibank. Curiously, the hackers have released details of insured customers, sorted into two files bearing the label "naughty-list" and "good-list." Read more in my article on the Hot for Security blog.

Cyber Crime, especially ransomware spread, has reached a stage where tech companies are finding it difficult to stop or at least disrupt it. American Technology giant Microsoft has a similar overview on the ransomware distribution and concludes that it is almost impossible to disrupt ransomware.

Tom Burt, the CVP of Customer Security, Microsoft has come to an above stated conclusion in his Microsoft Annual Digital Defense Report, while appreciating the work of those who assisting taking down REvil.

‘While the law enforcement agencies across the world are trying their best to curb ransomware. But prosecution of those indulging in the malware spread is getting difficult, especially when cyber criminals from cross borders are involved in the crime,’ said Burt.

Although notable success was observed in tacking cyber crime to a large extent last year, efforts to prosecute those behind the attacks were not fruitful, felt by Mr. Tom Burt.

With Ransomware-as-a-service business picking up pace, the trend to witness an increase in cyber attacks, especially those related Triple extortion, is expected to proliferate to many folds.

Information sharing about file encrypting malware attacks, proactive security measures, creating awareness among employees about the current cyber landscape and having data continuity solutions in place might help in mitigating the said cyber threat to a large extent. Simultaneously, not paying a ransom might also help in curbing the crime proliferation to a large extent.

NOTE- FBI is urging victims not to bow down to the demands of ransomware spreading gangs as it not only encourages crime further but also doesn’t guaranty a decryption key for sure.

 

The post Microsoft says it’s not possible to disrupt the ransomware spread appeared first on Cybersecurity Insiders.

A new ransomware named ‘Azov Ransomware’ is found framing cybersecurity researchers as it doesn’t demand any ransom from its victims, instead it is asking them to contact forensic experts from a firm in the vicinity and do as per their instructions.

Though the actions of Azov Ransomware are strange, researchers state that it’s not a big surprise. As someone is trying to frame security personnel from a specific company or some in related field are playing the blame-game.

Bleeping computer that first reported details of the said malware issued an update that the malicious software is operating more of a data wiper than a file encrypting malware. And is being downloaded after the purchase of SmokeLoader dropper.

BTW, SmokeLoader is a kind of software available online and offers software cracks, key generators for operating systems and game piracies.

Now, to those who already seen the conversation threat of Reddit and are visiting this website for more inputs, here’s a clarity. Neither the Bleeping Computer, Hasherazade and MalwareHunterTeam nor Vitali Kremez are in any way connected to the malware or incidents associated to it. Meaning they are being falsely implicated!

Furthermore, as there is no clarity on the hackers or those behind the incident, it can be treated as a data wiper, as recovery is almost impossible.

NOTE- As of now, Azov ransomware spreading criminals are claiming to be indulging in such tactics to support Ukraine. But Bleeping computer claims that the Ukrainian Azov Regiment, working with neo-Nazi ideologies, might be behind the spread of the said data wiping software.

 

The post New ransomware tries to corner cybersecurity researchers appeared first on Cybersecurity Insiders.

According to a finding of Treasury Department Data shared with world renowned news resource CNN, about $1 billion ransomware payments were made across the United States in the year 2021; probably the most ever reported in the history of cyber crime.

Treasury’s Financial Crimes Enforcement Network (FinCEN) report states that most of the crime was committed by Russian hackers or those funded by the Kremlin.

Highlights of the report dole us the fact that the Biden government should think seriously about those spreading ransomware, before the situation deteriorates any further.

Though certain stipulations were formulated by the Biden administration after the May 2021 Colonial Pipeline ransomware attack, nothing much seems to have changed in the fast and sophistication filled spread of various file encrypting malware.

NOTE- FBI and CISA are urging victims not to pay a ransom as it not only encourages crime but also doesn’t guaranty a decryption key for sure.

To contain the crime, Washington will organize an all government meeting by the end of this week to chalk out a plan to contain the free flow of ransom related payments.

Russia and China will stay away from the meeting, while the rest of the world will discuss on how to contain the crime and if necessary will announce a kind of ban on certain cryptocurrencies that are apparently acting as catalysts in perpetuation of the said digital crime.

What do you think? Will crypto ban help in containing the crime?

 

The post About $1 billion ransomware payments made in 2021 in United States appeared first on Cybersecurity Insiders.

Microsoft, the technology giant of America, has linked Clop Ransomware gang’s whereabouts to a corporate network that was previously hit by Raspberry Robin worm. Meaning the said malware is acting as an access point to hackers spreading the said version of file encrypting malware.

First spotted in September 2021, Raspberry Robin was found distributing to networks via USB drives loaded with malicious .LNK File that then used to connect itself to C2C servers and started executing extra infection payloads. Now the infection has spread to over 1000 organizations operating in about 11 countries and is almost perpetuating at a very high rate.

Coming to the second news that is trending on Google and is related to ransomware, Cybersecurity firm Sophos has discovered in a survey that ransomware gangs were targeting firms operating in Manufacturing and Production sector the most.

According to Sophos researchers, the companies operating in the said two sectors were paying appx $2 million on an average to free up data from encryption. As both the sectors occupy a fortunate position in the supply chain, they are being targeted as a sure shot money earning stream.

BlackCat Ransomware aka ALPHV Ransomware is claiming to have a hands-on the information belonging to soldiers of Ecuadorian Joint Command of the Armed Forces. The criminal gang claims to have had access to confidential information of the armed forces and is presently silent on its demand for ransom, and the army spokesperson is yet to release a statement on this note.

Fourth is the news related to the war-torn country Ukraine. In a press release by Ukraine CERT, some phishing emails were doing rounds on their network claiming to be from Armed Forces of Ukraine and cover a subject-line as confidential and important.

But in practical, the email is a phishing mail that acts as a bait to download Cuba Ransomware, also called as RomCom Malware.

A hacking group named ‘Tropical Scorpius’ is seen distributing Cuba Ransomware and has claimed many victims from the start of the war date. Those include organizations operating in legal services profession, manufacturing, transportation, logistics, wholesale, retail, real estate, finance and healthcare along with technology and utilities.

 

The post Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.

Microsoft Threat Intelligence Team has made it official that Vice Society, a hacking group, is behind multiple ransomware attacks that were being targeted at education, government and retail sectors. It was also found in the research that the said group of cyber criminals avoids deployment of ransomware sometimes and carried out extortion with stolen data.

The Windows OS delivering giant claims that the said group of cyber attackers has been code named by its team as Moniker DEV-0832 and has a history of dumping payloads related to quantum locker, Zeppelin, BlackCat and Hive Ransomware.

Another company serving the field of cybersecurity named SEKOIA also observed a similar concept behind the operations of Vice Society and released an update on this note in July 2022. It claims that the said group of hackers do not involve in double extortion tactics and instead focus on deploying ransomware binaries that are being bought the dark web.

Sometimes, the crime group spreads the file encrypting malware through publicly known vulnerabilities and, in most cases, it drops the malware payloads via phishing emails.

Victim names are not being disclosed for reasons, but are related to mostly education sector says report compiled and released by the MS Office software producing tech giant.

NOTE- In case a company falls prey to ransomware, it is better to avoid paying a ransom. As there is no guaranty that the criminals will return the decryption key for sure and there is a high probability that they can strike the same target twice or thrice in a year to mint easy money.

 

The post Vice Society launched multiple ransomware attacks appeared first on Cybersecurity Insiders.

By Rajesh Ram, Chief Strategy Officer at Egnyte

The impact of ransomware attacks on businesses is twofold. Not only do businesses have to grapple with the impact of actual attacks, but they also must continue to prepare for the possibility of additional attacks. While many equate ransomware with encrypted files and potential ransom payments, the consequences go even further in terms of the costs and requirements of an organization.

The Dangers of Ransomware Attacks

An immediate consequence of a ransomware attack is extended downtime. This can severely affect an organization’s operations, with a typical attack resulting in about three weeks of downtime. In particular, businesses that are schedule driven, such as construction, can be extremely impacted.

Ransomware attacks can also damage brand reputation — nowadays, even unsubstantiated claims of an attack will make headlines. What’s more, ransomware is considered a gateway for cyberattacks. Once one attack occurs, bad actors tend to further exploit a company’s vulnerabilities and continue to target the company.

From a budgetary standpoint, ransom payments and cyber insurance premiums have continued to rise over time. Recent research found that 47% of mid-sized organizations experienced premium increases of 76% or more in the past year. Even though this can damage companies of any size, smaller organizations and startups in particular can feel the financial impact.

Best Practices for Prevention

While the easiest way to prevent ransomware is to avoid being a victim in the first place, that’s not a position anyone can guarantee. Still, there are several best practices companies can follow to better protect themselves. Let’s take a look at a couple of ways that organizations can stay one step ahead of an attack.

Organizations should develop a comprehensive incident response plan. A fully developed, flexible incident response plan is one of the best ways for companies to ensure security preparedness. The plan should carefully document security controls and include proactive steps to manage supply chain partner risk. Any incident response plan must be flexible and able to adapt to rapidly-changing circumstances, so it’s important to routinely update processes and incorporate real-time, always-on monitoring of critical data. Cyber attacks are evolving so rapidly that present defense methodologies may be obsolete as soon as 2023, which is why routine updating is so important.

Along with a well-designed plan, organizations need internal safeguards in place. While it may seem overly cautious to some, organizations must assume that everyone is a potential insider threat. In 2021, an average of 3.98+ million people voluntarily left their jobs per month in the U.S. Before resigning, employees have access to their company’s sensitive data, which, if in the wrong hands, could easily be taken to a business competitor or provided to users who don’t have legitimate access to the data in the first place. Additionally, new employees might not know all of the organization’s procedures and policies and will take time to fully get up to speed. Therefore, they are more likely to create an unintentional risk for the organization.

Organizations can protect themselves against insider threats by leveraging technology that analyzes unusual behavior around sensitive data (e.g., customer lists, product release plans, and financial records), especially when users download a higher volume of files than normal. This way, IT teams can be alerted about potentially malicious activity and take action as soon as possible.

Furthermore, cybersecurity training must be an ongoing initiative for all companies, instead of annual refresher courses. Organizations should ideally train employees right after hiring, followed by shorter, targeted training modules every quarter. All employees should also be encouraged to “say something if they see something” when it comes to unexpected password or network access alerts, apparent phishing emails, and other suspicious activity. In order to combat outside attacks, an organization needs its internal workforce engaged, trained, and on alert to defend against the many directions from which an attack may strike.

If safeguards are developed properly and employees are thoroughly trained, this will help engender a culture of vigilance, where everyone does their part to keep the company’s data secure. Even the most advanced program will fail if the community isn’t engaged and involved. In light of more frequent, impactful ransomware attacks, defense strategies that include preparedness and widespread company cybersecurity training can go a long way.

The post How to Protect Against the Costly Impacts of Ransomware appeared first on Cybersecurity Insiders.

By Tom Neclerio, Vice President of Professional Services at SilverSky

Cyberattacks are rapidly overwhelming the healthcare sector. Both large and small healthcare providers continue to be a tantalizing target for repeated ransomware attacks due to limited security budgets that lead to an overall weakened cyber defense system. Hospitals are also often among the first types of organizations to pay-off ransomware attacks in order to retrieve their stolen data and limit the disturbances to daily operations and patient care. The industry houses valuable patient data in abundance, and cybercriminals have become skilled at using powerful hacking tools to launch more weaponized and severe ransomware attacks against providers.

According to a recent IBM report, breaches now come with a record-high price tag of $10.1 million on average, leaving behind potentially disruptive damage as the industry struggles to mitigate associated costs. The U.S. Department of Health and Human Services HHS Breach Portal states that since the beginning of 2022, there have been at least 368 breaches affecting over 25.1 million patients.  More than half of the breaches started with the network servers being compromised either through email phishing, malware or privileged credential misuse.

With ransomware-as-a-service (RaaS) hackers like Conti, Hive and LockBit narrowing their focus from larger healthcare systems to smaller hospitals and specialty clinics, it is becoming easier than ever to retrieve the data and use it for launching various fraud and identity theft schemes. For many of these hospitals and rural clinics, insufficient security measures dramatically escalate the risk of an attack. Once infected, healthcare workers are often prevented from accessing critical hospital systems with no access to medical records or patient data that results in a backlog of work and compromised patient care.

Implement Threat Awareness Training

A solid cybersecurity posture is only as strong as its policies, backups and disaster plans. The first line of defense against ransomware involves simply educating employees through ongoing programs that keep awareness fresh and top of mind. Phishing is the most formidable social engineering tactic that cybercriminals use to persuade employees to disclose sensitive information, whether it be clicking a suspicious link, downloading an attachment or visiting a malicious website – not to mention simply providing credential information outright. Healthcare workers are often overworked and particularly susceptible to messages that possess a sense of urgency and crisis. Not only can these mistakes cost millions in lost revenue and ransomware payments, it can wreak havoc on operational systems. By making sure employees are aware of common attack vectors, what a ransomware attack is, and how to report suspicious activity, CISO’s can ensure there is always a first line of defense against hacking attempts.

Complete A Compromise Assessment of Your Environment 

Taking a thoughtful, risk-based security approach is one of the easiest ways to combat budget restraints. To start, take a comprehensive assessment of the security risks in your environment. Next, IT teams and their CISO’s should conduct tests to identify top vulnerabilities and evaluate all key assets. From there, decisions can be made on how to accurately respond to each risk, either through termination and 24x7x365 monitoring. Often, the result of coding errors, software flaws and misconfigurations present prime opportunities for cybercriminals to easily gain unauthorized access to information systems. Finding and proactively remediating these risks can represent a significant time investment for both internal IT teams and security resources.

However, costs can be kept low through the hiring of affordable market providers such as a Managed Detection and Response (MDR) provider. By hiring a proven security partner, hospitals can outsource the management and monitoring of security systems that include antivirus protection, intrusion, vulnerability scanning, detection and managed firewall services. Security providers also help the hospital or clinic to meet HIPAA requirements that ensure patients, clinicians and devices are secured from both internal and external threats like social engineering, data destruction or targeted cyber attacks. In the midst of a growing cybersecurity talent shortage, the presence of a security provider can also help lessen the number of operational staff that hospitals need to attract, train and retain.

Develop Incident Response Plans, Recover and Assess

A quick response to a detected threat is key to mitigating the damage. Because hospitals and clinics provide emergency care, having their assets compromised by a ransomware attack could be catastrophic for daily operations. Having an incident response plan in place allows the organization to map out and practice its response steps before being placed under severe, unexpected pressure. It is also essential for IT teams to implement disaster recovery plans that require routine and testing of cybersecurity programs to ensure reliability, and that anti-virus and anti-malware is continuously enabled and updated regularly.

Regular backups and multi-factor authentication should also be consistently enforced for all accounts. Doing so will also provide much-needed confidence for employees, CISO’s and security teams during an actual breach. Striving for operational excellence is essential to improving the efficiency and efficacy of security processes so that every office can run as smoothly as possible. Establishing a cost-effective cybersecurity defense and training system for clinics and hospitals can provide each institution with the strongest safeguards against future attacks.

Tom Neclerio  is a former healthcare CISO and currently serves as the Vice President of Professional Services SilverSky.

The post Cost-Effective Steps the Healthcare Industry Can Take To Mitigate Damaging Ransomware Attacks appeared first on Cybersecurity Insiders.