Category: ransomware

Nowadays, hacking groups are involved in ransomware distribution activities, distributing wiper malware in disguise of ransomware via noted gaming and adult websites. News is out that the websites are fake and developed to impersonate genuine websites without connection with the ongoing malware distribution.

The modus operand is clear, lure the customer into an X-rated website or a gaming URL and pressurize them in clicking fake links that either are in disguise for JPEG images or a high end game.

Intelligence experts from Cyble have confirmed the spread of ransomware through fake adult websites, but are yet to reach to a confirmation regarding gaming portals.

The images that being used are of Britney spears, Kardashian sisters, and some renowned models. Hackers chop down the faces in images of the said celebrities and paste them to actors enacting in adult films. They take a screenshot and start promoting the images as real and downloadable. They are portrayed in such a form that those viewing them will be tempted to click and there starts the big trouble.

A malware in disguise of ransomware drops down immediately. But it is in actual a wiper malware that has the capabilities to destroy data.

The only exception in this crime is that the threat actors offer a 3-day time frame for the victims and demand $300 in bitcoins which is massive, as per the today rate of Bitcoin against the dollar. If the victim urges to buy time, they are given an extension of more than 4 days and with an obligation of paying $600. And as soon as the victim rejects the plea or fails to pay it on time, the downloaded malware starts destroying the data and the process is irreversible.

NOTE- It is hard to identify such campaigns, so the only way to secure your device and network from such attacks is to stay away from notorious websites to stay trouble-free.

 

The post Ransomware being distributed through Gaming and Adult Websites appeared first on Cybersecurity Insiders.

Lloyd’s London, a leading insurance trader in the world, has apparently experienced cyber attack that is currently being deeply probed. The company issued a press statement that it has hired a cyber experts team to investigate the incident and those behind the attack. Because, UK is supporting Ukraine in its war with Russia, the suspicion finger obliviously is pointing towards Kremlin.

Second is the news related to BlackByte Ransomware that recently inducted a special tactic into its attack concept. Security analysts from Sophos have discovered that the said malware variant is now having capabilities to disable 1000 drivers used by multiple endpoint protection solutions and anti-virus products. More details on the attack will be updated shortly.

Third is the news that is yet to be confirmed by related authorities yet! CommonSprint claims to have been hit by a cyber attack that is suspected to be of ransomware variant and the company has pulled down certain systems offline and has hired a forensic expertise to investigate the incident.

The IT Staff and the physicians are doing their best to reduce the impact consequences on patients. Ransomware is a kind of malware that encrypts a database until a ransom is paid. And nowadays, threat actors spreading such file encrypting malware have taken a step ahead by first stealing the data and then locking down the database from access.

CommonSprint which claims to operate over 136 hospitals in 20 states, has assured to reveal more about the incident, as the experts unfold the story on a further note.

Coming to the 4th news, a Canadian man has been sentenced to 20-years of imprisonment for stealing over $21.5 million on behalf of NetWalker Ransomware group. Sebastian Desjardins is the name of the person 35-years old and was extradited to the United States in January this year to face the trial.

Details are in that the said person was arrested by the Canadian law enforcement in Quebec and when his home was searched, the officers found $750,000 in Canadian currency and about 760 BTC now worth $17 million.

 

The post Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.

Well, to a certain extent, yes, say security experts! As it helps in recovering data when any untoward situation arises. However, the data backup must be done technically and must be efficient enough to be help users recover from a cyber incident with minimal downtime and public embarrassment.

Coming to the backup, there is a fundamental rule of following 3-2-1 rule. What it means is that organizations must maintain 3 copies of data out of which one must be the usable one and the other two must be backup copies stored on a different media and a cloud.

Some storage consultants do insist on keeping a copy of data at a different location geographically, as it assists during disaster recovery crisis when the primary site is flooded or experiences a catastrophic disaster.

Such a type of arrangement will also help in recovering information when the primary site is targeted by ransomware groups. However, in such tactics, the recovery is time-consuming and may yield losses to users in different form- mainly when the backed up data is offsite like cloud.

Remember, such offsite backup solutions can only help users in certain situations, like a malware attack. And are equally exposed to air gaps like corruption, errors committed by mis-configurations, improper handling of the media, inside threats and budget issues.

Merely proper planning and proactive-implementation can weed out such troubles and make your storage environment ransomware free.

 

The post Is backup the only solution to block ransomware threats appeared first on Cybersecurity Insiders.

Ferrari, the luxury car maker, was recently hit by a ransomware attack that apparently led to data leak that is now being posted online on an installment basis. On the other hand, the Italian sports car maker has denied any digital attack on its servers and is still investigating on how the sensitive info leaked online.

Corriera Della Sera, an Italian news resource, confirmed the attack and claims to possess evidence that internal data sheets, repair handbooks and some employee data account to 7GB of data was accessed and stolen by hackers, who are now posting them online.

RansomEXX Group has taken claim of hacking the database of Ferrari in between Aug-Sept this year and as the car maker failed to pay the ransom, they are indulging in extortion tactics to pressurize the racing car producer.

NOTE 1- Since the year 2020, RansomEXX has been highly prevalent on the dark web and has mainly targeted companies from the United States and Europe. As its binary is having ‘ ransom.exx” extension, it is being called as RansomEXX and is found to be infecting both Windows and Linux variants.

NOTE 2- FBI and other law enforcement agencies across the world are urging the populace not to pay a ransom, if in case, they are targeted by a file encrypting malware. They are also asking the victims to report the incident to the police agencies so that the criminals behind the attack can be nabbed on time and the transaction that took place in cryptocurrency can be recovered.

NOTE 3- Because of a rise in ransomware attacks, the value of cryptocurrency such as Bitcoins and Monero has doubled and tripled in recent years.

 

The post Ransomware Attack on Ferrari appeared first on Cybersecurity Insiders.

2022 began with successful ransomware attacks against global IT and digital transformation providers, no thanks to the notorious LAPSUS$ ransomware gang. Often, any discussion about ransomware impact has mostly centered on affected organizations. Rightly so, as victimized organizations usually suffer significant disruption to their operations. In 2021, the US Federal Bureau of Investigation received 3,729 […]… Read More

The post Quantifying the Social Impact of Ransomware and ESG Disclosure Implication appeared first on The State of Security.

Cyderes, a Cybersecurity Risk Management firm from Missouri, has discovered that corrupting files are proving cheaper, is faster and is less likely to be detected by security solutions. For this reason, some hacking groups who were into ransomware attacks have set up a separate sect of threat actors who are being assigned the job of target corporate networks and corrupt files.

Security firm Stairwell in collaboration with Cyderes has discovered that ransomware actors are now threatening their victims of destroying files instead of encrypting them until a ransom is paid.

Meaning, all these days we have seen threat actors indulging in the spread of file encrypting malware until a demanded ransom is paid in Bitcoins or other cryptocurrencies. But now, they are indulging in a tactic of copying data from one file to another if their victim cannot pay a ransom.

Technically, it is proving easy and cannot be red-lined by anti-malware solutions, as they cannot term it as a suspicious activity. Another reason for its adoption is the fact that it can be done within a time frame, that can be completed within 1/4th of the time frame observed in encrypting files.

BlackCat ransomware, aka Alphv Ransomware, is seen indulging in such operations and already targeted two companies in South Korea and a company in Ukraine.

It’s unclear whether only a single malware spreading group is indulging in such tactics of direct data destruction or will this transform into a global trend among other ransomware spreading threat actors.

 

The post Corrupting files is easy than spreading Ransomware appeared first on Cybersecurity Insiders.

Can negotiating your firm’s ransomware payment actually be fun? Well, if it’s a game rather than the real thing then yes! The inventive bods at the Financial Times have created an imaginative ransomware negotiation simulator which lets you imagine you’re in the hot seat at a hacked company, trying to stop cybercriminals from releasing sensitive … Continue reading "How to have fun negotiating with a ransomware gang"

According to a Monday Twitter update posted by Uber, Lapsus$ ransomware spreading gang is suspected to be behind the cyber attack on its repositories, email and cloud systems and internal slack communication servers.

Ride sharing app Uber shared those details after quashing the rumors speculated in the New York Times that the attack was conducted by a lone hacker who wanted a humongous share of ransomware to unlock the systems from encryption.

Preliminary analysis conducted by the IT team says that the sophisticated attack could have been caused through a phishing attack launched on the HackerOne account of one of the senior IT employees of the company. And the data breach could have taken place after the credential steal.

Currently, a single hacker, supposed to be an individual, is responding to the queries and is providing screenshots of the compromised details that include data siphoned from AWS and Google Cloud Platform accounts.

Uber released a press statement that no personal information from Uber, Uber Drive, Uber Freight, Uber Eats, and Uber Freight services were leaked in the attack and all the services were running normally.

NOTE 1– HackerOne is a technology related platform that connects businesses with pen testers and security researchers.

NOTE 2- After several arrests of gang members in March 2022, Lapsus$ became somewhat dormant for some time, only to re-emerge itself in the hacking gang with a series of cyber attacks launched in Sept’22 and that includes attack on Uber, Rockstar Games and a re-attack on Brazilian Health Ministry on September 15th of this year, that was technically thwarted successfully by the employees.

 

The post Uber data breach 2022 Update on Lapsus$ Ransomware appeared first on Cybersecurity Insiders.