Ransomware attacks continue to plague organizations globally regardless of their size. In a press release by the NCC group that preceded the Annual Threat Monitor Report 2021 published for the year 2021, there were an estimated 2,690 ransomware attacks, a 92.7% increase from 2020s figures of 1,389. The increase of ransomware attacks builds upon the […]… Read More
The post Defense in Depth to minimize the impact of ransomware attacks appeared first on The State of Security.
A Ransomware called BazarCall seems to target Insurance agents and clients and so Insurance specialist CFC has issued a warning to the companies into similar business and operating across the globe to step-up their defense-line against malware attacks, by proactively taking adequate measures.
BazarCall has a peculiar habit of infecting its victims. As usual, it is being distributed by phishing emails, but tricks the victim into calling a call centre, instead of clicking on a malicious link.
And as soon as the victim calls up the phone-line, they somehow lure the victim into downloading malicious software.
From then on, the hackers carry out spreading the infection into the network of the victim and use various tools to remain undetected on the network.
According to Tom Bennett, the in-charge of the Threat Analysis team of CFC, BazarCall accounted for over 10% of malware incidents on insurance companies and the percentage might increase as some of such cyber incidents go unreported.
CFC is a London based Insurance Company that offers free malware removal to all of its customers at zero cost. It has also responded to calls of its victimized clients down with BazarCall Ransomware and assisted them to remove the malware and recover their precious data through backups.
The post BazarCall Ransomware warning to all insurance firms appeared first on Cybersecurity Insiders.
FBI and CISA have been repeatedly urging companies to stop paying ransom, as it not only encourages crime but also doesn’t guarantee a decryption key. However, in some situations, when we fall prey to cyber criminals spreading file encrypting malware, the only option left will be to bow down to the demands of hackers. This is where the below mentioned tips might help in recovering from an incident safely, with no much media fuss!
Keep aside your emotions and negotiate with hackers. As soon as we discover hackers have targeted our database, we witness a burst of emotions in our mind. However, the time is not to feel so and instead keep the emotions aside and deal with a situation similar to that of a business transaction. Talk politely, negotiate with them on amount and never betray them, as it can backfire.
Say you cannot afford the ransom- Criminals will put forth a hefty sum as ransom for a decryption key. But security experts always urge victims to plead with the hackers for ransomware payment. One can also consider the first demand as a starting price and put forward a request of half the amount as ransom. Going forward, you can gradually increase the amount as the communication with hackers matures a bit. Offering a small token amount as an initial deposit will also make the victim win the trust of hackers.
Pleading for time- Usually, those spreading ransomware ask for a ransom within a stipulated time frame of 2 to 6 days. But if the victim pleads with them for more time, they can budge depending on the trust they have in the victim. So, asking for more time at this juncture makes more sense, as it gives us enough time to plan for the future.
Ask for any proof of data steal- In most cases, hackers first steal data and then encrypt the database of the victim. And if the victim asks for a data claim, they can show the stolen information as proof to prove that the server has been compromised in real.
Seeking professional help like hiring a cybersecurity professional to come out of the situation also helps. As a professional negotiator can make the criminals understand your current financial circumstances and may help in striking an excellent deal.
Do not betray- Never turn your back on a deal made with hackers as they can launch double or triple attacks on the same target and evidence is out that they try to gain access into the database through a vulnerability or configuration error previously known to them. A hacker doesn’t have much to lose if the deal breaks. But a victim’s image in the business field can be tarnished easily and customers can sue him, once the hacking information leaks out to the public.
Conclusion
The idea in negotiating a ransomware payment is to cut down the demand of the hacker to half, but not to outsmart them. Keeping up an efficient back-up of data on hand will also act as an efficient disaster recovery plan.
The post Tips to negotiate ransom payment in Ransomware Attacks appeared first on Cybersecurity Insiders.
1. A Financial service offering company to healthcare industry has admitted that a ransomware attack on its data firm could have led to a data breach affecting over 600 healthcare establishments. The firm that is being discussed is Professional Finance Company Inc (PFC) and was founded in the year 1904 and allows customers of various government organizations, utility firms and healthcare to pay their bills on time.
It started notifying its customers on May 5th about the data breach and accepted the fact that hackers stole some personal info from their business servers and then encrypted the systems.
Information is out that cyber criminals stole details such as names, addresses, account balances and details related to payments. There is a high probability that some files related to DOBs, social security numbers, and health insurance data were also compromised in the incident.
2.The second news is related to BlackCat Ransomware, which has doubled up its ransom demand in recent times. But the good news is that the hacking group is happy to decrease the ransom payment if the victim pays them on time and that too within a time frame of 5-7 days.
BlackCat, also known as ‘AlphaV’, ‘AlphaVM’ and ‘AlphV’ is said to have gained large from its victims such as Italian Fashion house Moncler and a European Port in February this year.
3.Third is the news related to ransomware that is being spread through fraudulent Microsoft and Google software updates. Threat actors are becoming sophisticated and their latest deeds prove as a good example; as they are using fake MS and Google software updates to induce malware into targets.
From June this year, the criminals are spreading fake updates as HavanaCrypt.
Previously, in May this year, a new ransomware dubbed as ‘Magniber’ was seen circulating on the web in disguise of Windows 10 updates.
Early this year, security researchers from Malwarebytes discovered Magnitude Exploit Kit being circulated as a fake update to Microsoft Edge.
It is wise to download software from reliable sources or turn on the automated update feature, so that the software receives patches on a regular note and that too from genuine resources.
The post Ransomware news trending on Google appeared first on Cybersecurity Insiders.
France-based virtual mobile operator ‘La Poste Mobile’ has made a public announcement through its website admitting to have become a victim to ransomware attack. And preliminary inquiries state that the attack could be of LockBit variant that targeted the systems on July 4th of this year.
As of now, news is out that the file encrypting malware attack only affected the systems related to administration and management and did not affect the customer-base.
However, the French telecom operator is urging its customers to be vigilant of any suspicious activity taking place with/in their accounts is providing a dedicated customer care centre to notify any discrepancies.
Present, the IT staff are busy in analyzing the cyber event and assured that they have a disaster recovery plan in place to mitigate risks associated with the attack.
LockBit Ransomware group is habituated to mint millions from its customers in cryptocurrency and also offers a channel to negotiate the ransom through its customer care.
La Poste Mobile has also mentioned that it is going to temporarily suspend its website services and it could only resume the services after a detailed investigation gets concluded.
Note 1- Ransomware gangs usually follow the procedure of stealing data from their victims before locking their database with encryption. And if the victim cannot pay ransom in time, they sell that data on the dark web for profits.
Note 2- So, in this incident of Ransomware attack on La Poste Mobile, the same can be expected.
The post France Virtual Mobile Operator La Poste Mobile targeted by ransomware attack appeared first on Cybersecurity Insiders.
For the past two years, law firms have been advising all approaching clients to pay the demanded ransom to hackers to free up their data from encryption. They are also offering a guesstimate to the clients that paying a ransom in the event of ransomware attacks will turn cheaper than what they will incur in recovering data by other means.
Putting an end to all such advisory, United Kingdom’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) have issued a strong warning to professionals in the legal stream to stop advising their clients on bowing down to the demands of the cybercriminals.
Issuing a letter to the law society, NCSC clarified such practices will witness a rise in crime and don’t give a guarantee for the return of the decryption key. Criminal groups that are into the distribution of ransomware are found targeting the same victims twice or thrice a year, as they see them as money vending machines that can be used.
The law society reacted to the news politely and reminded its members not to involve in inaccurate practices that can put their clients at extreme risks.
John Edwards, the Information Commissioner, confirmed the news and added that he was glad to see the outright support offered by the legal society on the issue.
According to a survey conducted by Sophos, cybercrime costing billions for firms operating in the UK in the past 5 years.
Strict vigilance, educating employees to follow strict cyber hygiene, and keeping the software and hardware up to date might help in keeping the threat lurking in the current cyber landscape at bay.
NOTE- In November 2019, the Federal Bureau of Investigation issued a warning to all companies across the world to stop paying ransomware gangs. It later issued a notification to act wisely and pay the criminals if the situation demands and there is no other choice left to recover data.
The post NCSC and ICO issues strong warning to law firms against Ransomware payments appeared first on Cybersecurity Insiders.
Hackers spreading ransomware targeted the Indian flood monitoring system and reports are in that they are demanding bitcoins as a ransom for decryption. A police case was registered on this note in the state of Goa in India and soon the news went viral.
Water Resources Department of Goa has confirmed the news and is concerned that the incident took place during the rainy season when the whole of Maharashtra was already flooding.
Reports are in that the servers of Flood Monitoring System were hit by the file-encrypting malware on June 21st,2022 and the hackers are demanding BTC in double-digit figures to free data from encryption.
Interestingly, an executive from the engineering wing is readily accepting the fact that the servers were ill-protected with antivirus software and were operating on firewalls that were obsolete. And what’s more pathetic about the story is that the department has no dedicated IT staff or security professional to react to such situations.
As the backup data is also compromised, the disaster recovery plan related to information is jeopardized.
Goa’s Flood Monitoring System is installed at 15 places, is connected to all major rivers in the state, and is consolidated at a data center in Panaji. Officials are not interested in paying a ransom to hackers and are sure to recover the locked-up data by other means.
Unconfirmed sources state that the information was also being saved on a simultaneous note at a different center as a part of a business continuity plan and so recovery of information is 100% possible.
The post Ransomware Attack on Indian flood monitoring system and demand Bitcoins appeared first on Cybersecurity Insiders.
Welcome back to the third installment of Rapid7's Pain Points: Ransomware Data Disclosure Trends blog series, where we're distilling the key highlights of our ransomware data disclosure research paper one industry at a time. This week, we'll be focusing on the financial services industry, one of the most most highly regulated — and frequently attacked — industries we looked at.
Rapid7's threat intelligence platform (TIP) scans the clear, deep, and dark web for data on threats, and operationalizes that data automatically with our Threat Command product. We used that data to conduct unique research into the types of data threat actors disclose about their victims. The data points in this research come from the threat actors themselves, making it a rare glimpse into their actions, motivations, and preferences.
Last week, we discussed how the healthcare and pharmaceutical industries are particularly impacted by double extortion in ransomware. We found that threat actors target and release specific types of data to coerce victims into paying the ransom. In this case, it was internal financial information (71%), which was somewhat surprising, considering financial information is not the focus of these two industries. Less surprising, but certainly not less impactful, were the disclosure of customer or patient information (58%) and the unusually strong emphasis on intellectual property in the pharmaceuticals sector of this vertical (43%).
But when we looked at financial services, something interesting did stand out: Customer data was found in the overwhelming majority of data disclosures (82%), not necessarily the company's internal financial information. It seems threat actors were more interested in leveraging the public's implied trust in financial services companies to keep their personal financial information private than they were in exposing the company's own financial information.
Since much of the damage done by ransomware attacks — or really any cybersecurity incident — lies in the erosion of trust in that institution, it appears threat actors are seeking to hasten that erosion with their initial data disclosures. The financial services industry is one of the most highly regulated industries in the market entirely because it holds the financial health of millions of people in their hands. Breaches at these institutions tend to have outsized impacts.
The next most commonly disclosed form of data in the financial services industry was personally identifiable information (PII) and HR data. This is personal data of those who work in the financial industry and can include identifying information like Social Security numbers and the like. Some 59% of disclosures from this sector included this kind of information.
This appears to indicate that threat actors want to undermine the company's ability to keep their own employees' data safe, and that can be corroborated by another data point: In some 29% of cases, data disclosure pointed to reconnaissance for future IT attacks as the motive. Threat actors want financial services companies and their employees to know that they are and will always be a major target. Other criminals can use information from these disclosures, such as credentials and network maps, to facilitate future attacks.
As with the healthcare and pharmaceutical sectors, our data showed some interesting and unique motivations from threat actors, as well as confirmed some suspicions we already had about why they choose the data they choose to disclose. Next time, we'll be taking a look at some of the threat actors themselves and the ways they've impacted the overall ransomware “market" over the last two years.
Additional reading: