Items tagged with Ransomware
Ransomware attacks are on the rise, and it may feel like there is no recourse for many victims. A new law has been proposed in the United States by Senator Elizabeth Warren and Congresswoman Deborah Ross to attempt to address that, but with an added dilemma. The new law, the Ransomware Disclosure Act, would require businesses to disclose any ransom payments within 48 hours of the payment to the Department of Homeland Security (DHS). If the bill passes, victims who decide to pay the ransom will be required to report the payment sum, the currency, and any information they have about those who are demanding payment. The Ransomware Disclosure Act would not require everyone who is a victim of ransomware...
Read more...
A lot of folks buying (legitimate) software are disgruntled about the rise of "software as a service," or SaaS. Proponents claim that the continued payments enable further development of useful applications, while opponents complain that they end up paying far more than they might under a more traditional "buy to own" model. Customers also voice concerns that automatically-updating software might break, or remove useful features. If legitimate customers are frustrated by the SaaS model, one can only imagine how annoying it must be that malware providers have moved to the same sort of system. Last week's "Bloodystealer" trojan is primarily sold that way, and so is REvil, arguably the most notorious...
Read more...
Ransomware infections have been on the rise lately, affecting companies like Gigabyte or, more famously, Kaseya. Subsequently, the fight against the ransomware plague needs to meet and exceed threat actors’ efforts, and Microsoft is looking to help. In collaboration with the Microsoft Threat Intelligence Center, ransomware detection is being built into the Azure Sentinel security information and event management (SIEM) tool. Azure Sentinel is an AI-assisted tool that analyzes copious amounts of data to detect and investigate threats on-premises and in the cloud. It is also helped by something called Fusion, a machine learning system used to “correlate different alerts and contextual...
Read more...
Some of Gigabyte's support sites have been taken offline, the result of an apparent ransomware attack in which a hacking group claims to be in possession of sensitive data, and is holding it hostage. If a ransom is not paid, the culprits say they will publish 112 gigabytes of stolen files, including ones containing confidential AMD and Intel documents. "We have downloaded 112 GB (120,971,743,713 byes of your files and we are ready to PUBLISH it. Many of them are under NDA (Intel, AMD, American Megatrends). Leaked sources: newautobom.gigabyte.intra, git.ami.com.tw and some others," the hacking group wrote in a message. The mind races at what documents that fall under at purview of non-disclosure...
Read more...
High-reward ransomware appears to be all the rage right now after the REvil hacking group executed the Kaseya attack, encrypting over 1,500 businesses. Now, Saudi Aramco has confirmed a data leak today following an extortionist who demanded $50 million after claiming to have sized a large quantity of data from the world’s largest oil producer. Released today, Aramco’s statement explained that it had “recently become aware of the indirect release of a limited amount of company data which was held by third-party contractors.” While no supplier or contractor was named nor was it explained how the data was lost according to the Financial Times, it seems the company is simply...
Read more...
Though notorious hacking group REvil has gone offline, companies are still reeling from the effects of the Kaseya ransomware attack. However, it seems the Florida-based remote-management software company has obtained a universal decryptor key and is working with all its customers to rectify the situation. Just before the July 4th holiday weekend in the US, criminal hackers from REvil utilized a 0-day exploit to access Kaseya’s systems and subsequently encrypt them and downstream customers. It was estimated that nearly 1,500 different companies, including a large chain grocery store in Sweden called Coop, were infected with the REvil ransomware. Afterward, an astounding $70 million was demanded...
Read more...
It appears that REvil, the threat actor group behind attacks on JBS Global and Kaseya, among others, has gone dark. While this could be a good thing, it may not be worth holding your breath as there are other explanations for REvil “disappearing” in the short term. Prior to the July 4th holiday in the United States, REvil executed an attack on Kaseya, a management software company based out of Florida. This led to upwards of 1,500 businesses downstream having their files encrypted and held for ransom by the threat actor group’s ransomware. With this rise in attacks, the Biden administration has seemingly put cybersecurity as a priority. Less than a day ago, BleepingComputer’s...
Read more...
Ransomware incidents are on the rise worldwide with no end in sight, and trying to fight back is like trying to punch a ghost, it seems. However, using empirical data and evidence, we can figure out what does and does not work to smother ransomware. Thanks to a new website called Ransomwhere, anyone can now track this evidence and figure out the full impact of ransomware while looking at the big picture. Last week, white-hat hacker Jack Cable announced the crowdsourced ransomware payment tracker website Ransomwhe.re. He explained that “there's no comprehensive public data on the total number of ransomware payments” and that without this, “we can't know the full impact of ransomware,...
Read more...
Customers of Kaseya's Vector Signal Analysis (VSA) software are being warned to be on the lookout for phishing emails claiming to offer up a security update, but in reality contain a malicious payload. The phishing campaign is a result of a massive supply chain ransomware attack that spread through software created by the Florida-based IT company. Notorious hacking group REvil was behind the attack, which exploited vulnerabilities in Kaseya's VSA software to distribute ransomware. In the aftermath, Kaseya said the attack affected fewer than 60 customers, though also noted that many of those customers provide IT services to multiple other companies. "We understand that the total impact thus far...
Read more...
Over the weekend, cybersecurity experts, forensics teams, and white-hat hackers worldwide have been battling the ransomware incident affecting Kaseya VSA customers. Now, the Florida-based IT and remote management company is reporting that fewer than 60 customers and 1,500 downstream companies have been affected by this. But could this all have been prevented in the first place, or did cybersecurity take a backseat? On the evening of July 5th, Kaseya reported that the ransomware attack, which started on July 2nd against its VSA product, had hopefully been contained at this point. So far, there are fewer than 60 direct Kaseya customers affected; however, as many of these companies provide IT services,...
Read more...
On July 4th, we reported that the developing Kaseya ransomware incident might be much worse than initially thought. While it is still unclear exactly how many victims and encrypted devices there are, it was apparent that this is certainly a wide-reaching international incident. We also noted that REvil, the Russian-backed hacking group, had not mentioned the situation on its blog, until now. Late in the evening on July 4th, REvil made a blog post about its Kaseya attack after much speculation. The group explained that the attack launched on July 2nd has since encrypted “more than a million systems.” However, it seems that this ransomware event is being treated differently than most,...
Read more...
Before the holiday weekend got underway, the REvil hacking group kicked off a massive supply chain attack involving remote management software company Kaseya. Based out of Florida, the company only reports that 40 of its remote monitoring tool VSA on-premises customers have been affected by this. However, some of these 40 could be managed service providers who in turn serve hundreds of small businesses, which bloats the number of affected companies upwards of 1,000. This morning, Kaseya provided an update on its progress, explaining that it is working on a plan to restore software-as-a-service server farms while all on-premises VSA servers should remain offline until further notice. Furthermore,...
Read more...
Hacking group REvil, which was behind attacks such as those on Acer in early 2021, has returned in force evidently, after approximately 200 U.S. businesses were hit by ransomware overnight. It has been found that the ransomware spread through software created by Florida-based IT company Kaseya in what is another massive supply chain attack. Yesterday, Kaseya reported at 4:00 pm EST that it was "experiencing a potential attack against the VSA," its remote monitoring and management tool. At the time, it was recommended that VSA customers immediately shut down servers until further notice, as the attacker would first disable administrative access to VSA if they managed to breach the system. VSA...
Read more...
Colonial Pipeline was content to fly under the radar as the top fuel pipeline in the United States, but then it was hit by a ransomware attack that severely disrupted operations, and its name was plastered across headlines. Looking to take advantage of the situation and newfound name recognition, hackers are hoping to dupe victims with phishing emails masquerading as required system updates. This is part of the fallout from the attack on a piece of critical infrastructure, and the unwanted notoriety that comes with it. Colonial Pipeline operates over 5,500 miles of pipe delivering 100 million gallons of fuel across 14 different states and seven airports. The attack led to a temporary shortages...
Read more...
Earlier this year, one of the largest insurance providers in the U.S. was hit by a ransomware attack that managed to cripple its network and exfiltrate data. According to people familiar with the situation, CNA Financial Corp. out of Chicago, Illinois, paid $40 million to wrest control of its network back in March. The people familiar with the situation, who were not authorized to publicly speak on the matter, discussed the hack with Bloomberg. It is reported that the company paid hackers “about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network.” When asked specifically about the ransom payment, CNA declined to comment specifically...
Read more...
Over the past two weeks, Colonial Pipeline has been battling a ransomware attack that crippled fuel flow to the eastern seaboard. This was supposedly not intended to be as catastrophic as it was, but the hacking group behind the attack, DarkSide, has quite a bit of experience in ransomware. The group has reportedly extracted approximately $90 million in Bitcoin from 47 different cryptocurrency wallets, with many more victims opting not to pay the ransom. Ransomware is becoming a highly profitable business model for hackers, and even more so when “Ransomware as a Service” (RaaS) is implemented. DarkSide is an example of this model, wherein there is a ransomware developer who oversees...
Read more...
Ransomware attacks have been on the rise lately, and both organizations and consumers need to protect themselves as best they can before the problem worsens over time. As it turns out, one of the most popular and widespread operating systems, Windows 10, has ransomware protection, and it is super simple to turn on so you too can be protected. Ransomware has become one of the most prevalent and profitable forms of cyberattack, with hackers around the globe locking up files in exchange for cryptocurrency or cash. These locked-up files could include family photos, personal documents, or even trade secrets, all of which could be priceless. However, as we saw with Colonial Pipeline doling out $5 million...
Read more...
Cyber-attacks have seemingly ramped-up in the last few weeks, like the Colonial Pipeline ransomware incident that netted a cool $5 million for the criminal attackers. Now, cyber-thugs have crippled the Irish Health Service Executive's (HSE) computer systems in what could be "the most significant cybercrime attack on the Irish state," notes Irish minister of state Ossian Smyth. Yesterday, the Twitter account for the HSE, the primary health service provider in Ireland, tweeted that there has been a significant ransomware attack on its systems. To help contain this attack, the org decided to shut down all of the systems "in order to protect them from this attack and to allow us fully assess the...
Read more...
We first learned of the cyberattack on Colonial Pipeline's computer systems last week. The company's extensive pipeline network is responsible for supplying the bulk of the United States East Coast with gasoline, diesel, and jet fuel. The company announced that it was a victim of a ransomware attack and had to shut down critical systems. As a result, Americans on the East Coast began panic buying gasoline, which led to shortages and increased prices (cresting $3.00 per gallon in many locations). Colonial Pipeline didn't initially specify whether it paid the ransom after its systems were attacked. However, a new report alleges that the company paid a hefty ransom to the tune of $5 million. That...
Read more...
Right to repair arguments often fall on deaf ears, especially at companies like Apple that are tight-lipped and only allow certain people to [officially] repair its products. What if Apple's hands were forced, though, and nearly anyone could look at device's schematics? We may find out shortly as hackers have leaked some files about Apple products, and repair shops are taking advantage of this, legality aside. In late April, Apple supplier Quanta was hit with a $50 million ransomware attack carried out by hacker group REvil. Apple schematics were stolen and leaked when Quanta refused to pay the exorbitant fee. These schematics included a future line of MacBook devices and likely much more that...
Read more...
Yesterday, we reported on a ransomware attack that targeted Colonial Pipeline, and by association, the eastern seaboard after the company had to shut off its pipeline network. Now, the FBI has tied the ransomware attack on the fuel company to a newly formed group called “DarkSide,” who has been incredibly quiet about the situation until today. On May 7th, Colonial Pipeline learned that they had been the victim of a cybersecurity incident and then “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations.” Since then, the company has slowly restored services to its customers in Texas through New Jersey. The company’s...
Read more...
One of the top U.S. fuel pipeline operators had to shutter its network this weekend due to a nasty ransomware attack. This effectively shut down approximately half of the East Coast’s fuel for both air and ground transportation. Though home heating oil prices are not expected to increase as a result, this does raise concerns about how vulnerable U.S. critical infrastructure is after seeing how disruptive this attack was. Colonial Pipeline is one of the largest pipeline operators in the United States, with over 5,500 miles of pipe delivering 100 million gallons of fuel across 14 different states and directly serving seven airports. The network, which you can see below, spans from New...
Read more...
