Items tagged with Ransomware
High-reward ransomware appears to be all the rage right now after the REvil hacking group executed the Kaseya attack, encrypting over 1,500 businesses. Now, Saudi Aramco has confirmed a data leak today following an extortionist who demanded $50 million after claiming to have sized a large quantity of data from the world’s largest oil producer. Released today, Aramco’s statement explained that it had “recently become aware of the indirect release of a limited amount of company data which was held by third-party contractors.” While no supplier or contractor was named nor was it explained how the data was lost according to the Financial Times, it seems the company is simply...
Read more...
Though notorious hacking group REvil has gone offline, companies are still reeling from the effects of the Kaseya ransomware attack. However, it seems the Florida-based remote-management software company has obtained a universal decryptor key and is working with all its customers to rectify the situation. Just before the July 4th holiday weekend in the US, criminal hackers from REvil utilized a 0-day exploit to access Kaseya’s systems and subsequently encrypt them and downstream customers. It was estimated that nearly 1,500 different companies, including a large chain grocery store in Sweden called Coop, were infected with the REvil ransomware. Afterward, an astounding $70 million was demanded...
Read more...
It appears that REvil, the threat actor group behind attacks on JBS Global and Kaseya, among others, has gone dark. While this could be a good thing, it may not be worth holding your breath as there are other explanations for REvil “disappearing” in the short term. Prior to the July 4th holiday in the United States, REvil executed an attack on Kaseya, a management software company based out of Florida. This led to upwards of 1,500 businesses downstream having their files encrypted and held for ransom by the threat actor group’s ransomware. With this rise in attacks, the Biden administration has seemingly put cybersecurity as a priority. Less than a day ago, BleepingComputer’s...
Read more...
Ransomware incidents are on the rise worldwide with no end in sight, and trying to fight back is like trying to punch a ghost, it seems. However, using empirical data and evidence, we can figure out what does and does not work to smother ransomware. Thanks to a new website called Ransomwhere, anyone can now track this evidence and figure out the full impact of ransomware while looking at the big picture. Last week, white-hat hacker Jack Cable announced the crowdsourced ransomware payment tracker website Ransomwhe.re. He explained that “there's no comprehensive public data on the total number of ransomware payments” and that without this, “we can't know the full impact of ransomware,...
Read more...
Customers of Kaseya's Vector Signal Analysis (VSA) software are being warned to be on the lookout for phishing emails claiming to offer up a security update, but in reality contain a malicious payload. The phishing campaign is a result of a massive supply chain ransomware attack that spread through software created by the Florida-based IT company. Notorious hacking group REvil was behind the attack, which exploited vulnerabilities in Kaseya's VSA software to distribute ransomware. In the aftermath, Kaseya said the attack affected fewer than 60 customers, though also noted that many of those customers provide IT services to multiple other companies. "We understand that the total impact thus far...
Read more...
Over the weekend, cybersecurity experts, forensics teams, and white-hat hackers worldwide have been battling the ransomware incident affecting Kaseya VSA customers. Now, the Florida-based IT and remote management company is reporting that fewer than 60 customers and 1,500 downstream companies have been affected by this. But could this all have been prevented in the first place, or did cybersecurity take a backseat? On the evening of July 5th, Kaseya reported that the ransomware attack, which started on July 2nd against its VSA product, had hopefully been contained at this point. So far, there are fewer than 60 direct Kaseya customers affected; however, as many of these companies provide IT services,...
Read more...
On July 4th, we reported that the developing Kaseya ransomware incident might be much worse than initially thought. While it is still unclear exactly how many victims and encrypted devices there are, it was apparent that this is certainly a wide-reaching international incident. We also noted that REvil, the Russian-backed hacking group, had not mentioned the situation on its blog, until now. Late in the evening on July 4th, REvil made a blog post about its Kaseya attack after much speculation. The group explained that the attack launched on July 2nd has since encrypted “more than a million systems.” However, it seems that this ransomware event is being treated differently than most,...
Read more...
Before the holiday weekend got underway, the REvil hacking group kicked off a massive supply chain attack involving remote management software company Kaseya. Based out of Florida, the company only reports that 40 of its remote monitoring tool VSA on-premises customers have been affected by this. However, some of these 40 could be managed service providers who in turn serve hundreds of small businesses, which bloats the number of affected companies upwards of 1,000. This morning, Kaseya provided an update on its progress, explaining that it is working on a plan to restore software-as-a-service server farms while all on-premises VSA servers should remain offline until further notice. Furthermore,...
Read more...
Hacking group REvil, which was behind attacks such as those on Acer in early 2021, has returned in force evidently, after approximately 200 U.S. businesses were hit by ransomware overnight. It has been found that the ransomware spread through software created by Florida-based IT company Kaseya in what is another massive supply chain attack. Yesterday, Kaseya reported at 4:00 pm EST that it was "experiencing a potential attack against the VSA," its remote monitoring and management tool. At the time, it was recommended that VSA customers immediately shut down servers until further notice, as the attacker would first disable administrative access to VSA if they managed to breach the system. VSA...
Read more...
Colonial Pipeline was content to fly under the radar as the top fuel pipeline in the United States, but then it was hit by a ransomware attack that severely disrupted operations, and its name was plastered across headlines. Looking to take advantage of the situation and newfound name recognition, hackers are hoping to dupe victims with phishing emails masquerading as required system updates. This is part of the fallout from the attack on a piece of critical infrastructure, and the unwanted notoriety that comes with it. Colonial Pipeline operates over 5,500 miles of pipe delivering 100 million gallons of fuel across 14 different states and seven airports. The attack led to a temporary shortages...
Read more...
Earlier this year, one of the largest insurance providers in the U.S. was hit by a ransomware attack that managed to cripple its network and exfiltrate data. According to people familiar with the situation, CNA Financial Corp. out of Chicago, Illinois, paid $40 million to wrest control of its network back in March. The people familiar with the situation, who were not authorized to publicly speak on the matter, discussed the hack with Bloomberg. It is reported that the company paid hackers “about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network.” When asked specifically about the ransom payment, CNA declined to comment specifically...
Read more...
Over the past two weeks, Colonial Pipeline has been battling a ransomware attack that crippled fuel flow to the eastern seaboard. This was supposedly not intended to be as catastrophic as it was, but the hacking group behind the attack, DarkSide, has quite a bit of experience in ransomware. The group has reportedly extracted approximately $90 million in Bitcoin from 47 different cryptocurrency wallets, with many more victims opting not to pay the ransom. Ransomware is becoming a highly profitable business model for hackers, and even more so when “Ransomware as a Service” (RaaS) is implemented. DarkSide is an example of this model, wherein there is a ransomware developer who oversees...
Read more...
Ransomware attacks have been on the rise lately, and both organizations and consumers need to protect themselves as best they can before the problem worsens over time. As it turns out, one of the most popular and widespread operating systems, Windows 10, has ransomware protection, and it is super simple to turn on so you too can be protected. Ransomware has become one of the most prevalent and profitable forms of cyberattack, with hackers around the globe locking up files in exchange for cryptocurrency or cash. These locked-up files could include family photos, personal documents, or even trade secrets, all of which could be priceless. However, as we saw with Colonial Pipeline doling out $5 million...
Read more...
Cyber-attacks have seemingly ramped-up in the last few weeks, like the Colonial Pipeline ransomware incident that netted a cool $5 million for the criminal attackers. Now, cyber-thugs have crippled the Irish Health Service Executive's (HSE) computer systems in what could be "the most significant cybercrime attack on the Irish state," notes Irish minister of state Ossian Smyth. Yesterday, the Twitter account for the HSE, the primary health service provider in Ireland, tweeted that there has been a significant ransomware attack on its systems. To help contain this attack, the org decided to shut down all of the systems "in order to protect them from this attack and to allow us fully assess the...
Read more...
We first learned of the cyberattack on Colonial Pipeline's computer systems last week. The company's extensive pipeline network is responsible for supplying the bulk of the United States East Coast with gasoline, diesel, and jet fuel. The company announced that it was a victim of a ransomware attack and had to shut down critical systems. As a result, Americans on the East Coast began panic buying gasoline, which led to shortages and increased prices (cresting $3.00 per gallon in many locations). Colonial Pipeline didn't initially specify whether it paid the ransom after its systems were attacked. However, a new report alleges that the company paid a hefty ransom to the tune of $5 million. That...
Read more...
Right to repair arguments often fall on deaf ears, especially at companies like Apple that are tight-lipped and only allow certain people to [officially] repair its products. What if Apple's hands were forced, though, and nearly anyone could look at device's schematics? We may find out shortly as hackers have leaked some files about Apple products, and repair shops are taking advantage of this, legality aside. In late April, Apple supplier Quanta was hit with a $50 million ransomware attack carried out by hacker group REvil. Apple schematics were stolen and leaked when Quanta refused to pay the exorbitant fee. These schematics included a future line of MacBook devices and likely much more that...
Read more...
Yesterday, we reported on a ransomware attack that targeted Colonial Pipeline, and by association, the eastern seaboard after the company had to shut off its pipeline network. Now, the FBI has tied the ransomware attack on the fuel company to a newly formed group called “DarkSide,” who has been incredibly quiet about the situation until today. On May 7th, Colonial Pipeline learned that they had been the victim of a cybersecurity incident and then “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations.” Since then, the company has slowly restored services to its customers in Texas through New Jersey. The company’s...
Read more...
One of the top U.S. fuel pipeline operators had to shutter its network this weekend due to a nasty ransomware attack. This effectively shut down approximately half of the East Coast’s fuel for both air and ground transportation. Though home heating oil prices are not expected to increase as a result, this does raise concerns about how vulnerable U.S. critical infrastructure is after seeing how disruptive this attack was. Colonial Pipeline is one of the largest pipeline operators in the United States, with over 5,500 miles of pipe delivering 100 million gallons of fuel across 14 different states and directly serving seven airports. The network, which you can see below, spans from New...
Read more...
Ransomware attacks are on the rise, and both organizations, such as the Washington D.C. Police Department, and individuals like QNAP NAS owners, are being targeted relentlessly. To help combat this, leaders from Amazon, Cisco, FireEye, McAfee, Microsoft, and other firms joined forces with the U.S. Department of Justice, Europol, and the U.K. National Crime Agency to call for an international coalition to fight against ransomware criminals. Simply put, we do not negotiate with terrorists, and this is only an extension of that philosophy. This week, an 81-page report that outlined the Ransomware Task Force and goals of the group was delivered to the Biden administration. It urged the U.S. to lead...
Read more...
The same group of hackers that hit the NBA's Houston Rockets basketball team with a ransomware attack earlier this month has now turned its sights on the police force in Washington, D.C. It is the latest in a string of concerning ransomware attacks aimed at police over the past several weeks, where data leaks can put people's lives in danger. More than just a potentially embarrassing situation, in which private information could be revealed to the public, unscrupulous hackers are also threatening to reveal the identity of police informants to gangs, according to a post on the dark web viewed by The New York Times. In such a scenario, a data dump could conceivably result in actual bodily harm,...
Read more...
When we hear of ransomware attacks, it usually involves high-value targets, such as the recent $50 million attack against Apple supplier Quanta. This time, a ransomware gang took a different approach and targeted consumers and small businesses using QNAP devices and subsequently encrypted their files. In just five days, the gang managed to collect $260,000 in Bitcoin for unlocking all the devices they took hostage. On Monday, a ransomware operation called Qlocker kicked off, exploiting new vulnerabilities in QNAP NAS devices and leaving users to wake up to their files being locked up. The ransomware gang behind this pulled it off by scanning the web for connected QNAP devices and then locking...
Read more...
Apple is bringing some color into people's lives with a new line of M1-powered iMac systems, available in green, yellow, orange, pink, purple, blue, and silver. As to what other changes Apple plans on making to its product lines, a hacking group is threatening to reveal them, after infiltrating servers belonging to one of the company's main suppliers. The hacking group goes by REvil, and it is the same one that recently breached Acer and stole files that included financial spreadsheets, bank balances, and bank communications, all of which it posted on its website called Happy Blog. The group is known for using ransomware in its attacks, and in the case of Acer, it had demanded $50 million. REvil...
Read more...
