THE PROBLEM IS ONLY GETTING WORSE
In general, here's one recent report (from Axios) - then scroll down to see-and-read the latest articles published by Bleeping Computer
Evolving ransomware tactics are making U.S. officials' jobs harder
Illustration: Sarah Grillo/Axios
Despite the government's best efforts, squashing ransomware still remains one of U.S. cyber officials' toughest tasks.
Driving the news: During public appearances at the Aspen Cyber Summit earlier this week, government officials gave a rare glimpse into just how difficult ransomware is to fight.
What they're saying: "We’ve only seen the problem continue to get worse, even with all of the efforts we’ve made," said Paul Abbate, deputy director of the FBI, during the summit.
- "Ransomware continues to happen at unacceptable levels," said Rob Silvers, the Department of Homeland Security's under secretary for strategy, policy and plans, at the event.
- "We see enough attempted intrusion, and successful intrusions, every day that we're not letting our guard down even a little bit," Silvers added.
The big picture: The U.S. government has thrown all of its resources at the ransomware problem since an attack forced the Colonial Pipeline to shut down last year. But that still isn't enough to deter ransomware criminals.
State of play: In recent months, most government officials have either focused their public remarks about ransomware on the work they're doing to fight ransomware or on the success those efforts have had.
- For example, National Security Agency Cybersecurity Director Rob Joyce said in May that ransomware had gone down due to a recent round of sanctions.
- The White House hosted a group of 36 other governments earlier this month to discuss their counter-ransomware efforts. During an hourslong closing session, most government leaders focused on the progress their countries have made, rather than the steep road ahead.
Between the lines: A growing number of high-profile attacks in recent months — including the September attack on the L.A. Unified School District and another attack last month on CommonSpirit Health — are playing into renewed public warnings.
- The Treasury Department also reported earlier this month that suspected payments to ransomware gangs have skyrocketed, totaling a new high close to $1.2 billion in 2021.
Between the lines: Ransomware gangs are constantly reinventing themselves, changing targets and building new tools to better attack victims — creating an ever-moving target for regulators and companies.
- Many ransomware gangs have started putting more of an emphasis on getting victims to pay to prevent data leaks, rather than for encryption keys that will help unlock any files the ransomware seized — changing how companies respond to attacks.
The intrigue: Foreign governments have also started deploying ransomware in their attacks against one another in recent years, underscoring just how pervasive the threat has become.
- Last week, Microsoft attributed a ransomware attack on Ukrainian and Polish transportation and logistics organizations to a Russian state-sponsored group known as Iridium.
- Iran also launched a successful ransomware attack against the Albanian government in July.
Yes, but: The U.S. government has still made tackling the problem a priority, even if it remains an uphill battle.
- During the White House's ransomware summit, each participating government pledged to not harbor ransomware criminals and to dedicate more resources to detecting and responding to the threat.
- Last week, federal investigators announced that they had seized more than $3 billion worth of cryptocurrencies in a case involving a dark web marketplace, underscoring the improvements made to capturing cybercriminals' payments.
What's next: Many of those existing efforts need more resources to build capacity so they can properly tackle ransomware.
- "Scale is really the name of the game at this point," said Megan Stifel, chief strategy officer at the Institute for Security and Technology, during the Aspen event."
BLEEPING COMPUTER
The Week in Ransomware - November 18th 2022 - Rising Operations
There have been some interesting developments in ransomware this week, with the arrest of a cybercrime ring leader and reports shedding light on two new, but up-and-coming, ransomware operations.
One of the biggest stories this week is the arrest of Ukrainian Vyacheslav Igorevich Penchukov, aka 'Tank,' for his alleged role as a leader in the JabberZeus cybercrime gang that operated the Zeus malware botnet.
Penchukov is also believed to be one of the managers of the notorious Maze ransomware operation, which popularized double-extortion attacks.
Other news this week are new reports on rising ransomware operations:
- Both Microsoft and SecurityScorecard released reports on the Royal Ransomware operation, which is believed to be comprised of ex-Conti members.
- ASEC released a report on Dagon Locker, a rebrand of the Quantum ransomware operation.
- BlackBerry warns of the expanding operations of the ARCrypter ransomware.
Finally, Ukraine says that a new Somnia ransomware is being used in attacks, CISA/FBI warned Iranian hackers breached a federal agency, and the FBI warned that Hive ransomware had made over $100 million in ransom payments.
Contributors and those who provided new ransomware information and stories this week include: @struppigel, @Ionut_Ilascu, @malwareforme, @malwrhunterteam, @DanielGallagher, @serghei, @jorntvdw, @fwosar, @LawrenceAbrams, @PolarToffee, @demonslay335, @FourOctets, @billtoulas, @VK_Intel, @BleepinComputer, @pcrisk, @Seifreed, @GeeksCyber, @BlackBerry, @ahnlab, and @MsftSecIntel.
November 13th 2022
Ukraine says Russian hacktivists use new Somnia ransomware
Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called 'Somnia,' encrypting their systems and causing operational problems.
November 14th 2022
A Technical Analysis of Royal Ransomware
Royal ransomware is a recent threat that appeared in 2022 and was particularly active during recent months. The ransomware deletes all Volume Shadow Copies and avoids specific file extensions and folders. It encrypts the network shares found in the local network as well as the local drives. A parameter called “-id” that identifies the victim and is also written in the ransom note must be specified in the command line.
Australia to consider banning paying of ransoms to cyber criminals
Australia's Home Affairs Minister Clare O'Neil on Sunday said the government would consider making illegal the paying of ransoms to cyber hackers, following recent cyber attacks affecting millions of Australians.
New Phobos ransomware variant
PCrisk found a new Phobos variant that appends the .faust extension to encrypted files and drops ransom notes named info.txt and info.hta.
New STOP ransomware variants
PCrisk found new STOP ransomware variants that append the .fatp and .fate extensions to encrypted files.
New Xorist ransomware variant
PCrisk found a new Xorist variant that appends the .ZeRy extension and drops a ransom note name HOW TO DECRYPT FILES.txt.
November 16th 2022
Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police
Vyacheslav Igorevich Penchukov, also known as Tank and one of the leaders of the notorious JabberZeus cybercrime gang, was arrested in Geneva last month.
US govt: Iranian hackers breached federal agency using Log4Shell exploit
The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware.
DAGON LOCKER Ransomware Being Distributed
It was discovered that the DAGON LOCKER ransomware (hereinafter referred to as “DAGON”) is being distributed in Korea. It was first found through AhnLab ASD infrastructure’s suspicious ransomware behavior block history. In October, it was also reported to AhnLab as a suspicious file by a Korean organization. DAGON is commonly distributed through phishing mails or as an attachment to emails, but because it is a ransomware-as-a-service, the distribution route and target can vary according to the threat actor.
New VoidCrypt variant
PCrisk found a new VoidCrypt variant that appends the .DRCRM extension and drops a ransom note named Read.txt.
New Anthraxbulletproof variant
PCrisk found a new 'Anthraxbulletproof ' ransomware based on Chaos that appends the .Anthraxbulletproof extension and drops a ransom note named read_it.txt.
November 17th 2022
Previously unidentified ARCrypter ransomware expands worldwide
A previously unknown ‘ARCrypter’ ransomware that compromised key organizations in Latin America is now expanding its attacks worldwide.
FBI: Hive ransomware extorted $100M from over 1,300 victims
The Federal Bureau of Investigation (FBI) said today that the notorious Hive ransomware gang has successfully extorted roughly $100 million from over a thousand companies since June 2021.
DEV-0569 finds new ways to deliver Royal ransomware, various payloads
Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation.
November 18th 2022
New Satana ransomware variant
PCrisk found a new SATANA ransomware variant that appends the .SEX3 extension and drops a ransom note named !satana!.txt.
That's it for this week! Hope everyone has a nice weekend!
-
This electrical engineering bootcamp bundle is on sale for just $20
If you've considered a career in this field but aren't sure whether you want to invest thousands before getting introduced to the subject matter, then The Electrical Engineers Power Systems Bootcamp Bundle may be an good alternative. It gives you the power to learn the topic on your own terms and, since it's on sale for just $20.
- November 20, 2022
- 08:32 AM
- 0
-
'Welcome Back'—Donald Trump returns to Twitter after Elon Musk's poll
In a surprising move, Twitter has lifted the "permanent suspension" of former U.S. President Donald Trump's account. The move follows a Twitter poll ran by Elon Musk that asked users whether to reinstate Trump's account—the majority of 15 million respondents answered affirmatively.
- November 20, 2022
- 03:43 AM
- 4
-
New attacks use Windows security bypass zero-day to drop malware
New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings.
- November 19, 2022
- 01:28 PM
- 0
-
Build better databases with this Microsoft SQL training bundle deal
Proper data management can ensure better results when you need them most. This eight-course bundle illustrates how to make the best use of SQL databases for $40, 97% off the $1600 MSRP.
- November 19, 2022
- 08:14 AM
- 0
-
The Week in Ransomware - November 18th 2022 - Rising Operations
There have been some interesting developments in ransomware this week, with the arrest of a cybercrime ring leader and reports shedding light on two new, but up-and-coming, ransomware operations.
- November 18, 2022
- 05:13 PM
- 0
-
Exploit released for actively abused ProxyNotShell Exchange bug
Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.
- November 18, 2022
- 03:53 PM
- 0
-
Researchers secretly helped decrypt Zeppelin ransomware for 2 years
Security researchers found vulnerabilities in the encryption mechanism of the Zeppelin ransomware and exploited them to create a working decryptor they used since 2020 to help victim companies recover files without paying the attackers.
- November 18, 2022
- 02:54 PM
- 1
-
US charges BEC suspects with targeting federal health care programs
The U.S. Department of Justice (DOJ) has charged ten defendants for their alleged involvement in business email compromise (BEC) schemes targeting numerous victims across the country, including U.S. federal funding programs like Medicare and Medicaid.
- November 18, 2022
- 12:26 PM
- 0
-
Chinese hackers use Google Drive to drop malware on govt networks
State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide.
- November 18, 2022
- 10:24 AM
- 0
-
Google Search results poisoned with torrent sites via Data Studio
Threat actors are abusing Google's Looker Studio (formerly Google Data Studio) to boost search engine rankings for their illicit websites that promote spam, torrents, and pirated content.
- November 18, 2022
- 09:03 AM
- 0
-
Learn coding fundamentals with this $40 master class in C
The 2023 Premium C Programming Developer Bundle bundle includes more than 80 hours of tutorials and exercises. It's now available for $40, a price that's hundreds of dollars off the combined MSRP.
- November 18, 2022
- 07:27 AM
- 0
-
Atlassian fixes critical command injection bug in Bitbucket Server
Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket Server and Data Center, the company's solution for Git repository management.
- November 18, 2022
- 06:59 AM
- 0
-
Phishing kit impersonates well-known brands to target US shoppers
A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween.
- November 17, 2022
- 06:44 PM
- 0
No comments:
Post a Comment