-
New extortion scam threatens to damage sites’ reputation, leak data
An active extortion scam is targeting website owners and admins worldwide, claiming to have hacked their servers and demanding $2,500 not to leak data.
- November 12, 2022
- 11:10 AM
0
The Week in Ransomware - November 11th 2022 - LockBit feeling the heat
This 'Week in Ransomware' covers the last two weeks of ransomware news, with new information on attacks, arrests, data wipers, and reports shared by cybersecurity firms and researchers.
- November 11, 2022
- 05:25 PM
- 0
Kaspersky to kill its VPN service in Russia next week
Kaspersky is stopping the operation and sales of its VPN product, Kaspersky Secure Connection, in the Russian Federation, with the free version to be suspended as early as November 15, 2022.
As the Moscow-based company informed on its Russian blog earlier this week, the shutdown of the VPN service will be staged, so that impact on customers remains minimal.
Purchases of the paid version of Kaspersky Secure Connection will remain available on both the official website and mobile app stores until December 2022.
Customers with active subscriptions will continue to enjoy the product's VPN service until the end of the paid period, which cannot go beyond the end of 2023 (one-year subscription).
Russian-based users of the free version of Kaspersky Secure Connection will not be able to continue using the product after November 15, 2022, so they will have to seek alternatives.
BleepingComputer emailed Kaspersky questions regarding its decision to stop offering VPN products in Russia, but a spokesperson has declined to provide more information.
A hostile environment for VPNs
There are few trustworthy legal VPN alternatives left for Russians to choose from.
The country's telecommunications watchdog, Roskomnadzor, announced VPN bans in June 2021 and then again in December 2021, prohibiting the use of NordVPN, Express VPN, ProtonVPN, VyprVPN, Opera VPN, PrivateTunnel, and others.
The reason for banning 15 VPNs in the country was because their vendors refused to connect their services to the FGIS database, which would apply government-imposed censorship in VPN connections, and would also make user traffic and identity subject to state scrutiny.
Ever-increasing controls are strangling VPN usage in Russia. On Tuesday, the Ministry of Digital Transformation requested all state-owned companies to declare what VPN products they use, for what purposes, and in what locations.
In August, Roskomnadzor announced a plan to introduce an AI-based internet scanner by December 2022 to analyze every new information that appears online.
This system will further motivate Russians to use VPNs, so the pressure on VPN providers to stop offering tools that can hide the poster's identity may have risen."
RELATED CONTENT
Russian military hackers linked to ransomware attacks in Ukraine
A series of attacks targeting transportation and logistics organizations in Ukraine and Poland with Prestige ransomware since October have been linked to an elite Russian military cyberespionage group.
"Researchers with Microsoft Security Threat Intelligence (MSTIC) pinned the ransomware attacks on the Russian Sandworm threat group based on forensic artifacts and victimology, tradecraft, capabilities, and infrastructure overlapping with the group's previous activity.
The attackers deployed the ransomware payloads across their victims' enterprise networks. This tactic has rarely been seen in attacks targeting Ukrainian organizations, and it matches previous Russian state-aligned activity, such as the use of the HermeticWiper destructive malware before the start of the invasion of Ukraine.
"As of November 2022, MSTIC assesses that IRIDIUM very likely executed the Prestige ransomware-style attack," MSTIC said.
"The Prestige campaign may highlight a measured shift in IRIDIUM's destructive attack calculus, signaling increased risk to organizations directly supplying or transporting humanitarian or military assistance to Ukraine.
"More broadly, it may represent an increased risk to organizations in Eastern Europe that may be considered by the Russian state to be providing support relating to the war."
The threat actors' sophistication was highlighted by their use of multiple methods for Prestige ransomware deployment, including the use of Windows scheduled tasks, encoded PowerShell commands, and the Default Domain Group Policy Object.
In its previous report, Microsoft shared a list of indicators of compromise (IOCs) and advanced hunting queries to help admins defend against Prestige ransomware attacks.
Notorious Russian military hackers
Sandworm (aka BlackEnergy, Voodoo Bear, TeleBots) is a Russian hacking group active for at least two decades since the mid-2000s, with its members believed to be part of Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST).
They have been linked to attacks leading to the Ukrainian blackouts of 2015 and 2016 [1, 2, 3] and the KillDisk wiper attacks targeting Ukrainian banks.
The group is also believed to have created the NotPetya ransomware that caused billions of damage starting in June 2017.
In October 2020, the U.S. Department of Justice charged six of the group's operatives for hacking operations linked to the NotPetya ransomware attack, the PyeongChang 2018 Olympic Winter Games, and the 2017 French elections.
Earlier this year, in February, a joint security advisory issued by U.S. and U.K. cybersecurity agencies also pinned the Cyclops Blink botnet on the Russian military cyberspies before its disruption that prevented its use in attacks."
.jpg)
.png)
