‘Nevada Group’ hackers target thousands of computer networks

/in


A mysterious and unidentified group of hackers have sought to paralyse the computer networks of almost 5,000 victims across the US and Europe, in one of the most widespread ransomware attacks on record.

The hacking unit, initially nicknamed the Nevada Group by security researchers, began a series of attacks that started around three weeks ago by exploiting an easily fixed vulnerability in a piece of code that is ubiquitous in cloud servers.

The Financial Times contacted several victims identified from the publicly available information. Most declined to comment, saying they had been asked by law enforcement to do so. They include universities in the US and Hungary, shipping and construction firms in Italy and manufacturers in Germany.

Authorities have yet to identify the perpetrators, guessing only from their recruiting announcements on the web that it is a mix of Russian and Chinese hackers.

The hackers have demanded a surprisingly small ransom to release their hold over computer networks — as little as two bitcoins (around $50,000) in some cases, according to copies of their ransomware notes that were briefly visible. By contrast, a rival gang demanded $80mn from the UK’s Royal Mail in another recent and high-profile attack.

This ease with which this new group has fanned across vast swaths of the west’s internet infrastructure underlines the nature of much of the ransomware threatening businesses around the world. Most of the attacks are relatively simple, yield small sums and often go unnoticed.

In a scene that features rival, and often feuding, ransomware gangs, this unknown newcomer is “a solid new threat in our landscape in the near future”, said Shmuel Gihon, at Israeli cyber security firm CyberInt.

He warned that the simplicity and breadth of the attack could spawn copycats. “The scale of this campaign is one of the biggest we have seen, (and since it is ongoing), the real problem is that veteran groups see the potential damage they can do.”

The ransomware campaign is now referred to as the ESXiArgs, after the loophole it exploits — though there is some confusion as to whether it and the Nevada Group are the same or copying off each other.

In February…

Source…