Tag Archive for: $10M

BlackCat Ransomware Group Draws $10M Reward Offer – MeriTalk

/in


The State Department announced on March 27 that it’s offering up to $10 million in reward money for information about individuals linked to the ALPHV BlackCat ransomware-as-a-service group.

UnitedHealth Group late last month confirmed that it was victimized by BlackCat in the ransomware attack on its Change Healthcare unit that paralyzed billing services for providers of prescriptions and other services nationwide.

The ransomware group first deployed its services in 2021, and its members have “developed and maintained” ransomware and recruited affiliates to deploy it since then, the State Department said.

“ALPHV BlackCat operated as a ransomware-as-a-service business model in which the group’s members developed and maintained the ransomware variant and then recruited affiliates to deploy the ransomware. ALPHV BlackCat and its affiliates then shared any paid ransoms,” the State Department said in a statement.

The ALPHV BlackCat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States, deploying ransomware on the targeted systems, “disabling security features within the victim’s network, stealing sensitive confidential information, demanding payment to restore access, and threatening to publicize the stolen data if victims do not pay a ransom,” the agency said.

The department’s Rewards for Justice program — which is administering the reward — specifically wants information that would lead to the “identification or location of anyone who engaged in the malicious cyber activities against U.S. infrastructure on behalf of a foreign government” in violation of the Computer Fraud and Abuse Act.

Source…

US puts up $10M reward to disrupt Clop ransomware gang

/in



Rewards of up to $10 million are being offered by the U.S. State Department’s Rewards for Justice program to individuals with any information that would establish a connection between the Clop …

Source…

Detectify secures $10M more to expand its ethical hacking platform • TechCrunch

/in


Detectify, a security platform that employs ethical hackers to conduct attacks designed to highlight vulnerabilities in corporate systems, today announced that it raised $10 million in follow-on funding led by Insight Partners. CEO Richard Carlsson says that the new cash, which brings Detectify’s total raised to $42 million, will be put toward product development and improving the overall user experience.

Detectify was founded by four ethical hackers from Stockholm, including Carlsson, who realized the business potential in combining security research with automation. In an interview with TechCrunch, Carlsson pointed out that product development workflows have changed dramatically over the past few years, with new teams within organizations spinning up internet-facing apps and adding potentially vulnerable assets to their employer’s environment. The trend toward low- and no-code tools has lowered the app development barrier to entry, but it’s also made the jobs of security specialists that much harder.

Illustrating the challenges, a recent Dark Reading survey found that 26% of IT and security experts don’t trust the platforms used to create low- and no-code apps. Roughly as many — 25% — said that they don’t even know which apps within their companies are being created by these tools.

“While companies should integrate security best practices earlier in their development cycle and try to catch vulnerabilities in development, production is what truly matters,” Carlsson added via email. “Unless you have a completely linear development process, which no company actually has, you will never catch everything. And this legacy mindset and over-reliance on ‘shifting left’ instills a sense of false confidence in organizations that actually increases their risk level.”

Detectify

Image Credits: Detectify

Detectify’s approach crowdsources real payloads — pieces of code that execute when a hacker exploits a vulnerability — from a private community of ethical hackers and uses these contributions for payload-based tests. Carlsson claims that Detectify tests customers’ entire attack surfaces, exposing how malicious attackers might exploit…

Source…

Hackers demand $10m to end cyber attack on Paris regional hospital

/in


Issued on:

A hospital southeast of Paris has been the victim of an ongoing cyber attack since the weekend, with disruption to emergency services and surgeries as hackers demand a ransom of $10 million to call off the digital assault.

The CHSF Hospital Centre in Corbeil-Essonnes, southeast of the French capital, has been the victim of a computer attack that began late Saturday night.

Hackers have reportedly issued a demand of $10 million dollars – in English – for the ransomware attack to be stopped.

Paris prosecutor’s office has opened an investigation into the hacking of the hospital’s computer system and the attempted extortion by an organised gang.

According to the prosecutor’s office, the investigation is being spearheaded by the gendarme’s Centre for Combating Digital Crime (C3N) division. 

This latest cyber attack is once again aimed at a hospital – a sector that has been the target of ransomware attacks for several months. 

Hospitals under fire from cyberattacks since March

Last April, the computer systems of nine hospitals in France’s Grand Est region were compromised by hackers and in March, a hospital in Ajaccio was also the victim of a ransomware cyberattack. 

In 2021, hospitals in the Landes, Haute-Garonne and Pyrénées-Atlantiques departments were also victims of cyber attacks, disrupting or shutting down their IT services.

The CHSF hospital in Essonne – which has a one-thousand bed capacity to provide medical care for a population of nearly 600,000 inhabitants in the greater Paris area – triggered a so-called “white plan” emergency operation on Sunday to ensure health services could be maintained.

The hosptial says the attack has rendered inaccessible “all the hospital’s business software, storage systems – particularly medical imaging – and the information system relating to patient admissions.”

The National Authority for the Security and Defence of Information Systems (Anssi) were “quickly alerted … and a type of ransomware has been identified”.

People who require…

Source…