Tag Archive for: aftermath

A ransomware attack and its aftermath


In the quiet of an early February morning, Washington County, Pennsylvania, found itself at the epicenter of a digital storm. A ransomware attack, orchestrated by what county officials described as Russian hackers, paralyzed the local government’s network, leaving critical systems and data in jeopardy. This intrusion, marking a significant escalation in cybercriminal activities targeting municipalities, forced the county into a corner. The decision to pay a ransom of $346,687 in cryptocurrency to the attackers brought to light a disturbing trend: the increasing willingness of public entities to meet hackers’ demands to regain control of their digital lives.

The Onslaught: A Network Paralyzed

The cyberattack was not merely a disruption but an unprecedented assault on Washington County’s digital infrastructure. Systems crucial for the day-to-day operation of the county’s government and courthouse ground to a halt. As the reality of the situation sank in, county officials, alongside federal investigators and third-party cybersecurity experts, scrambled to assess the damage and contain the spread of the malicious software. The hackers had not only locked the county out of its systems but had also absconded with vast quantities of sensitive data, including residents’ Social Security and driver’s license numbers, raising alarms about the potential misuse of this information on the dark web.

The Response: A Controversial Decision

In the face of this digital catastrophe, county officials convened an emergency meeting. The options were stark: either spend months rebuilding the county’s data infrastructure from scratch or capitulate to the hackers’ demands. After careful deliberation, the decision was made to pay the ransom. This choice, though controversial, was deemed the lesser of two evils. Facilitated by DigitalMint, a Chicago-based firm specializing in the sale of cryptocurrency, the payment was a desperate bid to restore normalcy and safeguard sensitive information from further exposure. The county’s commissioners, in a subsequent meeting on February 16, ratified this decision, underscoring its gravity and the urgent…

Source…

Atomic Wallet Hack Exposes $35 Million Crypto Asset Theft – An In-depth Look at the Aftermath and Ongoing Investigation


Join Our Telegram channel to stay up to date on breaking news coverage

The Atomic Wallet hack has shaken the crypto community, causing substantial user losses and prompting an urgent investigation. Here’s a closer look at the aftermath, recovery efforts, and the wider landscape of cryptocurrency breaches, along with Atomic Wallet’s response to the incident.

Atomic Wallet Hack Reveals $35 Million in Crypto Asset Theft

An analysis conducted by on-chain investigator ZachXBT reveals that Atomic Wallet users have suffered crypto asset theft amounting to at least $35 million since June 2. Among these losses, the five largest account for $17 million.

After the attack, Atomic Wallet took to Twitter to inform users that they were actively conducting an investigation into the cause of the incident. Troubling accounts have surfaced, revealing instances of token losses, erasure of transaction histories, and even the outright theft of entire crypto portfolios.

ZachXBT, a pseudonymous Twitter user known for tracking stolen crypto funds and aiding hacked projects, independently conducted an investigation. According to ZachXBT’s findings, the largest victim lost $7.95 million in Tether (USDT). ZachXBT commented that the total amount stolen could potentially exceed $50 million as more victims continue to be discovered.

Atomic Wallet Hack Reveals $35 Million in Crypto Asset Theft

An image shared by ZachXBT on Twitter showcases his investigation into Atomic Wallet’s hack, offering further evidence of the breach.

Atomic Wallet has a user base of over 5 million individuals worldwide. In an interview, a long-time user named Emre, who happens to be a cybersecurity professional, shared his experience as a victim of a security breach.

Emre expressed deep distress after losing nearly $1 million in crypto assets obtained from bug bounty programs. The stolen tokens encompass Bitcoin (BTC), Dogecoin (DOGE), Litecoin (LTC), Ether (ETH), USDT, USD Coin (USDC), BNB, and Polygon (MATIC).

Emre highlighted the lack of concrete updates from Atomic Wallet regarding the incident. While the company claims to be investigating the matter, victims like Emre are still awaiting tangible progress. The funds stored in Atomic Wallet were intended for the establishment of…

Source…

Ransomware-as-a-service business model takes a hit in the aftermath of the Colonial Pipeline attack


Cybercrime gangs are finding it harder to recruit partners for the affiliate programs that power ransomware attacks.

Abstract Malware Ransomware virus encrypted files with keypad on binary bit red background. Vector illustration cybercrime and cyber security concept.

Image: iStockphoto/nicescene

The best way to stop the ever-increasing wave of ransomware attacks is to take away the financial incentive behind these cyber crimes. The response to the Colonial Pipeline ransomware attack may be the first step in doing just that. Both governments and hacker forums have made it harder for ransomware gangs to use the ransomware-as-a-service (RaaS) model. This scalable business model requires several groups: engineers to write encryption software, network penetration experts to find and compromise targets and professional negotiators to ensure maximum payout. 

Bryan Oliver, a senior analyst at Flashpoint said that the response from governments in the wake of the Colonial Pipeline attack has made it harder for ransomware groups to recruit partners.

“The main result of government action has been the banning of ransomware group recruitment from the top tier underground Russian forums,” Oliver said.  

Oliver said this change will not end ransomware attacks any time soon, but it is a significant step because it makes the ransomware-as-a-service model less profitable.

“The Exploit and XSS forums were the recruiting grounds for these ransomware groups, and losing access to those means losing access to new partners,” he said.

Oliver said that the administrators of these forums also banned the DarkSide collective in mid-May and distributed their deposit of roughly $1 million to DarkSide “partners” who claimed they had not been paid by DarkSide. 

“They have also since removed posts from their forums related to ransomware recruitment,” he said.

Amit Serper, Guardicore’s vice president of research for North America, said that he hopes to see a change in ransomware attacks with the U.S. and other national governments stepping up their fight against bad actors.

“The fact that the U.S. government managed to seize some of the funds that were paid by Colonial sets an interesting…

Source…

Cyber Security Today – Twitter hack aftermath, more Android malware, actors on alert and a streaming media warning – IT World Canada

Cyber Security Today – Twitter hack aftermath, more Android malware, actors on alert and a streaming media warning  IT World Canada
“android security news” – read more