Tag Archive for: allegedly

US indicts heart doctor for allegedly spearheading high-profile ransomware operations

/in


A 55-year-old Venezuelan cardiologist has been charged in the US over allegedly being the mastermind behind the Jigsaw and Thanos ransomware operations.

Charges against Moises Luis Zagala Gonzalez were unsealed in federal court in Brooklyn, New York, on Monday and concern his alleged use and sale of ransomware, in addition to his support of and profit-sharing with other cyber criminals.

Zagala resides in Ciudad Bolivar, Venezuela and also has citizenship in France. He is alleged to have created multiple high-profile ransomware tools in his spare time while primarily being a practising doctor.

A Federal Bureau of Investigation (FBI) source posed as a prospective cyber criminal and was able to discover how Zagala’s operation ran, how he generated multiple revenue streams, and how he ‘coached’ the cyber criminals into being more successful using the tools he created.

Zagala is alleged to have created the Jigsaw ransomware strain as well as the Thanos ‘ransomware builder’ – an application that allowed users to build their own ransomware program to be used alone or sold to the wider community.

Screenshot of the Thanos application

The Thanos application presented users with a GUI and an assortment of checkboxes to enable and disable certain features so effective ransomware programs could be built with little technical knowledge.

Such features included a data stealer that allowed users to select which types of files were stolen from a victim, an anti-VM feature that prevented researchers from loading it into a virtual machine for analysis and a self-delete function that destroyed the program after its use had become exhausted.

Through the FBI’s source, the Bureau was able to understand how Thanos was sold through two licensing models.

Prospective users could either pay a single up-front fee for a limited license and have access to the program for a set time, or enrol into an affiliate program which saw the user receive a lifetime license in return for giving Zagala a portion of the profit generated from the ransomware it created.

The Depart of Justice (DoJ) said Zagala owned a server in Charlotte, North Carolina that checked if a user’s license was valid or not.

After the FBI source request to join Zagala’s affiliate…

Source…

Tesla files suit against former engineer for allegedly stealing Project Dojo’s secrets

/in


Tesla has filed suit against former engineer Alexander Yatskov for allegedly stealing confidential information related to the company’s Project Dojo supercomputer, which the company will be using to train its self-driving neural networks. 

According to Tesla, Yatskov downloaded confidential and tightly guarded information about Dojo on his personal devices. What’s worse is that when Tesla found out about his actions, Yatskov reportedly tried to cover his tracks by surrendering a “dummy” computer instead, which contained none of the stolen information. 

Yatskov began his tenure at Tesla as a thermal engineer in January, where he aided in the design of the Dojo supercomputer’s cooling systems. Tesla noted in its complaint that Yatskov had access to Dojo’s cooling information and other confidential information related to the neural net training supercomputer. 

Tesla stated that Yatskov had violated his non-disclosure agreement (NDA) by “removing Tesla confidential information from work devices and accounts, accessing it on his own personal devices, and creating Tesla documents containing confidential Project Dojo details on a personal computer.” The former engineer was reportedly caught sending emails with classified Tesla information from his personal email address to his work email. 

Tesla remarked that Yatskov actually admitted to storing classified information on his own devices when he was confronted by the company. He was placed on administrative leave starting April 6 and asked to bring in his devices so Tesla could recover any stolen information. Yatskov reportedly provided Tesla with a device, though the company noted that it was a “dummy” since it contained none of the stolen information. 

Yatskov formally resigned from Tesla on May 2. When asked for a comment by Bloomberg, the former Tesla engineer declined to provide a statement about the matter. Tesla, for its part, is looking to receive compensatory and exemplary damages. The company is also seeking to secure an order that would stop Yatskov from disseminating Dojo’s trade secrets

Don’t hesitate to contact us with…

Source…

Google sues two Russian nationals for allegedly hacking computers

/in


Google is suing two Russian nationals it claims are part of a criminal enterprise that has silently infiltrated more than a million computers and devices around the world, creating “a modern technological and borderless incarnation of organised crime.”

In a complaint being unsealed Tuesday in the US District Court for the Southern District of New York, Google names two defendants, Dmitry Starovikov and Alexander Filippov, as well as 15 unnamed individuals. Google claims the defendants have created a “botnet” known as Glupteba, to use for illicit purposes, including the theft and unauthorised use of Google users’ login and account information.

A botnet is a network of internet-connected devices that have been infected with malware. When summoned together, they can do the bidding of a hacker, often with the devices’ owners not realising their machines have been hijacked. A swarm of devices can jam traffic at websites, run malware to steal login credentials, sell fraudulent credit cards online and grant unauthorized access to other cyber criminals.

Botnet attack

The Glupteba botnet stands out from others because of its “technical sophistication,” using blockchain technology to protect itself from disruption, Google said in the complaint. At any moment, the power of the Glupteba botnet could be used in a powerful ransomware attack or distributed denial of service attack, Google said.

It’s the first time that Google is going after a botnet, a spokesperson for the Mountain View, California-based company said in an email. “We are taking this action to further protect internet users and to send a message to cyber criminals that we will not tolerate this type of activity.”

The spokesperson said the company worked with the…

Source…

Hackers Attacked a Hospital and Allegedly Killed a Newborn Baby

/in


Image by Getty / Futurism

A woman who gave birth at a hospital that had been brought to its knees by a ransomware hack is now suing over the death of her newborn daughter. The death appears to mark the first official casualty of a ransomware hack, in which hackers seize control of a computer network and demand payment, usually in cryptocurrency, to restore it — a crime that, clearly, can be lifethreatening when directed at critical infrastructure like hospitals.

When the hackers took control of Springhill Medical Center in Alabama in 2019, the hospital refused to pay the ransom or acknowledge the attack, The Wall Street Journal reports, opting instead to mitigate the damage by shutting off its network and attempting to carry on as usual. Jobs that used to be automated suddenly fell on junior staffers, and doctors and nurses suddenly had to treat patients without access to crucial digital records or computer equipment.

A week after the attack, Teiranni Kidd went to Springhill Medical Center to deliver her daughter, Nicko Silar, according to the WSJ. Without the monitors that doctors and nurses use to keep an eye on the vitals of patients and their soon-to-be born children, the staff missed that Nicko had a dangerously accelerated heartbeat — a sign that Nicko’s umbilical cord was wrapped around her neck. Nicko was born unresponsive and with severe brain damage, and died nine months later.

Since then, Kidd has sued the hospital, and documents revealed that the medical staff texted one another about how the death would have been easily preventable. Had they been able to see the warning signs — it’s unclear if anyone did at the time — they would have safely delivered Nicko via caesarian section.

The hacker hasn’t been publicly identified, but the WSJ reports that it’s likely the Russian Ryuk gang, which has targeted at least 235 hospitals and dozens of other healthcare facilities with ransomware attacks since 2018.

Outside of this case, there hasn’t been a recorded death caused by a ransomware attack, though Joshua Corman, a senior advisor for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency told the WSJ that the hacks could make…

Source…