Tag Archive for: attacks

65% Of Surveyed Executives And Employees Have Been Asked By Hackers To Help In Ransomware Attacks


Ransomware attacks, which were a growing problem last year, are expected to increase this year. But the cyberattacks, which people assumed were coming from outside their organizations, have also become internal threats.

A new poll from identity protection company Hitachi ID Systems found that 65% of surveyed IT and security executives or their employees have been approached to assist in these cyberattacks. This represents a 17% increase from a similar survey last November.

  • Overall, 57% of respondents reported that they or their employees were offered cash or Bitcoins worth less than $500,000. Ransomware attackers primarily contacted executives and employees through email (59%). 
  • Of the 65% who said they had been approached to assist in a ransomware attack, 49% ended up a victim of ransomware attack.
  • Although many (55%) consider themselves moderately or very prepared to defend against ransomware, more than half (51%) rely mostly or exclusively on perimeter defense.

26% Paid Ransom Demands

In the new poll, most people said they consulted an external party before responding to a ransomware attack and were advised not to pay the ransom. But 26% said they did pay—the demands ranged between $300,000 and $600,000.

Hitachi ID warned that, “To combat this rising threat, businesses must take a proactive offensive approach to cybersecurity or face financial and reputational damage.” 

The company surveyed 100 IT and security executives between December 7 2021 and January 4, 2022 about how hackers are approaching employees, how ransomware is impacting an organization’s cybersecurity approach and how prepared businesses are to combat these attacks.

Other Survey Results

Victim Of Attacks

  • 38% of respondents say their company has been a victim of a ransomware attack.
  • Of those who said they had been approached to assist in a ransomware attack, 49% ended up a victim of…

Source…

Why the food and ag sector is a prime target for ransomware attacks


Source…

Ukraine hit with destructive malware attacks amidst turmoil


The U.S. government is sounding alarms after Microsoft reported a series of attacks targeting networks in Ukraine.

The Cybersecurity and Infrastructure Security Agency (CISA) passed on warnings from the software giant over multiple discoveries of a new family of “destructive malware” that seeks to erase data on targeted systems under the guise of being a ransomware attack.

CISA warned that, unlike a normal ransomware attack that offers victims the ability to retrieve their data after paying out, the attacks seen in Ukraine simply wipe the host regardless of payment status.

The malware, referred to as WhisperGate by Microsoft, targets the master boot record (MBR) of the target and render the machine inoperable.

“According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the ransom note is a ruse because the malware actually destroys the MBR and the targeted files,” CISA said.

The malware, according to a Microsoft blog post Saturday, is only thinly veiled as a piece of ransomware. While claiming to ask for a ransom payment, the malware corrupts all files and the MBR without any possible path for recovery.

“At present and based on Microsoft visibility, our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues,” says Microsoft

“These systems span multiple government, non-profit, and information technology organizations, all based in Ukraine.”

The attacks, which all targeted machines based in Ukraine, are likely not a coincidence. The country finds itself in crisis as Russia is threatening an invasion, and any strife between the two nations could include cyberattacks on critical infrastructure.

State-sponsored malware attacks are no longer a novel occurrence and have become the norm when nation-states come to blows. The U.S. and Israel were reportedly behind the Stuxnet attack on Iranian nuclear facilities in 2010 , and the Wannacry ransomware attacks were traced back to nation-state hackers in North Korea. WannaCry was similar to WhisperGate in that the ransomware was used as a data wiper rather than an extortion tool.

Source…

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks


REvil Ransomware

In an unprecedented move, Russia’s Federal Security Service (FSB), the country’s principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations.

The surprise operation, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organized cybercrime syndicate.

“In order to implement the criminal plan, these persons developed malicious software, organized the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet,” the FSB said in a statement.

Automatic GitHub Backups

In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets used to commit crimes, and 20 luxury cars that were purchased with money obtained by illicit means.

One of the most active ransomware crews last year, REvil took responsibility for high-profile attacks against JBS and Kaseya, among a string of several others. The U.S. government told Reuters that one of the arrested individuals was also behind the ransomware attack on Colonial Pipeline in May 2021, once again confirming REvil’s connections to another group called DarkSide.

REvil Ransomware

The group formally closed shop in October 2021 after the U.S. intervened to take its network of dark web servers offline. The next month, Romanian law enforcement authorities announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family, even as the U.S. charged a 22-year-old Ukrainian citizen linked to the ransomware gang for orchestrating the Kaseya ransomware attack.

All those detained have been charged with “illegal circulation of means of payment,” a criminal offense punishable by up to six years in prison. The suspects weren’t named, but Reuters noted that a Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov.

Prevent Data Breaches

The crackdown also comes as threat actors likely affiliated with…

Source…