Tag Archive for: Damage

ICBC Grapples with Ransomware Attack – Will This Cause a Major Damage?

/in


In a significant cybersecurity incident, China’s largest commercial lender, the Industrial and Commercial Bank of China (ICBC), recorded a ransomware attack on its U.S. arm.

The incident, which occurred on Thursday, disrupted trades in the U.S. Treasury market, marking the latest victim in a series of ransom-demanding hacks this year.

ICBC Response to Major Ransomware Attack

The attack is suspected to be the work of the cybercrime gang Lockbit, known for its aggressive ransomware tactics. However, as of Thursday evening, Lockbit’s dark website, where it typically names its victims, did not include ICBC.

The attack reveals how vulnerable the systems at major financial institutions are, raising concerns about the effectiveness of cyber safety measures. Meanwhile, ICBC Financial Services remains committed to examining the attack, working to restore disrupted systems and mitigate potential losses.

 Also, China’s foreign ministry emphasized the bank’s effort, stating that it will do everything possible to reduce the impact on risk and losses.

Besides this, the U.S. authorities, which have been grappling with the increase in cybercrime, particularly ransomware attacks, are also trying to fight the funding of such criminal organizations.

Despite the disruption, the bank reported that it successfully cleared Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades conducted on Thursday. In the meantime, the bank has not officially commented on the attackers’ identity.

This is understandable, as it’s common for such organizations to refrain from publicly disclosing such information. Notably, market observers acknowledge that the effect of the attack was little on the market. However, they have decided to remain vigilant about its implications, particularly for cybersecurity controls in the financial sector.

Meanwhile, the U.S. Securities Industry and Financial Markets Association (SIFMA) has informed its members about the ransomware attack. They emphasized ongoing communication with key financial sector participants and federal regulators.

The Treasury market, according to LSEG data, appeared to function normally on Thursday….

Source…

Beware of new Black Basta ransomware! Here is what damage it can cause

/in


A new Black Basta ransomware has recently got operationalised by hackers. They ask hefty amounts to decrypt files and not leak data.

A new ransomware is reportedly stealing corporate data and documents before encrypting a company’s devices. Dubbed as Black Basta ransomware, it has become operative during April only and has breached more than 12 companies in just a few weeks. The ransomware uses the stolen data in double-extortion attacks and demands hefty amounts to decrypt files and not leak data. Big companies like Deutsche Windtechnik and American Dental Association have already become the victim of this ransomware. The amount of rasome is not known yet, however, the companies are in negotiation with the threat actors.

The data extortion details of these victims who have not paid a ransom yet are listed on ‘Black Basta Blog’ or ‘Basta News’ Tor site. Here’s all you need to know about this newly found ransomware

Also read: Looking for a smartphone? To check mobile finder click here.

What is Black Basta ransomware?

Black Basta ransomware seems to be a rebrand of an experienced operation i.e, Conti ransomware operation. It steals corporate data and documents before encrypting a company’s devices and demands a wholesome amount to not leak data. It slowly leaks data for each victim to try and pressure them into paying a ransom.

How does Black Basta ransomware work?

According to BleepingComputer, the ransomware hacks into an existing Windows service and uses it to launch the ransomware decryptor executable. The ransomware then changed the wallpaper to display a message stating, “Your network is encrypted by the Black Basta group. Instructions in the file readme.txt” and reboot the computer into Safe Mode with Networking. Ransomware expert Michael Gillespie informed the portal Black Basta ransomware utilizes the ChaCha20 algorithm to encrypt files. Each folder on the encrypted device contains a readme.txt file that has information about the attack and a link and unique ID to log in to the negotiation chat session with the threat actors. They then demand a ransom and threaten to leak data if payment is not made in seven…

Source…

High-Tech Drug Infusion Pumps in Hospitals Vulnerable to Damage, Hackers – Consumer Health News

/in


MONDAY, March 21, 2022 (HealthDay News) — You’ve probably seen an infusion pump, even though the name might make it sound like a mysterious piece of medical technology.

These devices govern the flow of IV medications and fluids into patients. They help deliver extra fluids to people in the emergency room, administer monoclonal antibodies to folks with COVID-19, and pump chemotherapy drugs to cancer patients.

“If you’re watching a television drama, they are the boxes next to the bedside. Tubing goes from a medication bag through the pump to the patient,” said Erin Sparnon, senior engineering manager for device evaluation at the non-profit health care quality and safety group ECRI.

But the widespread usefulness of these ever-present devices has also made them a top technology hazard for U.S. hospitals, experts say.

Damaged infusion pumps can cause a patient to receive too much or too little medicine, potentially placing the lives of critically ill patients at risk. Plastic can crack, hinges can pinch, electronics can fail, batteries can die — and a patient can be placed in peril.

“There are over a million infusions running in the U.S. every day. The good news about that is the vast majority of them are just fine. The bad news is that a one in a million problem can happen every day,” Sparnon said.

“That’s why infusion pumps get a lot of attention, because they’re ubiquitous. They’re everywhere and they’re used on critical patients for critical medications,” Sparnon said. “We regularly get reports from health care settings where patients have been harmed due to pump damage.”

Damaged infusion pumps placed number three on ECRI’s list of top 10 technology hazards for 2022, mainly due to the potential for something to go mechanically wrong with them, Sparnon said.

But others have raised concerns that “smart” wi-fi-connected infusion pumps could be hacked and manipulated to harm patients.

Still, Sparnon said an infusion pump that’s been manhandled or damaged in some way poses a much greater and more concrete safety risk than the possibility of a hacked pump.

“I know it sounds really cool, but there are no reports of patient harm due to a hack,” Sparnon said. “I would put a lot more emphasis on…

Source…

How to Proactively Limit Damage From BlackMatter Ransomware

/in


The BlackMatter ransomware strain that’s been used in numerous attacks against US critical infrastructure entities and other large organizations in recent months has a serious logic flaw in its code that limits the malware’s effectiveness in some situations.

Organizations that can trigger the faulty logic can potentially mitigate the damage that BlackMatter can cause in their environment, Illusive said in a report Friday.

Illusive researchers discovered the flaw when they observed the ransomware failing to encrypt shares of remote computers in the company’s test environment. A closer inspection of the code showed that BlackMatter encrypts other computers in the same network only if the environment is configured in a particular way.

The logic flaw gives organizations a way to prevent BlackMatter from encrypting file shares, says Shahar Zelig, security researcher at Illusive.

“But it is important to note that the compromised device would still be encrypted,” he says. “And if an attacker has compromised multiple devices, it could still run BlackMatter to encrypt all those devices. This logic flaw is specially about remote shares.”

BlackMatter surfaced in July 2021 soon after the DarkSide ransomware-as-a-service operation shut down following an attack on Colonial Pipeline that stirred concern — and reaction — all the way from the White House down. Like DarkSide, BlackMatter is being distributed under a ransomware-as-a-service model. The malware has been used in attacks against at least two organizations belonging to the US food and agriculture sector and several other critical infrastructure targets. Operators of the ransomware have published data belonging to at least 10 large organizations across the US, Canada, UK, India, Brazil, Thailand, and Chile.

Security vendors that have analyzed the malware describe its payload as highly efficient, small (about 80Kb in size), well-obfuscated, and running mostly in memory. An analysis conducted by Varonis showed the operators of BlackMatter typically gain initial access by compromising vulnerable edge devices, including remote desktops and VPNs, or by abusing login credentials obtained from other sources. 

Concerns over BlackMatter prompted…

Source…