Tag Archive for: dark

Is the IDF weaponizing blockchain? Are cartels paying ransomware on the dark web? #hearsay

/in


Disclosure: The views and opinions expressed here belong solely to the author and do not represent the views and opinions of crypto.news’ editorial.

Welcome to #hearsay, Dorian Batycka’s weekly crypto gossip column. This week’s edition brings you a small dose of dark web cartels, a potential blockchain interface for the Israel Defense Force (IDF), and one NFT collector’s hilarious flex fail.

Every week, crypto.news brings you #hashtag hearsay, a gossip column of scoops and stories shaping the crypto world. If you have a tip, email Dorian Batycka at [email protected]

Question: what if Sam Bankman was actually fried?

That’s the thought that immediately sprang to mind when I learned about a recent exit scam involving one of the world’s largest darknet vendors of illegal drugs.

On March 5, users of the site Incognito Marketplace, a site like Reddit where buyers and sellers can get everything from a gram of weed to kilos of coke, were awakened to a message from one of its administrators, an admin known as Pharaoh.

The message read:

We have accumulated a list of private messages, transaction info and order details over the years. You’ll be surprised at the number of people that relied on our auto-encrypt functionality. And by the way, your messages and transaction IDs were never actually deleted after the expiry.

Anyway, if anything were to leak to law enforcement, I guess nobody never slipped up. We’ll be publishing the entire dump of 557k orders and 862k crypto transaction IDs at the end of May… whether or not you and your customers’ info is on that list is totally up to you. Yes, this is an extortion.

Pharaoh, Incognito Marketplace admin

Holding the site’s BTC and Monero (XMR), Pharaoh stated that vendors on the site would be asked to pay large ransoms, lest they have their data leaked online.

What’s more, Pharaoh also revealed that the “auto-encrypt” button, made available to vendors on the darknet marketplace, actually exposed them to a data breach.

Worries about the Incognito Marketplace began to circulate the week before when users were unable to withdraw BTC and Monero (a privacy-focused cryptocurrency) from the platform.

Source…

Roku Has More than 15,000 User Accounts Hacked, Stolen Data Sold for 50 Cents Per Customer on the Dark Web

/in


Hackers have stolen personal data, including credit-card authentication credentials, of 15,363 Roku users, with individual user account data selling for just 50 cents each on the Dark Web. 

Some Roku users were locked out of their accounts, with data thieves coopting them to make nefarious in-app purchases. 

Source…

New BlackCat ransomware analysis published as leak site goes dark

/in


Amid news that the ALPHV/BlackCat ransomware gang is shutting down operations in a likely exit scam, researchers published a new technical breakdown of the ransomware’s binary.

The Trustwave SpiderLabs report published Wednesday dives into remote access and stealth tactics used in deployment of BlackCat ransomware since the group’s resurgence, after its initial disruption by the FBI in December.

ALPHV/BlackCat’s leak site went down for a second time on Friday and is now replaced with an FBI takedown notice that security experts say is likely fake.

Inspecting the site shows the takedown banner is extracted from an archive, and Europol and the National Crime Agency (NCA) deny being involved in the takedown despite their logos appearing on the page, BleepingComputer reports.  

The cybergang’s operators claim they plan to cease operations and sell the BlackCat ransomware source code for $5 million due to law enforcement interference — but this move comes after allegations it stole a $22 million ransom from one of its own affiliates after claiming responsibility for the attack against Change Healthcare. This has led the gang’s actions to be labeled by many as an “exit scam.”

“Based on our experience, we believe that BlackCat’s claim of shutting down due to law enforcement pressure is a hoax. We anticipate their return under a new guise or brand after the hiatus,” Reegun Jayapaul, principal threat hunter at Trustwave, told SC Media in an email. “This tactic serves as a means for them to execute one final significant scam before resurfacing with less scrutiny.”

Whether ALPHV/BlackCat returns under a different name — or the ransomware-as-a-service (RaaS) strain is sold and brought under new management — organizations should stay alert for BlackCat’s ransomware tactics despite the bizarre shakeup.

“Regardless if BlackCat sells their source code or not, threat actors are always honing and evolving their craft,” Shawn Kanady, global director of the Trustwave SpiderLabs Threat Hunt Team, told SC Media.

New stealth features discovered in BlackCat ransomware ‘Version 3’

The BlackCat variant studied by Trustwave researchers is more elusive than previous versions…

Source…

After cyberattack, Tri-City Medical Center documents reportedly found on dark web

/in


Just days ago, a cyber security expert posted on social media that an extortion operation called INC RANSOM was claiming it had records stolen from Tri-City Medical Center — and that some were posted on the dark web.

“When someone posts online, they’re showing almost as proof that they have breached the system, and typically will follow that with some type of a demand,” Cyber Center of Excellence CEO Lisa Easterly said.

The post included “proof” in the form of eight pages presumably taken from Tri-City during the digital attack, University of San Diego professor of cybersecurity Nikolas Behar said.

“We’re seeing them post things like patient authorization forms, financial records and they’re going to contain things like name, phone number. But we’re not certain if they accessed any of the electronic medical records,” he said about the INC RANSOM post.

Tri-City did not respond to a request for an interview or statement on the matter.

Easterly said everyone should practice proper digital hygiene to protect themselves from cyberattacks. That includes turning on multi-factor authentication, updating software, using strong passwords and thinking before you click on a link to not fall victim to a phishing scam.

As for victims of a cyber security breach, she has further advice: “Monitor your credit. You can request free credit reports from all three credit bureaus and place freezes on your credit and your children’s credit. This is very important, to help thwart potential identity theft,” Easterly said.

The FBI has recorded a large increase in cybercrime complaints and financial losses since the COVID-19 pandemic when much of our lives shifted online.

“If you are a victim where they are putting it online, first things first is — get in touch with your local FBI office or your law enforcement fusion center,” Easterly said.

Currently, Behar said there is no indication of just how many Tri-City records might be in the attacker’s possession.

Source…