Tag Archive for: dismantled

Trigona ransomware claimed to be dismantled by Ukrainian hacktivists

/in


BleepingComputer reports that the Trigona ransomware gang had its operations taken down after its servers were compromised and wiped in an attack claimed by the Ukrainian Cyber Alliance hacktivist group.

Exploitation of a critical Confluence Data Center and Server vulnerability, tracked as CVE-2023-22515, enabled UCA hacktivists to infiltrate Trigona’s ransomware infrastructure last week without being detected by the ransomware group. Despite moving to protect its publicly exposed infrastructure following the exposure of its internal support documents by a UCA hacker by the name of “herm1t,” Trigona had hundreds of gigabytes of data from its admin and victim panels, internal systems, blog, and data leak site, as well as its source code, cryptocurrency hot wallets, developer environment, and database records stolen and later deleted by the hacktivists.

Prior to being dismantled, Trigona ransomware compromised Microsoft SQL servers and targeted 15 or more companies across various sectors, including manufacturing and finance.

Source…

How was Qakbot cybersecurity ransomware network dismantled?

/in


Cybersecurity triumph: how U.S. authorities crippled a multi-million dollar ransomware operation. (Source - Shutterstock)
  • U.S. authorities cripple a ransomware network, seizing US$9M in cryptocurrency.
  • The impact of Operation Duck Hunt will be felt by 700,000 victims.
  • The FBI and international agencies collaborate to dismantle Qakbot, a ransomware threat to national cybersecurity and critical infrastructure.

In a landmark victory against cybercrime, the U.S. Justice Department recently revealed the significant takedown of a ransomware network, marking a pivotal moment in cybersecurity and the ongoing battle against cyberthreats. This operation highlights the intricate web of criminal activities and the extraordinary efforts required for law enforcement agencies to dismantle them.

The success of this operation also underscores the escalating threat of ransomware attacks in cybersecurity, which have increasingly targeted not just corporations, but critical infrastructure and public institutions. In an era where digital safety can influence national security, the takedown offers relief and a stern reminder of the dangers lurking in the cyber landscape.

Building on these concerns, the Justice Department has taken decisive action. As reported by Bloomberg, federal investigators have just dealt a devastating blow to one such ransomware operation, neutralizing a criminal network likely responsible for  hundreds of millions of dollars in damages.

The FBI pulled off a cybersecurity coup, seizing a ransomware network and stolen assets.

Some days, it’s good to be the FBI.

International partnerships to take down the notorious network

Working in collaboration with its international counterparts, the FBI disrupted the Qakbot botnet—essentially a collection of malware-infected computers employed in executing these cyberattacks. Law enforcement is now in the process of deactivating the malware across thousands of affected computers.

Code-named “Operation Duck Hunt,” this initiative not only disabled the botnet but also confiscated nearly US$9 million in cryptocurrency – funds accrued from various ransomware activities.

According to official reports, Qakbot affected 700,000 victims, around 200,000 of which are based in the United States. The network’s attacks have significantly…

Source…

Ransomware Group REvil Dismantled in Raids, Russia Says

/in


U.S. officials have said that the Kremlin could shut down hacker groups like REvil, but tolerates or even encourages them, as long as their targets are outside of Russia.

In July, following President Biden’s ultimatum, REvil went offline, fueling speculations about whether the Kremlin had ordered the group to go quiet, or the United States or its allies had managed to disrupt its operations, or the group itself had decided to go underground, fearing that the heat had become too intense.

However, it resurfaced two months later, reactivating a portal victims use to make payments. In October, it was again forced offline, temporarily, by a counter-hacking effort mounted by the governments of several countries, including the United States.

REvil, short for “ransomware evil” has been one of the most notorious ransomware hacking groups sought by United States law enforcement. Ransomware groups hack into a victim’s computer system and encrypt its data, effectively locking out the owners, and extort them for money — sometimes millions of dollars, paid in cryptocurrency — in return for reversing the encryption.

U.S. intelligence agencies identified REvil as responsible for the attack on one of America’s largest beef producers, JBS, last June, forcing the shutdown of nine beef plants. In the end, JBS said it had paid an $11 million ransom in Bitcoin. The operator of the Colonial Pipeline paid almost $5 million in Bitcoin.

REvil also took credit for what was described as the biggest ransomware hack ever in July, affecting up to 1,500 businesses around the world.

The organization…

Source…

$100 million GozNym cybercrime network dismantled as suspects charged

/in

The sophisticated conspiracy saw tens of thousands of victims’ computers infected with the GozNym malware in order to steal online banking passwords, and raid accounts.

Read more in my article on the Hot for Security blog.

Graham Cluley