Tag Archive for: Enforcement

BlackCat ransomware site down amidst rumours of law enforcement action

/in


The ALPHV data leak site, along with the Tor negotiation URLs shared with victims in ransom notes, went offline on 7th December and have yet to be restored.

Security researchers, including Yelisey Bohuslavkiy, chief research officer at RedSense, have hinted at a possible law enforcement operation targeting the group.

Bohuslavkiy said admins of other top-tier ransomware groups directly linked to ALPHV, including Royal/BlackSuit, BlackBasta and LockBit, confirmed law enforcement involvement in the takedown.

Despite these rumours, BlackCat’s leadership maintains that “everything will work soon.”

When contacted by BleepingComputer, the ALPHV admin mentioned server repairs, but provided no further details.

ReliaQuest, a security operations centre company, notes that BlackCat’s site has a history of intermittent connectivity issues, although the current outage is among the longest faced by the group.

Notably, no law enforcement agency has officially released information about an operation specifically targeting BlackCat.

ALPHV had previously dismissed the possibility of a takedown effort like the one that targeted the Hive ransomware group in January 2023.

Analysts at ReliaQuest speculate that this disruption could prompt hackers associated with BlackCat to seek new affiliations, or even establish their own ransomware gangs.

“The removal of this group from the ransomware landscape will undoubtedly leave a void, with its operators and affiliates likely moving to other ransomware groups or forming new groups,” said Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest.

The company noted that similar law enforcement actions in the past have resulted in the dispersal of affiliates into new programmes, bringing valuable experience from previous operations.

Who is BlackCat?

BlackCat first appeared in in late 2021 as a ransomware-as-a-service enterprise, offering lucrative payouts of up to 90% of…

Source…

Ragnar Locker site disrupted in international law enforcement crackdown

/in


CyberScoop reports that the Ragnar Locker ransomware group, also known as Viking Spider, had its data leak site seized by the FBI and 15 other law enforcement agencies around the world as part of an international crackdown against ransomware infrastructure.

No further information regarding the extent of the takedown operations against the ransomware gang was provided but Ragnar Locker, which emerged in 2019, was noted by CrowdStrike Senior Vice President of Counter Adversary Operations Adam Meyers to be among the first ransomware groups that targeted corporations and other major entities to obtain significant payouts.

Ragnar Locker had 100 organizations across 27 industries listed on its data leak site prior to the disruption, Meyers said.

Such dismantling of Ragnar Locker’s leak site comes after sanctions against TrickBot members and the disruption of the Hive ransomware operation, as well as the thwarting of Russia’s CyclopsBlink botnet and Chinese attacks against Microsoft Exchange servers.

Source…

Russian hackers attack computer systems of law enforcement officers – State Special Communications Service

/in


Russian spies are using hackers to attack law enforcement computer systems in Ukraine to identify and obtain evidence related to alleged Russian war crimes.

Source: Yurii Shchyhol, head of the State Special Communications Service of Ukraine, in an interview with Reuters

Details: Hackers working with Russia’s foreign, domestic and military intelligence agencies have stepped up digital intrusion campaigns at Ukraine’s Prosecutor General’s Office and departments documenting war crimes

Quote: “There’s been a change in direction, from a focus on energy facilities towards law enforcement institutions which had previously not been targeted that often.

This shift towards the courts, prosecutors and law enforcement units, shows that hackers are gathering evidence about Russian war crimes in Ukraine

The groups we’ve identified as being engaged in this activity are part of Russia’s GRU and FSB intelligence agencies.”

Details: Espionage activities will be outlined in an upcoming State Department report due to be published on Monday.

The report, a copy of which was reviewed by Reuters, states that the hackers also tried to collect intelligence on Russian citizens arrested in Ukraine in order to “help these individuals avoid prosecution and move them back to Russia”.

Shchyhol declined to name which units were targeted by the hacking campaign, citing security concerns. The number of documented cybersecurity incidents, he said, rose 123% in the first six months of this year compared with the second half of 2022.

He also stated that Russian hackers targeted government agencies and tried to gain access to their email servers.

There is also evidence that Russian hackers gained access to private surveillance cameras in Ukraine to monitor the results of long-range missile and drone strikes.

Ukrainska Pravda is the place where you will find the most up-to-date information about everything related to the war in Ukraine. Follow us on Twitter, support us, or become our patron!

Source…

Experts Discuss Cyber Risk, From Law Enforcement to Insurance Claims

/in


To combat cyber activity, law enforcement agencies in the United States and abroad interact to exchange information about their cyber adversaries. The FBI maintains 56 field offices, each with a multiagency cyber task force manned with investigators, special agents, intelligence analysts, digital forensic technicians, and more, all with a focus on helping victims of cybercrime. These offices work with the Intelligence Community, the National Cyber Investigative Joint Task Force, and cyber assistant legal attachés to protect national security against cyber threats worldwide.

These agencies share intelligence information to keep the United States safe from cyber threats, and they also aim to develop relationships with private sector companies to share information about cyber activity before an attack occurs. Therefore, it’s important for the agencies to develop relationships with companies in the private sector. The agencies can deploy their cyber action teams within hours, domestically and globally, to assist companies onsite when a major incident or attack does happen. 

“If … a private sector company is about to get hit by a ransomware attack or by any other type of intrusion, we want to get out there immediately and let that victim know how they can best mitigate that attack,” said Scott. “We only can do that if we have the relationship built, and the better we do that ahead of time, the stronger those relationships are.”

As a success story, Scott discussed how the agencies worked as a team and shared information to take down the HIVE ransomware group. Hive was a ransomware variant that was a threat worldwide. In July 2022, the team gained persistent access to Hive’s control panel, which enabled the team to get the decryption key. Having that, the team was able to reach out and provide assistance to victims as they were being victimized by Hive. They responded to 1,500 victims in 48 states and 88 countries, preventing an estimated loss of $130 million to victims.

The FBI had always estimated that only 20% to 25% of cyber victims report a cyber incident. As a result of the team’s interaction with Hive victims, the FBI was able to substantiate that percentage.

Source…