Tag Archive for: extortion

Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme

/in


Feb 27, 2023Ravie Lakshmanan

Data Theft and Extortion Scheme

The Dutch police announced the arrest of three individuals in connection with a “large-scale” criminal operation involving data theft, extortion, and money laundering.

The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The arrests were made on January 23, 2023.

It’s estimated that the hackers stole personal data belonging to tens of millions of individuals. This comprised names, addresses, telephone numbers, dates of birth, bank account numbers, credit cards, passwords, license plates, social security numbers, and passport details.

The Politie said its cybercrime team started the investigation nearly two years ago, in March 2021, after a large Dutch company suffered a security breach.

The name of the company was not disclosed but some of the firms that were hit by a cyber attack around that time included RDC, Shell, and Ticketcounter, the last of which was also a victim of an extortion attempt.

“During the course of the investigation, it has become clear that thousands of small and large companies and institutions, both national and international, have fallen victim to computer intrusion (hacking) in recent years, followed by theft and handling of data,” the agency said.

The attack spree targeted a wide range of industry verticals spanning catering, training institutes, e-commerce, software, social media, and critical infrastructure.

Describing it as a “sophisticated” operation, the Politie said the threat actors demanded a Bitcoin payment from the affected companies and threatened to publish the stolen information online or destroy the digital infrastructure, racking up millions in damages.

The ransom demanded per company is said to have ranged anywhere between €100,000 and €700,000. To make matters worse, the suspects ended up selling the data despite the companies paying up.

The sensitive nature of the plundered information means that it could be used to carry out social engineering attacks and various kinds of fraudulent activities.

“Data theft and data trading is a huge revenue model for criminals,” the Politie warned. “Not just by extorting companies. The…

Source…

Ransomware Revenue Drops Amidst Less Successful Extortion Attempts: Chainalysis

/in


2022 has been a turbulent year. One good thing to come out of it is that – ransomware earnings are significantly down.

Attacks on the crypto industry remain rampant. However, data suggests that victims are increasingly refusing to pay ransomware attackers. Blockchain analytics company Chainalysis, in a new report, shed light on the changing dynamics in the ransomware industry.

Zooming in on Ransomware Attacks 2022

It found that over 10,000 unique strains were active in the first half of the year alone – a trend that was also confirmed by on-chain data. In comparison, around 5,400 unique strains were recorded to be active over the same period of 2021. The number of active strains has increased substantially in recent years, a major portion, however, goes to a small group of strains at any given time.

Lifespans of ransomware have slid in 2022. In fact, the average ransomware strain was found to be active for just 70 days, down from 153 in 2021 and 265 in 2020. Most attackers funnel the extorted funds to mainstream centralized cryptocurrency exchanges. This number surged from 39.3% in 2021 to 48.3% in 2022.

On the other hand, ill-gotten funds being moved to high-risk exchanges fell from 10.9% to 6.7%. A similar declining trend was seen in the usage of illicit services such as darknet markets for ransomware money laundering. However, the usage of coin mixers for the same purpose has increased from 11.6% to 15.0%.

Less Frequent Ransom Payments

Chainalysis stated that the estimate for 2022’s total ransomware revenue fell by 40.3% to at least $456.8 million in 2022 from $765.6 million in 2021. The drop is substantial and demonstrated increasing unwillingness among the victims to pay ransomware attackers and not a decline in the actual number of exploits.

While asserting that ransomware continues to be a major cyber threat to businesses and enterprises, Michael Phillips, Chief Claims Officer of cyber insurance firm Resilience, noted:

“There have, however, been signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts.”

Especially over the past four years, the probability of victims paying a…

Source…

Fool Me Thrice? How to Avoid Double and Triple Ransomware Extortion

/in


The danger of being hit by a ransomware attack is scary enough, but in many cases, criminals can still extort your business after the ransom has been paid and things have seemingly returned to normal. Double and even triple extortions are becoming increasingly common, with ransomware gangs now demanding additional payments to keep the private information captured in their attacks from being leaked. These added threats are driving up the collective cost of ransomware, which is forecast to reach $265 billion by 2031, according to some sources.

In traditional ransomware attacks, the attackers hijack and encrypt valuable data to force organizations to pay a ransom in exchange for the safe restoration of data and network functionality. CISOs have responded by adopting stronger cyber protections, such as creating secure offsite backups and segmenting their networks, and attackers have quickly evolved to subvert these methods. 

One Extortion, Two Extortion, Three

The cat-and-mouse game that is ransomware took an ugly turn over the past year or so as attackers realized the value that organizations put on not releasing their sensitive information publicly: The brand and reputation hit can sometimes be just as damaging as being locked out of files and systems. Capitalizing on this unfortunate reality, attackers began adding the threat of leaking sensitive data as a follow-up to successful or even unsuccessful ransomware attacks when organizations were able use backups to restore their systems.  

With double extortion being so successful, attackers figured: Why stop there? In cases of triple extortion, attackers threaten to release data about downstream partners and customers to extract additional ransom payments, potentially putting the initial organization at risk of lawsuits or fines 

Some bad actors have even created a search function that allows victims to find leaked data about partners and clients as proof of the datas damaging value. A ransomware operation known as ALPHV/BlackCat may have started this trend in June, when cybercriminals posted a searchable database containing the data of nonpaying victims. The BlackCat gang went as far as to index the data repositories and give…

Source…

Extortion Economics: Ransomware’s New Business Model

/in


Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.

And yet, many threat actors are working within a limited pool of ransomware groups. Although ransomware is a headline-grabbing topic, it’s ultimately being driven forward by a relatively small and interconnected ecosystem of players. The specialization and consolidation of the cybercrime economy has fueled ransomware as a service (RaaS) to become a dominant business model — enabling a wider range of criminals to deploy ransomware regardless of their technical expertise. This, in turn, has forced all of us to become cybersecurity defenders.

When Microsoft is developing threat intelligence, we don’t just rely on open forum monitoring and ransomware claims to identify emerging cybercrime trends. We also observe end-to-end events as they occur. This has allowed us to identify patterns in cybercriminal activity and turn cybercrime into a preventable disruption to business. Once businesses can address the problems and network gaps that industrialized tools rely on to succeed, they can better strengthen their cybersecurity position. Here are some of our top tips.

Understanding how RaaS works

Before you can defend against ransomware, you must first know how it operates. Ransomware is not targeted. Instead, ransomware takes advantage of existing security compromises in order to gain access to internal networks. Cybercriminals have adopted a maximum-efficiency approach when it comes to ransomware. In the same way that businesses hire gig workers to cut down on costs, cybercriminals have turned to renting or selling their ransomware tools for a portion of the profits rather than performing the attacks themselves.

This flourishing RaaS economy allows cybercriminals to purchase access to ransomware payloads and data leakage as well as payment infrastructure. What we think of as ransomware “gangs” are in reality RaaS programs like Conti or REvil, used by the many different actors who switch between RaaS programs and…

Source…