Tag Archive for: files

Ransomware Group Leaks Over 1.3 Million Files In Insomniac Hack

/in


A week after ransomware group Rhysida published that it had successfully hacked into Insomniac Games and taken information, the group has published over 1.3 million files online for anyone to grab.

The full leak took place on Monday night after the group said that no buyer was willing to pay the $2 million asking price. In total, the data came in at nearly 1.7 terabytes in size.

As far as information leaked in the Insomniac hack, it ranged from game release dates and spoilers for the upcoming Wolverine game to sensitive employee information. According to Cyber Daily, that sensitive information includes internal employee HR documents, tax information, internal company messages, computer information, termination forms, and even passport details.

Also included in the data leak are contracts signed between Sony and Marvel regarding the development and publishing of X-Men games, starting with the aforementioned Wolverine title. The document was signed by both Sony’s Jim Ryan and Marvel’s Isaac Perlmutter, and went into effect as of July 2021.

In a message given to Cyber Daily, the organization said it had intentionally targetted the company, and said that it “knew developers making games like this were an easy target”. They added that it didn’t take much effort to get into the studio’s network for the data.

Insider Gaming has reached out to both Sony and Insomniac Games for comment on the leaks. As of writing, neither party has responded.

Source…

In What Could Be a Trend, Ransomware Operation Files SEC Complaint Against Victim for Failing to Timely Disclose Cyberattack

/in


Ransomware operation AlphV/BlackCat has filed a U.S. Securities and Exchange complaint against one of its alleged victims, MeridianLink, for allegedly failing to comply with the four-day rule to disclose a cyberattack.

AlphV/BlackCat listed the software company on its data leak with a threat that it would leak allegedly stolen data unless a ransom is paid within 24 hours. MeridianLink provides digital solutions for financial organizations such as banks, credit unions and mortgage lenders.

Source…

Ransomware gang files SEC complaint against company that refused to negotiate

/in


The BlackCat ransomware gang has begun abusing upcoming US Securities and Exchange Commission (SEC) cyber incident reporting rules to put pressure on organizations that refuse to negotiate ransom payments. The attackers filed an SEC complaint against one victim already, in a move that’s likely to become a common practice once the new regulations go into effect in mid-December.

On Wednesday, cybercriminals behind the BlackCat ransomware, also known as ALPHV, listed MeridianLink, a provider of digital lending solutions to financial institutions, on its data leak website that’s used to publicly name and shame companies the group allegedly compromised. Most ransomware gangs have adopted this double extortion tactic in recent years to force the hand of uncooperating victims by threatening to sell or release data the attackers managed to steal.

In fact, some cybercriminal groups don’t even bother deploying file encrypting malware sometimes and go straight to data leak blackmail. This seems to have been the case with BlackCat and MeridianLink, according to DataBreaches.net who reported speaking with the attackers. The breach reportedly happened on November 7 and only involved data exfiltration.

After an initial contact by someone representing the company, communications went silent, the attackers said. As a result, on November 15 the group listed the organization on their data leak blog but took it one step further: It filed a complaint with the SEC for failure to disclose what the group calls “a significant breach compromising customer data and operational information” using Form 8-K, under Item 1.05.

New SEC rules require reporting of material breaches

The new SEC cybersecurity reporting rules that will go in effect on December 15 require US-listed companies to disclose cybersecurity incidents that impact the company’s financial condition and its operations within four business days after determining such an incident occurred and had a material impact. “Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” SEC Chair Gary Gensler said back in July when the Commission…

Source…

Backblaze warns of AI-assisted cyber threats – Blocks and Files

/in


Humans are often the weakest link in a corporate network and the entry point for ransomware attackers, a factoid that underscores the necessity for persistent vigilance against this growing cyber threat.

A stark reminder of this was today presented by cloud storage provider Backblaze in its 2023 Complete Guide to Ransomware report. The latest edition of this annual report states:

“This year’s most important update has been the rise of generative AI for increasingly sophisticated, automated phishing attempts… Text generated by models like ChatGPT help cybercriminals create very personalized messages that are more likely to have the desired effect of getting a target to click a malicious link or download a malicious payload.”

A ransomware-infected PC

Traditionally, phishing messages were relatively easy to identify, often featuring spelling errors, grammatical mistakes, and awkwardly constructed sentences. With the aid of software like ChatGPT, however, “criminals can enter a prompt to quickly receive error-free, well-written, and convincing copy that can be immediately used to target victims.”

The report provides a comprehensive review of ransomware’s prevalence, attack vectors, the sequence of events during an attack, and the necessary steps for responding to an attack. It stops short of suggesting foolproof methods to prevent attacks from breaching IT infrastructure, as no solution that is 100 percent reliable exists.

The best measures involve proactive steps: ensuring robust IT user education and having an efficient recovery system in place to restore encrypted files from uncorrupted backups. If sensitive data has been exfiltrated, however, the options are limited.

Ransomware diagram
B&F diagram

Malware attack vectors can be either human or machine-mediated, each designed to deliver malware into IT systems, encrypting files or copying them for transmission to attacker HQ. Victims someimes pay a ransom, often in cryptocurrency, to decrypt their files or prevent widespread distribution.

The caveat, of course, is that dealing with cybercriminals doesn’t guarantee a successful outcome even after paying a ransom. Backblaze’s report warns: “Paying the ransom only…

Source…