Tag Archive for: Gangs

Tattletale Ransomware Gangs Threaten to Reveal GDPR Breaches

/in


Fraud Management & Cybercrime
,
Ransomware

Repeat Shakedown Tactic: Victims Told to Pay Up or Else They’ll Pay Massive Fines

Mathew J. Schwartz
(euroinfosec)


September 7, 2023    

Tattletale Ransomware Gangs Threaten to Reveal GDPR Breaches
Image: Shutterstock

Money is a great inducement to innovation. That includes – maybe especially so – ransomware groups whose attempts to squeeze dollars from data lead to no end of novel technical and business techniques.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

Enter Ransomed, a group that only launched Aug. 15 but which has already made a name for itself by extorting victims with this threat: Pay us a ransom to stay quiet, or we’ll rat you out to your friendly neighborhood European privacy regulator. As a sweetener, the group tells victims that their ransom demand is only a fraction of the fines they’d pay for violating the EU’s General Data Protection Regulation for the data breach.


The group claims it targets large organization, demanding ransoms of between $53,000 to $215,000, which is far below what it says their GDPR penalty is likely to be, threat intelligence firm Flashpoint reported.


Whether or not any victims have chosen to take GDPR compliance or other legal advice from these stress-inducers remains unclear.


The same goes for victims of groups that have previously named-dropped GDPR in their ransom notes. Since 2022, that’s included post-Conti spinoff Alphv/BlackСat, joined this year by newcomers NoEscape and the Cloak extortion group, which has been tied to Good Day ransomware, reported threat intelligence firm Kela.


Like most ransomware groups, Alphv…

Source…

International Ransomware Gangs Are Evolving Their Techniques. The Next Generation Of Hackers Will Target Weaknesses In Cryptocurrencies

/in


(MENAFN– The Conversation) In May 2023, the Dallas City Government was hugely disrupted by a ransomware attack. Ransomware attacks are so-called because the hackers behind them encrypt vital data and demand a ransom in order to get the information decrypted.

The attack in Dallas put a halt to hearings, trials and jury duty, and the eventual closure of the Dallas Municipal Court Building. It also had an indirect effect on wider police activities, with stretched resources affecting the ability to deliver, for example, summer youth programmes . The criminals threatened to publish sensitive data, including personal information, court cases, prisoner identities and government documents.

One might imagine an attack on a city government and police force causing widespread and lengthy disruption would be headline news. But ransomware attacks are now so common and routine that most pass with barely a ripple of attention. One notable exception happened in May and June 2023 when hackers exploited a vulnerability in the Moveit file transfer app which led to data theft from hundreds of organisations around the world. That attack grabbed headlines, perhaps because of the high profile victims, reported to include British Airways, the BBC and the chemist chain Boots.

According to one recent survey , ransomware payments have nearly doubled to US$1.5 million (£1.2 million) over the past year, with the highest-earning organisations the most likely to pay attackers. Sophos, a British cybersecurity firm, found that the average ransomware payment rose from US$812,000 the previyear. The average payment by UK organisations in 2023 was even higher than the global average, at US$2.1 million.

Meanwhile, in 2022 The National Cyber Security Centre (NCSC) issued new guidance urging organisations to bolster their defences amid fears of more state-sponsored cyber attacks linked to the conflict in Ukraine. It follows a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies.

This article is part of Conversation Insights
The Insights team generates long-form journalism derived from interdisciplinary research. The team is working with academics from different…

Source…

Yamaha confirms cyberattack after multiple ransomware gangs claim attacks

/in


Yamaha’s Canadian music division confirmed that it recently dealt with a cyberattack after two different ransomware groups claimed to have attacked the company.

The Yamaha Corporation — different from the spun-off motorcycle division — is a Japanese manufacturing giant producing musical instruments and audio equipment. It is considered the world’s largest producer of musical equipment.

In a statement last Thursday, Yamaha Canada Music said it “recently encountered a cyberattack that led to unauthorized access and data theft.”

“In response, we swiftly implemented measures to contain the attack and collaborated with external specialists and our IT team to prevent significant damage or malware infiltration into our network,” the company said.

“Yamaha Canada has been notifying affected individuals, and we are offering credit monitoring services to those at risk of potential harm. Additionally, we have taken decisive actions to reinforce our network defenses and ensure enhanced security measures moving forward.”

The company added that its primary focus right now is to “mitigate any adverse consequences stemming from this criminal act.”

Representatives did not respond to requests for comment about whether the incident involved ransomware but the company is the latest example of a growing cybersecurity trend drawing alarm among experts.

On June 14, the company was posted on the Black Byte ransomware gang’s list of victims, according to cybersecurity expert Dominic Alvieri. But on Friday, Yamaha appeared on the leak site of the Akira ransomware group.

Alvieri said it is becoming increasingly common for victim organizations to be posted by two different ransomware groups. He noted that at least one organization this year was posted by three different groups.

“It is a major trend this year,” he said. “There is way more double posting going on.”

There have been several high-profile double postings this year, including the city of Oakland, which appeared on the leak sites of the Play and LockBit ransomware gangs.

Seasoned ransomware experts did not have a clear answer on why victims are showing up on multiple leak sites, floating several theories that may be…

Source…

Kids’ intimate files — including suicide attempts — are being put online after ransomware gangs hack schools: report

/in


The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic.

They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis.

Other victims talked about wetting the bed or crying themselves to sleep.

Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom.

Other exposed data included medical records, discrimination complaints, Social Security numbers and contact information of district employees.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. “In this case, everybody has a key,” said cybersecurity expert Ian Coldwater, whose son attends a Minneapolis high school.

Often strapped for cash, districts are grossly ill-equipped not just to defend themselves but to respond diligently and transparently when attacked, especially as they struggle to help kids catch up from the pandemic and grapple with shrinking budgets.

Months after the Minneapolis attack, administrators have not delivered on their promise to inform individual victims.


Ransomware gangs dumped 300,000 files, including medical record and Social Security numbers, from Minneapolis Public Schools.
Ransomware gangs dumped 300,000 files, including medical record and Social Security numbers, from Minneapolis Public Schools.
AP

Unlike for hospitals, no federal law exists to require this notification from schools.

The Associated Press reached families of six students whose sexual assault case files were exposed.

The message from a reporter was the first time anyone had alerted them.

“Truth is, they didn’t notify us about anything,” said a mother whose son’s case file has 80 documents.

Even when schools catch a ransomware attack in progress, the data are typically already gone.

That was what Los…

Source…