Tag Archive for: Groups

Ransomware Groups’ Data Leak Blogs Lie: Stop Trusting Them

/in


Fraud Management & Cybercrime
,
Ransomware


Mathew J. Schwartz
(euroinfosec)


March 15, 2024    

Ransomware Groups' Data Leak Blogs Lie: Stop Trusting Them
Ransomware leak sites are not reliable sources of data. (Shutterstock)

Ransomware gangs are not reliable sources of information. Groups that run data leak blogs – and not all do – use them to pressure new and future victims into paying for the promise of either a decryptor or a pledge to delete stolen data.

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

The number of victims that end up on a data leak site is inherently incomplete. Victims who pay a ransom quickly don’t get posted; criminals don’t publish these numbers. In addition, “some groups post more of their nonpaying victims than others,” and it’s often not clear why, said Brett Callow, a threat analyst at Emsisoft.

As a result, relying on data leak blogs to build a picture of attack volume can lead to wildly inaccurate results, not only about victim count but about the impact of any given attack. Unfortunately, some cybersecurity organizations, often aided and abetted by us in the media, regularly track fresh victims claimed by ransomware groups via their Tor-based data leak blogs, aka “name and shame” sites.

“Relying on shame blogs is the last thing we should do while assessing a group threat,” said Yelisey Bohuslavskiy, chief research officer at RedSense. “Blogs reflect how often extortion fails, and the victim decides to show the criminals a middle finger. Often, the fewer victims are on the blogs, the more successful the group…

Source…

Ransomware attacks targeting local healthcare groups

/in


Barbara McAneny with the New Mexico Cancer Center says they have had to change the way they work due to a string of ransomware attacks on Optum and United Health Care. “This is an important development for every health care entity in the country,” McAneny said.With Optum being one of their partners, it’s affected a number of services they provide.”Our ability to check whether or not patients are authorized by their insurance to get a prescription or treatment went away,” McAneny said.Due to the attack on Optum, the center also can’t submit claims or receive payments. Tech experts wonder how an attack like this continues to affect the health care industry.”It’s interesting given that the impact is so great that you would think that we would have turned the corner many years ago and started beefing up, you know, our cyber security programs in that space,” Deron Grzetich said.The New Mexico Cancer Center has not had its information breached — and has not been victim to this ransomware attack. But McAneny is concerned for other practices in the state and how this affects people’s ability to receive prescriptions, and if personal information is being stolen through other providers.Other groups affected by these ransomware attacks are UnitedHealth and Change Healthcare. “Anyone who’s filled a prescription or seen a physician or dentist or any health care provider is at risk to have their own personal identity stolen,” McAneny said.In the wake of this attack, she offers this to calm anyone seeking help at the cancer center.”We are going to be treating our patients as we always have,” McAneny said.She says the center is still able to fill prescriptions in-house, but can’t send orders to outside pharmacies.

ALBUQUERQUE, N.M. —

Barbara McAneny with the New Mexico Cancer Center says they have had to change the way they work due to a string of ransomware attacks on Optum and United Health Care.

“This is an important development for every health care entity in the country,” McAneny said.

With Optum being one of their partners, it’s affected a number of services they provide.

“Our ability to check whether or not patients are authorized by their insurance to get…

Source…

Spanish police say they nabbed leader of one of the world’s biggest hacking groups

/in



Arrestee linked to Kelvin Security, which over last 3 years carried out more than 300 high-level attacks around the world – Anadolu Ajansı …

Source…

Volt Typhoon and other Chinese groups accused of hacking the US and others

/in


[1/2] U.S. and Chinese flags are seen in this illustration taken, January 30, 2023. REUTERS/Dado Ruvic/Illustration

SINGAPORE, May 25 (Reuters) – Chinese hacking teams have been blamed by Western intelligence agencies and cybersecurity groups for digital intrusion campaigns across the world, targeting everything from government and military organisations to corporations and media groups

Cybersecurity firms believe many of those groups are backed by China’s government. U.S.-based Mandiant has said some Chinese hacking groups are operated by units of China’s army.

China’s authorities have consistently denied any form of state-sponsored hacking, saying China itself is a frequent target of cyberattacks. It has dubbed the U.S. National Security Agency (NSA) as “the world’s largest hacker organisation”.

Some of the biggest Chinese hacking teams identified by intelligence agencies and cybersecurity groups are:

‘VOLT TYPHOON’

Western intelligence agencies and Microsoft (MSFT.O) said on May 24 that Volt Typhoon, a group they described as state-sponsored, had been spying on a range of U.S. critical infrastructure organisations, from telecommunications to transportation hubs.

They described the attacks in 2023 as one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure.

China’s foreign ministry described the reports as part of a U.S. disinformation campaign.

‘BACKDOORDIPLOMACY’

Palo Alto Networks, a U.S. cybersecurity firm, says its research showed BackdoorDiplomacy has links to the Chinese state and is part of the APT15 hacking group.

A Reuters report in May identified BackdoorDiplomacy as being behind a widespread series of digital intrusions over several years against key Kenyan ministries and state institutions. The Chinese authorities said it was not aware of such hacking and described the accusations as baseless.

APT 41

Chinese hacking team APT 41, which is also known as Wintti, Double Dragon and Amoeba, has conducted a mix of government-backed cyber intrusions and financially motivated data breaches, according to U.S.-based cybersecurity firms FireEye and Mandiant.

The U.S secret service said the team had stolen U.S. COVID relief benefits worth tens of…

Source…