Tag Archive for: Groups

Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase

/in


Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant. 

Vice Society, one of the newer ransomware groups, debuted in June and made a name for themselves by attacking multiple hospitals and leaking patient info. Cybersecurity researchers at Cisco Talos said Vice Society is known to be “quick to exploit new security vulnerabilities to help ransomware attacks” and frequently exploits Windows PrintNightmare vulnerabilities during attacks. 

“As with other threat actors operating in the big-game hunting space, Vice Society operates a data leak site, which they use to publish data exfiltrated from victims who do not choose to pay their extortion demands,” Cisco Talos explained last month. 

Cybersecurity firm Dark Owl added that Vice Society is “assessed to be a possible spin-off of the Hello Kitty ransomware variant based on similarities in the techniques used for Linux system encryption.” They were implicated in a ransomware attack on the Swiss city of Rolle in August, according to Black Fog. 

image4.png

The Vice Society leak site. 


Cisco Talos

Multiple hospitals — Eskenazi Health, Waikato DHB and Centre Hospitalier D’Arles — have been featured on the criminal group’s leak site and the group made waves this week by posting the data of Barlow Respiratory Hospital in California.

The hospital was attacked on August 27 but managed to avoid the worst, noting in a statement that “no patients were at risk of harm” and “hospital operations continued without interruption.”

Barlow Respiratory Hospital told ZDNet that law enforcement was immediately notified once the hospital noticed the ransomware impacting some of its IT systems. 

“Though we have taken extensive efforts to protect the privacy of our information, we learned that some data was removed from certain backup systems without…

Source…

7 Emerging Ransomware Groups Practicing Double Extortion

/in


Cybercrime as-a-service
,
Fraud Management & Cybercrime
,
Malware as-a-Service

Fresh Ransomware-as-a-Service Operations Seek Affiliates for Extorting New Victims

Mathew J. Schwartz (euroinfosec) •
August 26, 2021    

7 Emerging Ransomware Groups Practicing Double Extortion
Extracts from ransomware operators’ ransom notes and data-leak sites

After a string of high-profile hits in the middle of this year, a number of the largest and most notorious ransomware operations disappeared.

See Also: Top 50 Security Threats


Beginning in May, ransomware attacks by Russian-language groups Conti against Ireland’s health service, DarkSide against U.S.-based Colonial Pipeline, and REvil against meat processing giant JBS and remote management software firm Kaseya led the Biden administration to try to better disrupt the ransomware business model. The White House has put Russia on notice that if it won’t disrupt ransomware-wielding criminals operating from inside its borders, then the U.S. reserves the right to do so.


In short order, DarkSide and REvil disappeared, as did Avaddon, with experts saying they appeared to be running scared. All were ransomware-as-a-service operations, in which operators develop crypto-locking ransomware and provide it to affiliates – essentially, self-employed contractors – who infect victims. Whenever a victim pays, the affiliate and operator share a prearranged split of the payoff.


Or at least that is what happens in theory. Security firm Recorded Future’s new site, The Record, recently reported that a disgruntled Conti affiliate leaked manuals and technical…

Source…

How Chinese Hacking Groups Target Russia

/in


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Next-Generation Technologies & Secure Development

Reports From Group IB, Positive Technologies Offer Details

Rashmi Ramesh •
August 10, 2021    

How Chinese Hacking Groups Target Russia

Researchers at Group-IB say Chinese threat actors apparently were responsible for an attack on Russian federal executive authorities in 2020.

See Also: Live Panel | How Organizations Should Think About Zero Trust

Meanwhile, Positive Technologies reports that Chinese hacking group APT31 is now using a new dropper to infect Russian systems with malware.

Group-IB’s Findings

Researchers at Group-IB say the perpetrators in an attack on Russian authorities last year appear to be either Chinese state-sponsored hacker groups TA428 and TaskMasters or a united Chinese hacker group made up of different units.

TA428, operational since 2013, targets government agencies in East Asia that control information technology, domestic and foreign policy and economic development, Group-IB says. TaskMasters, active at least since 2010, attacks industrial and energy enterprises, government agencies and transport companies primarily based in Russia and the Commonwealth of Independent States – former Soviet states.

The exact version of the malware used in the 2020 attacks in Russia, called Webdav-O x64 Trojan, has been active since at least 2018, Group-IB says. Webdav-O malware has a set of commands similar to Trojan BlueTraveller, aka RemShell, which was previously linked to China’s TaskMasters.

SentinelOne in June reported Mail-O malware was being used to attack Russian authorities. Mail-O has been linked to…

Source…

Israel Raids Pegasus Maker NSO Group’s Offices, Company Claims It Was Only A ‘Visit’

/in


Israeli authorities have inspected the offices of Pegasus maker NSO group’s offices as part of its investigations into the reports of spyware abuses by the company in different countries including India.

The company has claimed in a statement that it was only a ‘visit’ rather than a ‘raid’.

The Guardian reported that officials from the Israeli Defence Ministry visited the company’s offices near Tel Aviv on Wednesday. The NSO said it had been informed in advance about the inspection. “The company is working in full transparency with the Israeli authorities,” it said.

At the same time Defence Minister Benny Gantz arrived in Paris for a pre-arranged visit, in which he discussed the Pegasus revelations with his French counterpart, Florence Parly. Gantz told French Defence Minister, Florence Parly, on Wednesday that Israel is investigating the matter “with the utmost seriousness”.

The Defence Ministry said in a tweet that the visit conducted by several state bodies was related to reports by a consortium of 17 media outlets that revealed Pegasus spyware sold by NSO targeted human rights activists, journalists and lawyers across the world.

In India, over 500 individuals and groups have written to Chief Justice of India (CJI) N V Ramana seeking immediate intervention of the Supreme Court in the alleged Pegasus snooping matter and declare a “moratorium on the export, sale, transfer and use of Pegasus” spyware in the country.

The letter urged the top court to direct the Centre and the Israeli firm NSO to provide a time-bound answers to the several questions regarding the state-sponsored cyber-warfare that has been waged against Indian citizens, given the revelations of the Pegasus Project, an international collaborative investigation being conducted by several international media and research organisations.

Accusing the BJP dispensation of being responsible for the logjam in Parliament, the Congress on Thursday said the government was “avoiding” discussion on the Pegasus snooping issue in both the Houses as it has “much to hide”.

It also accused the BJP MPs of “collectively insulting” Parliament by their behaviour in the meeting of the Standing…

Source…