Tag Archive for: hospitals

Trickbot malware scumbag gets five years for infecting hospitals, businesses • The Register

/in


A former Trickbot developer has been sent down for five years and four months for his role in infecting American hospitals and businesses with ransomware and other malware, costing victims tens of millions of dollars in losses.

Vladimir Dunaev, of Amur Oblast in Russia, was sentenced in the US yesterday after pleading guilty on November 30 to two counts: conspiracy to commit computer fraud, and conspiracy to commit wire fraud.

Between June 2016 and June 2021, Dunaev worked as a developer for the criminal gang, providing “specialized services and technical abilities,” according to his plea agreement [PDF].

These special skills included recruiting other coders, buying and managing servers used to deploy and operate the Windows nasty Trickbot, encrypting the malware to avoid detection by security software, spamming and phishing potential victims, and then laundering stolen funds. He also added support for stealing information out of victims’ browsers, such as their online account credentials.

“For instance, Dunaev developed browser modifications for several widely used open-source browsers, such as FireFox and Chrome, using open-source codebases for each browser called FireFox Nightly and Chromium,” the court documents say. “These modifications facilitated and enhanced the remote access obtained by Trickbot by allowing actors to steal passwords, credentials, and other stored information.”

Dunaev also confessed to writing code used to steal secrets from infected computers. Between October 2018 and February 2021 alone, the crew defrauded victims out of more than $3.4 million, the court documents claim.  

According to the UK National Crime Agency, the gang has extorted at least $180 million (£145 million) from people and organizations worldwide.

In 2021, Dunaev was extradited to America from South Korea. The original indictment charged Dunaev and six others for their alleged roles in developing, deploying, managing and profiting from Trickbot.

In June, one of the six suspects — Trickbot malware admin Alla Witte — pleaded guilty to conspiracy to commit computer fraud and was sentenced to two years and eight months in prison.

Trickbot, which started as a banking…

Source…

Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals

/in


Losing important work documents or albums with photographs of your family because you have unsuspectingly clicked on a malicious e-mail attachment can be very damaging and stressful. Now imagine that you have lost not only your data but also the very sensitive data of thousands of other people.

This is a threat that hospitals around the world are facing each day, with some of them ultimately falling victim.



Cybercriminals employing ransomware as part of their hacking campaigns are extorting users, demanding a hefty ransom in the form of cryptocurrency. They promise to give you a decryption key to recover your data, but you can never be certain whether the criminal will keep this promise. While some user may get lucky, others will not only lose their data but also their money.

Experts usually recommend not paying the ransom, as this also encourages the hackers to continue targeting more potential victims. The decryption keys for some ransomware variants are later made public, for example, thanks to authorities and their investigation. So even if you don’t pay the ransom, your chances of getting the data back are not completely over.

But in the case of hospitals or businesses, making the right decision can be much more difficult. Especially when the ransom is much higher and on top of that, the hackers are trying to improve their odds by other malicious activities.

Some hackers are threatening the hospitals with swatting, as The Register reports. A specific example is Seattle’s Fred Hutchinson Cancer Center which was hacked in November. The hospital confirmed for The Register that it “was aware of cyber criminals issuing swatting threats”, and that FBI and local police started an investigation.

Swatting is the tactic of contacting police with a false report, ultimately triggering a SWAT team to come to the targeted location, for example, the house of an innocent victim.

In a different case at Oklahoma’s Integris Health, the patients were targeted and threatened with having their data sold on the dark web.

These are just some of the extreme…

Source…

Feds disrupt major ransomware group targeting schools, law firms, hospitals

/in


The U.S. Department of Justice has disrupted a major ransomware group — and enabled some people to restore their systems — with South Florida playing a central role in the cybercrime investigation, authorities said.

The FBI this month seized several websites operated by the Blackcat ransomware group, launched a disruption campaign, and “gained visibility” into the group’s computer network, according to an affidavit supporting a search warrant unsealed Tuesday in the Southern District of Florida.

The FBI developed a decryption tool that allowed its field offices nationwide and international law enforcement partners to offer more than 500 affected victims the capability to restore their computer systems, the Justice Department said. To date, the FBI has saved victims from ransom demands totaling approximately $68 million.

“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” said Deputy Attorney General Lisa Monaco in a statement Tuesday.

The FBI Miami Field Office is leading the investigation and the case involves federal prosecutors in Miami.

The Blackcat ransomware group is also known as ALPHV or Noberus. Ransomware is malicious software that denies individuals access to computer systems until one pays a ransom. Typically, cybercriminals encrypt an individual’s computer and then demand a ransom before decrypting it. Payment is usually requested in cryptocurrency and to addresses controlled by the criminals.

“With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online,” she noted. “We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

A message from a ransomware attack. The FBI disrupted a major ransomware group — Blackcat — with South Florida playing a central role in the cybercrime investigation, authorities said.A message from a ransomware attack. The FBI disrupted a major ransomware group — Blackcat — with South Florida playing a central role in the cybercrime investigation, authorities said.

A message from a ransomware attack. The FBI disrupted a major ransomware group — Blackcat — with South Florida playing a central role in the cybercrime investigation, authorities said.

Over the past 18 months, ALPHV/Blackcat has become the second most prolific ransomware in the world based on the hundreds of millions of dollars in ransom paid by victims, the…

Source…

Cyber Security Executive Confesses To Hacking Hospitals

/in


Vikas Singla, an ex-COO of the US cybersecurity firm Securolytics has confessed to hacking two US hospitals with the intention to generate business for the company he was working for. In Court, Singla admitted responsibility for attacking the hospitals in Atlanta, part of the Gwinnett Medical Center.

Singla’s actions disrupted the hospital’s printers, phone systems and a digitizer (a device that allows input of handwritten notes into a computer) which resulted in financial losses exceeding $800,000 for Gwinnett Medical Center.

According to Cybernews, as part of the incident that occurred in September 2018, Singla disabled several hundred ASCOM phones used by the hospital staff, severely affecting the hospital’s work. That same day, he extracted several hundred patient names, dates of birth, and other data that was attached to a mammography machine. He later hijacked 200 printers in both hospitals and started printing the patient names that he stole, followed by a message reading “WE OWN YOU”.

He subsequently attempted to generate publicity about the attack, including the bpublication of information obtained without authorisation from the digitizer, with the aim to generate business for his company.

Singla set up a Twitter account several days later to post dozens of messages claiming that Gwinnett Medical Center was hacked and exposed stolen patient details to prove his point.  When the attack was complete, Securolytics emailed potential clients using the Gwinnett Medical Center hack as an example of inadequate security measures.

According to reports, prosecutors will recommend a sentence of 5 years probation, although the Judge can impose a maximum term of imprisonment of 10 years at a sentencing hearing scheduled in February next year.

Cybernews:    Washington Post:    New York Times:    I-HLS:     Bleeping Computer:    Lemmy:

Image: ckstockphoto

You Might Also Read: 

US Hospitals Knocked Offline For Weeks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access,…

Source…