Tag: keys | Page 4

Notorious Maze Ransomware Gang Closes Up Shop And Releases Decryption Keys

February 12, 2022/in Internet Security

Over the past three years the Maze crew ensnared scores of victims with its ransomware. Now, suddenly, Maze seems to have called it quits. They’ve released master decryption keys and destroyed the bulk of the malware’s code.

Image:

getty

Curiously enough the announcement was made on the message boards at Bleeping Computer. They’re a popular and incredibly useful resource for those who are trying to recover from a ransomware infection.

The Maze announcement certainly has the potential to be helpful to the group’s victims. Having access to the master keys allows security researchers to develop decryptors that victims can use to recover their files for free.

In addition to Maze, keys for the Sekhmet and Egregor ransomware were also released. Egregor was launched by the group in September of 2020, a month before Maze operations were shut down. Sekhmet first appeared in the Spring of 2020.

However, as Christopher Boyd of Malwarebytes Labs reported, decryption tools for all three ransomware strains had already been released. Boyd notes that the inclusion of keys is more of an interesting part of the announcement than a breakthrough for those looking to get their files back.

A Question Of Timing

Last February French and Ukranian law enforcement officials made several arrests connected to Egregor. The arrests followed a period of unexpected downtime of Egregor servers, which some in underground forums believed was a sign that its infrastructure had been compromised by the authorities.

The farewell post makes sure to point out that the decision to shut down once and for all was not made because of the arrests.

The poster claims that this was a planned move and that the group has decided to “never return to this kind of activity.”

It sounds encouraging enough to hear an alleged spokesperson to say that a crew that’s responsible for scores of attacks that targeted law firms, municipalities, construction companies and pretty much any other entity with the ability to pay high-dollar ransoms.

That said, the Maze group already claimed it was riding off into the sunset once. This could turn out to be more of an “until we meet again” than a real…

Source…

Keys to securing your computer network and insurance data

January 10, 2022/in Computer Security

Always a pressing challenge, the security of your insurance business’ computer network is facing an even greater threat given the stubborn persistence of the coronavirus, according to security pros.

The reason: Hackers sending emails with malicious links are preying on your workers’ coronavirus fears by sending them official-looking emails that pretend to feature new business policies on the coronavirus.

Plus, hackers are also spoofing your workers by emailing them fake COVID-19 announcements from government agencies as well as fake updates on free government financial support during the pandemic.

Inside all those emails: Innocuous-looking malicious links that once clicked on will auto-download and activate ransomware and other malware on your insurance business’ computer system.

This onslaught of hacking has become so pitched, it triggered an executive order from U.S. President Joe Biden to all U.S. businesses: Get serious about ransomware protection.

Says Biden: The order “calls for federal agencies to work more closely with the private sector to share information, strengthen cybersecurity practices, and deploy technologies that increase reliance against cyberattacks. It outlines innovative ways the government will drive to deliver security and software using federal buying power to jumpstart the market and improve the products that all Americans use.”

The upshot: Insurance companies and brokers need to be knowledgeable about the new surge in computer network security threats and take the necessary steps to protect their systems and data.

To that end, here are the key moves cybersecurity experts say you need to ensure your insurance company’s computer network is protected from the coming storm:

*Secure employees’ remote computers: With so many more employees working from home these days, your insurance company’s IT department needs to take special care to safeguard the network connections they’re making between home and work.

A good place to start is to require employees to log into your company computer network via a Virtual Private Network VPN, according to the Kaspersky report, “How Covid-19 Changed the Way People Work”.

Essentially, a…

Source…

Twitter employees required to use security keys after 2020 hack

October 27, 2021/in Computer Security

Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year’s hack.

The company migrated all of its employees from legacy 2FA using SMS or authenticator apps to security keys in less than three months, according to Twitter’s Senior IT Product Manager Nick Fohs and Senior Security Engineer Nupur Gholap.

“Over the past year, we’ve accelerated efforts to increase the use of security keys to prevent phishing attacks,” they said.

“We’ve also implemented security keys internally across our workforce to help prevent security incidents like the one Twitter suffered last year.”

After the July 2020 hack, Twitter revealed that the attackers took control of dozens of high-profile accounts after stealing Twitter employees’ credentials following a phone spear-phishing attack on July 15, 2020.

Graham Clark, the 17-year-old who pleaded guilty to fraud charges after coordinating the hack, sold access to those accounts and, later, used verified Twitter accounts of companies, politicians, executives, and celebrities he took over to run a cryptocurrency scam.

He was arrested following a joint operation coordinated by the FBI, the IRS, and the Secret Service (court documents here).

By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts – Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.

— Twitter Support (@TwitterSupport) July 31, 2020

Security keys and 2FA on Twitter

Twitter continuously upgraded and improved the platform’s 2FA support throughout the last few years, with a clear focus on security keys as the primary 2FA method.

It first added security keys as one of several 2FA methods on the web in 2018 and included support for using them by 2FA-enabled accounts when logging into mobile apps two years later, in December 2020.

Support for security key was later upgraded to the WebAuthn standard, which delivers secure authentication over the web and makes it possible to use 2FA without a phone number.

In 2021, Twitter added support for using multiple…

Source…

SynAck ransomware group releases decryption keys as they rebrand to El_Cometa

August 13, 2021/in Internet Security

The SynAck ransomware gang has released decryption keys for victims that were infected between July 2017 and 2021, according to data obtained by The Record.

SynAck is in the process of rebranding itself as the El_Cometa ransomware gang and a member of the old group gave the keys to The Record.

Emsisoft’s Michael Gillespie confirmed the veracity of the decryption keys and said they are working on their own decryption utility that they believe will be “safer and easier to use” because there are concerns that SynAck victims may damage their files further using the provided keys.

Ransomware expert Allan Liska told ZDNet that the SynAck ransomware group started right before Ransomware-as-a-service began to take off in 2018.

“So they never outsourced their ransomware activities. While they continued attacks, there weren’t nearly as many as groups like Conti or REvil were able to conduct, so they got lost in the shuffle,” Liska said. “They also didn’t hit any really big targets.”

A Kaspersky Lab report in 2018 said SynAck differentiated itself in 2017 by not using a payment portal and instead demanding victims arrange payment in Bitcoin through email or BitMessage ID.

They generally demanded ransoms around $3,000 and gained notoriety for using the Doppelgänging technique, which targets the Microsoft Windows operating system and is designed to circumvent traditional security software and antivirus solutions by exploiting how they interact with memory processes.

There is little data on victims of the ransomware group but Kaspersky Lab researchers said they observed attacks by the gang in the US, Kuwait, Germany and Iran.

“The ability of the Process Doppelgänging technique to sneak malware past the latest security measures represents a significant threat; one that has, not surprisingly, quickly been seized upon by attackers,” said Anton Ivanov, lead malware analyst at Kaspersky Lab.

“Our research shows how the relatively low profile, targeted ransomware SynAck used the technique to upgrade its stealth and infection capability. Fortunately, the…

Source…

Tag Archive for: keys

A Question Of Timing

Security keys and 2FA on Twitter