Tag: Law” | Page 3

LockBit ransomware gang disrupted by international law enforcement operation

February 19, 2024/in Internet Security

LockBit — the most prolific ransomware group in the world — had its website seized Monday as part of an international law enforcement operation that involved the U.K.’s National Crime Agency, the FBI, Europol and several international police agencies.

“This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” a seizure notice on the group’s website said. “We can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action — this is an ongoing and developing operation.”

The group has far outpaced other ransomware gangs since it emerged in late 2019, with researchers at Recorded Future attributing nearly 2,300 attacks to the group. Conti — the second most active group — has only been publicly linked to 883 attacks.

2024_0209 - Ransomware Tracker - Most Prolific Groups.jpg

But LockBit has also gained a reputation for the damage it has caused and the organizations it has targeted. Although the group previously claimed to have rules prohibiting attacks on hospitals, it hit Canada’s largest children’s hospital during the 2022 Christmas season, as well as multiple healthcare facilities in the U.S. and abroad. Last month, the group said it was behind a November attack on a hospital system that forced multiple facilities in Pennsylvania and New Jersey to cancel appointments.

“In a highly competitive and cutthroat marketplace, LockBit rose to become the most prolific and dominant ransomware operator,” said Don Smith, vice president of threat research at Secureworks CTU. “It approached ransomware as a global business opportunity and aligned its operations, accordingly, scaling through affiliates at a rate that simply dwarfed other operations.”

The takedown is just the latest in a series of law enforcement actions targeting ransomware gangs — late last year, the FBI and other agencies took down sites and infrastructure belonging to Qakbot, Rangar Locker and other groups.

“This has been a year of action for the Justice Department in our efforts to pivot to a strategy of disruption,” Deputy Attorney General Lisa Monaco said Friday at…

Source…

Sri Lanka’s controversial internet safety law comes into force

February 1, 2024/in Internet Security

1 February 2024

Image caption,

The controversial Online Safety Act has sparked protests among activists in Sri Lanka

Sri Lanka’s draconian law to regulate online content has come into force, in a move rights groups say is aimed at stifling freedom of speech.

The Online Safety Act gives a government commission broad powers to assess and remove “prohibited” content.

Authorities said it would help fight cybercrime, but critics say it suppresses dissent ahead of elections.

Social media had a key role in protests during an economic crisis in 2022, which ousted the then president.

The act was passed on 24 January by 108-62 votes – sparking protests outside parliament – and came into effect on Thursday after the Speaker endorsed it.

The wide-ranging law prohibit “false statements about incidents in Sri Lanka”, statements with “an express intention of hurting religious feelings” and the misuse of bots, among other things.

A five-member commission appointed by the president will be given powers to assess these statements, to direct their removal, and to impose penalties on the people who made those statements.

The legislation will also make social media platforms liable for messages on their platforms.

Publicity Security Minister Tiran Alles, who introduced the draft legislation in parliament, said it was necessary to tackle offences associated with online fraud and statements that threaten national stability.

More than 8,000 complaints related to cybercrimes were filed last year, he noted.

A Sri Lankan pro-democracy group said on Thursday that the government’s “adamant pursuit” of the legislation was a “clear indication of its intention to silent dissent and suppress civic activism” as the country was still reeling from the consequences of its worst economic crisis.

Food prices and inflation have reached record levels since the country declared bankruptcy in April 2022 with more than $83bn in debt. Then president Gotabaya Rajapaksa was forced to step down and leave the country after thousands of anti-government protesters stormed into his residence.

“While the citizens silently suffer amidst escalating cost of living and unmanageable hunger, it is crucial for the rulers to recognise that this…

Source…

Feds disrupt major ransomware group targeting schools, law firms, hospitals

December 24, 2023/in Internet Security

The U.S. Department of Justice has disrupted a major ransomware group — and enabled some people to restore their systems — with South Florida playing a central role in the cybercrime investigation, authorities said.

The FBI this month seized several websites operated by the Blackcat ransomware group, launched a disruption campaign, and “gained visibility” into the group’s computer network, according to an affidavit supporting a search warrant unsealed Tuesday in the Southern District of Florida.

The FBI developed a decryption tool that allowed its field offices nationwide and international law enforcement partners to offer more than 500 affected victims the capability to restore their computer systems, the Justice Department said. To date, the FBI has saved victims from ransom demands totaling approximately $68 million.

“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” said Deputy Attorney General Lisa Monaco in a statement Tuesday.

The FBI Miami Field Office is leading the investigation and the case involves federal prosecutors in Miami.

The Blackcat ransomware group is also known as ALPHV or Noberus. Ransomware is malicious software that denies individuals access to computer systems until one pays a ransom. Typically, cybercriminals encrypt an individual’s computer and then demand a ransom before decrypting it. Payment is usually requested in cryptocurrency and to addresses controlled by the criminals.

“With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online,” she noted. “We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

A message from a ransomware attack. The FBI disrupted a major ransomware group — Blackcat — with South Florida playing a central role in the cybercrime investigation, authorities said.

Over the past 18 months, ALPHV/Blackcat has become the second most prolific ransomware in the world based on the hundreds of millions of dollars in ransom paid by victims, the…

Source…

BlackCat ransomware site down amidst rumours of law enforcement action

December 12, 2023/in Internet Security

The ALPHV data leak site, along with the Tor negotiation URLs shared with victims in ransom notes, went offline on 7th December and have yet to be restored.

Security researchers, including Yelisey Bohuslavkiy, chief research officer at RedSense, have hinted at a possible law enforcement operation targeting the group.

Bohuslavkiy said admins of other top-tier ransomware groups directly linked to ALPHV, including Royal/BlackSuit, BlackBasta and LockBit, confirmed law enforcement involvement in the takedown.

1/3: RedSense Chief Research Officer Yelisey Bohuslavkiy @Migdal_Eli confirms that the threat actors, including #BlackCat‘s affiliates and initial access brokers, are convinced that the shutdown was caused by a law enforcement action.

— RedSense (@RedSenseIntel) December 10, 2023

Despite these rumours, BlackCat’s leadership maintains that “everything will work soon.”

When contacted by BleepingComputer, the ALPHV admin mentioned server repairs, but provided no further details.

ReliaQuest, a security operations centre company, notes that BlackCat’s site has a history of intermittent connectivity issues, although the current outage is among the longest faced by the group.

Notably, no law enforcement agency has officially released information about an operation specifically targeting BlackCat.

ALPHV had previously dismissed the possibility of a takedown effort like the one that targeted the Hive ransomware group in January 2023.

Analysts at ReliaQuest speculate that this disruption could prompt hackers associated with BlackCat to seek new affiliations, or even establish their own ransomware gangs.

“The removal of this group from the ransomware landscape will undoubtedly leave a void, with its operators and affiliates likely moving to other ransomware groups or forming new groups,” said Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest.

The company noted that similar law enforcement actions in the past have resulted in the dispersal of affiliates into new programmes, bringing valuable experience from previous operations.

Who is BlackCat?

BlackCat first appeared in in late 2021 as a ransomware-as-a-service enterprise, offering lucrative payouts of up to 90% of…

Source…

Tag Archive for: Law”

Who is BlackCat?