Tag Archive for: Law”

BlackCat ransomware site down amidst rumours of law enforcement action

/in


The ALPHV data leak site, along with the Tor negotiation URLs shared with victims in ransom notes, went offline on 7th December and have yet to be restored.

Security researchers, including Yelisey Bohuslavkiy, chief research officer at RedSense, have hinted at a possible law enforcement operation targeting the group.

Bohuslavkiy said admins of other top-tier ransomware groups directly linked to ALPHV, including Royal/BlackSuit, BlackBasta and LockBit, confirmed law enforcement involvement in the takedown.

Despite these rumours, BlackCat’s leadership maintains that “everything will work soon.”

When contacted by BleepingComputer, the ALPHV admin mentioned server repairs, but provided no further details.

ReliaQuest, a security operations centre company, notes that BlackCat’s site has a history of intermittent connectivity issues, although the current outage is among the longest faced by the group.

Notably, no law enforcement agency has officially released information about an operation specifically targeting BlackCat.

ALPHV had previously dismissed the possibility of a takedown effort like the one that targeted the Hive ransomware group in January 2023.

Analysts at ReliaQuest speculate that this disruption could prompt hackers associated with BlackCat to seek new affiliations, or even establish their own ransomware gangs.

“The removal of this group from the ransomware landscape will undoubtedly leave a void, with its operators and affiliates likely moving to other ransomware groups or forming new groups,” said Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest.

The company noted that similar law enforcement actions in the past have resulted in the dispersal of affiliates into new programmes, bringing valuable experience from previous operations.

Who is BlackCat?

BlackCat first appeared in in late 2021 as a ransomware-as-a-service enterprise, offering lucrative payouts of up to 90% of…

Source…

Acrison Suit Against Law Firm in Alleged Hacking Scheme Revived

/in


A Third Circuit panel revived Acrison Inc.’s civil lawsuit against a law firm and a consumer computer services company over an alleged 2020 hacking scheme, saying the lower court erred in finding the claims time-barred.

The decision filed Friday in the US Court of Appeals for the Third Circuit reverses a New Jersey district court decision granting the dismissal of the federal and state claims against Brach Eichler LLP and Xcellence Inc. on the basis of lapsed statute of limitations, remanding it for further proceedings.

Chief Judge Michael Chagares’ opinion said the lower court “did not apply the legal standard …

Source…

EU Commission pitches double reporting of open security loopholes in cybersecurity law – EURACTIV.com

/in


The question of who should receive extremely sensitive cyber threat intelligence has been a sticking point in the negotiations on the Cyber Resilience Act. The Commission proposed a middle ground that would double the receivers.

The Cyber Resilience Act is a legislative proposal introducing security requirements for connected devices. The file is being finalised in ‘trilogues’ between the EU Commission, Council and Parliament.

Among the obligations of product manufacturers, there is one to report not only cybersecurity incidents, as has been the case in previous legislation, but also actively exploited vulnerabilities.

If a vulnerability is being actively exploited, it means there is an entry point for hackers that has not been patched yet. As a result, this type of information is highly dangerous if it falls into the wrong hands, and who should handle this task is a politically sensitive question.

In the original Commission text, ENISA, the EU cybersecurity agency, was assigned this complex work – an approach that found support in the Parliament. By contrast, European governments want to move this task to the national Computer Security Incident Response Teams (CSIRTs).

Following the last trilogue on 8 November, Euractiv reported how a possible landing zone could be envisaged by accepting the role of the CSIRTs but with a stronger involvement of ENISA and that the EU executive proposed that both bodies could receive the reporting simultaneously.

In an undated compromise text circulated after the trilogue, seen by Euractiv, the Commission put its idea in black-and-white.

“The manufacturers shall notify any actively exploited vulnerability contained in the product with digital elements that they become aware of to [the CSIRTs designated as coordinators pursuant to Article 12(1) of Directive (EU) 2022/2555 and ENISA],” reads the text.

National CSIRTs would, therefore, be in the driving seat of the reporting process, for instance, to request the manufacturer provide an intermediate report. The notifications would be submitted via a pan-European platform to the end-point of the CSIRT of the country where the company has its main establishment.

“A manufacturer shall…

Source…

Ragnar Locker site disrupted in international law enforcement crackdown

/in


CyberScoop reports that the Ragnar Locker ransomware group, also known as Viking Spider, had its data leak site seized by the FBI and 15 other law enforcement agencies around the world as part of an international crackdown against ransomware infrastructure.

No further information regarding the extent of the takedown operations against the ransomware gang was provided but Ragnar Locker, which emerged in 2019, was noted by CrowdStrike Senior Vice President of Counter Adversary Operations Adam Meyers to be among the first ransomware groups that targeted corporations and other major entities to obtain significant payouts.

Ragnar Locker had 100 organizations across 27 industries listed on its data leak site prior to the disruption, Meyers said.

Such dismantling of Ragnar Locker’s leak site comes after sanctions against TrickBot members and the disruption of the Hive ransomware operation, as well as the thwarting of Russia’s CyclopsBlink botnet and Chinese attacks against Microsoft Exchange servers.

Source…