Tag Archive for: nabs
Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer
Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a “key target” in France.
“In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain, and Latvia,” the agency said. “The main perpetrator, suspected of being a developer of the Ragnar group, has been brought in front of the examining magistrates of the Paris Judicial Court.”
Five other accomplices associated with the ransomware gang are said to have been interviewed in Spain and Latvia, with the servers and the data leak portal seized in the Netherlands, Germany, and Sweden.
The effort is the latest coordinated exercise involving authorities from Czechia, France, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine, and the U.S. Two suspects associated with the ransomware crew were previously arrested from Ukraine in 2021. A year later, another member was apprehended in Canada.
Ragnar Locker, which first emerged in December 2019, is known for a string of attacks targeting critical infrastructure entities across the world. According to Eurojust, the group has committed attacks against 168 international companies worldwide since 2020.
“The Ragnar Locker group was known to employ a double extortion tactic, demanding extortionate payments for decryption tools as well as for the non-release of the sensitive data stolen,” Europol said.
Ukraine’s Cyber Police said it conducted raids at one of the suspected members’ premises in Kyiv, confiscating laptops, mobile phones and electronic media.
The law enforcement action coincides with the Ukrainian Cyber Alliance (UCA) infiltrating and shutting down the leak site run by the Trigona ransomware group and wiping out 10 of the servers, but not before exfiltrating the data stored in them. There is evidence to suggest that the Trigona actors used Atlassian Confluence for their activities.
Just as the dismantling of Hive and Ragnar Locker represents ongoing efforts to tackle the ransomware menace, so are the initiatives undertaken by threat actors to evolve and rebrand under new names. Hive, for instance, has resurfaced as Hunters International.
The development…
Liberty Strategic Capital nabs majority stake in mobile security startup Zimperium for $525M – TechCrunch
Liberty Strategic Capital, the private equity firm launched last year by former treasury secretary Steven T. Mnuchin, announced today that it is acquiring a majority stake in mobile security startup Zimperium for $525 million.
With Zimperium, the firm takes a dive into mobile security, which Mnuchin sees at the front line of cyber security today. As he points out with employees using their own devices for years now, companies need to have a way to secure them, even when they don’t control the device directly.
“We all need to increase our focus on the protection of mobile devices and applications. Liberty Strategic Capital is investing in Zimperium because they’ve shown that they can lead the way in this multibillion-dollar market,” he said in a statement announcing the deal.
The company covers three parts of the mobile market looking at device security, mobile applications security and mobile threat intelligence. In fact, last year the company discovered spyware called PhoneSpy in 23 Android apps designed to steal data. As TechCrunch’s Carly Page explained at the time of the news:
Researchers at mobile security firm Zimperium, which discovered PhoneSpy inside 23 apps, say the spyware can also access a victims’ camera to take pictures and record video in real time, and warned that this could be used for personal and corporate blackmail and espionage. It does this without a victim knowing, and Zimperium notes that unless someone is watching their web traffic, it would be difficult to detect.
The company didn’t share specific revenue figures, but reported that annual recurring revenue (ARR) grew 53%. Company CEO Shridhar Mittal is hoping that the investment will continue to drive that growth.
“We’ve helped leading public and private organizations across the globe strengthen mobile security, and as we enter a high growth phase to help even more organizations, Secretary Mnuchin and the team at Liberty Strategic Capital will be a tremendous asset to guide and propel our company forward,” Mittal said in a statement.
Under the terms of the deal, Softbank will own a minority stake in the company, Mnunchin will lead the company’s board of…
Mobile fraud campaign nabs millions from US and EU banks
Security researchers have discovered a major mobile banking fraud operation that stole millions of dollars from financial institutions in Europe and the US before being intercepted and halted.
According to a report by IBM Trusteer, cyber criminals used an infrastructure of mobile device emulators to set up thousands of spoofed devices and access thousands of compromised bank accounts.
“In each instance, a set of mobile device identifiers was used to spoof an actual account holder’s device, likely ones that were previously infected by malware or collected via phishing pages,” said researchers.
Shachar Gritzman, mobile malware researcher at IBM said the gang used automation, scripting, and potentially access to a mobile malware botnet or phishing logs to initiate and finalize fraudulent transactions at scale.
“In this automatic process, they are likely able to script the assessment of account balances of the compromised users and automate large numbers of fraudulent money transfers being careful to keep them under amounts that trigger further review by the bank,” Gritzman said.
In some cases, hackers used over 20 emulators in the spoofing of well over 16,000 compromised devices.
“The attackers use these emulators to repeatedly access thousands of customer accounts and end up stealing millions of dollars in a matter of just a few days in each case. After one spree, the attackers shut down the operation, wipe traces, and prepare for the next attack,” said Gritzman.
Gritzman said to defend against future attacks on mobile devices, users should avoid jailbreaking or rooting any devices, ensure all system updates and app updates take place on time, and obtain apps directly from official app stores.
Tom Davison, technical director – international at Lookout, told ITPro that this attack demonstrates the extraordinary lengths that today’s well-funded and professional cyber criminal groups will go to when the end justifies the means.
“Mobile devices present a multiplier effect as they become the mainstream platform for online banking. Consumer users need to protect themselves by understanding that mobile devices are not immune. It really is important to keep them updated,…