Tag Archive for: paying

Is the IDF weaponizing blockchain? Are cartels paying ransomware on the dark web? #hearsay

/in


Disclosure: The views and opinions expressed here belong solely to the author and do not represent the views and opinions of crypto.news’ editorial.

Welcome to #hearsay, Dorian Batycka’s weekly crypto gossip column. This week’s edition brings you a small dose of dark web cartels, a potential blockchain interface for the Israel Defense Force (IDF), and one NFT collector’s hilarious flex fail.

Every week, crypto.news brings you #hashtag hearsay, a gossip column of scoops and stories shaping the crypto world. If you have a tip, email Dorian Batycka at [email protected]

Question: what if Sam Bankman was actually fried?

That’s the thought that immediately sprang to mind when I learned about a recent exit scam involving one of the world’s largest darknet vendors of illegal drugs.

On March 5, users of the site Incognito Marketplace, a site like Reddit where buyers and sellers can get everything from a gram of weed to kilos of coke, were awakened to a message from one of its administrators, an admin known as Pharaoh.

The message read:

We have accumulated a list of private messages, transaction info and order details over the years. You’ll be surprised at the number of people that relied on our auto-encrypt functionality. And by the way, your messages and transaction IDs were never actually deleted after the expiry.

Anyway, if anything were to leak to law enforcement, I guess nobody never slipped up. We’ll be publishing the entire dump of 557k orders and 862k crypto transaction IDs at the end of May… whether or not you and your customers’ info is on that list is totally up to you. Yes, this is an extortion.

Pharaoh, Incognito Marketplace admin

Holding the site’s BTC and Monero (XMR), Pharaoh stated that vendors on the site would be asked to pay large ransoms, lest they have their data leaked online.

What’s more, Pharaoh also revealed that the “auto-encrypt” button, made available to vendors on the darknet marketplace, actually exposed them to a data breach.

Worries about the Incognito Marketplace began to circulate the week before when users were unable to withdraw BTC and Monero (a privacy-focused cryptocurrency) from the platform.

Source…

Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price

/in


A parked Comcast service van with the
Enlarge / A Comcast Xfinity service van in San Ramon, California on February 25, 2020.

Getty Images | Smith Collection/Gado

Comcast waited 13 days to patch its network against a high-severity vulnerability, a lapse that allowed hackers to make off with password data and other sensitive information belonging to 36 million Xfinity customers.

The breach, which was carried out by exploiting a vulnerability in network hardware sold by Citrix, gave hackers access to usernames and cryptographically hashed passwords for 35.9 million Xfinity customers, the cable TV and Internet provider said in a notification filed Monday with the Maine attorney general’s office. Citrix disclosed the vulnerability and issued a patch on October 10. Eight days later, researchers reported that the vulnerability, tracked as CVE-2023-4966 and by the name Citrix Bleed, had been under active exploitation since August. Comcast didn’t patch its network until October 23, 13 days after a patch became available and five days after the report of the in-the-wild attacks exploiting it.

“However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability,” an accompanying notice stated. “We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired.”

Comcast is still investigating precisely what data the attackers obtained. So far, Monday’s disclosure said, information known to have been taken includes usernames and hashed passwords, names, contact information, the last four digits of social security numbers, dates of birth, and/or secret questions and answers. Xfinity is Comcast’s cable television and Internet division.

Citrix Bleed has emerged as one of the year’s most severe and widely exploited vulnerabilities, with a…

Source…

Cyber money heist: Why companies paying off hackers fuels ransomware crimes

/in


80 PER CENT OF VICTIMS PAY RANSOM

Analysts told CNA that it is common for companies to pay up in a bid to protect their data, with Forbes reporting about 80 per cent of 1,200 victims surveyed decided to do so.

More than 72 per cent of businesses were affected by ransomware attacks as of 2023, Mr Backer told CNA, noting that it was an increase from the previous five years and was by far the highest figure reported.

Predictions also indicate ransomware will cost victims roughly US$265 billion annually by 2031, he added.

“In the heat of the moment and with pressures mounting, the decision to pay a ransom is definitely not an easy one,” said Mr Flores.

“Many choose to opt for this route for a few reasons, with the most common one being faster recovery time. With business operations and continuity at stake, paying the ransom and obtaining the decryption tool in return is sometimes the quicker option to resume activity.”

According to media reports in 2019, ride-hailing platform Uber allegedly paid a US$100,000 ransom and had the hackers sign non-disclosure agreements in exchange for the payment.

This shows that organisations are worried, noted Mr Backer.

Regarding banks like ICBC paying ransoms, he said such information is not usually disclosed to the public due to the sensitive nature of the incidents.

“Many organisations, including banks, may not disclose this due to concerns about reputation, legal implications, and the encouragement of further attacks.”

However, Dr Kerrison noted that the intention behind companies paying ransoms “might not always be to keep it a secret”. 

“Rather, it’s the best option available to them in the circumstances,” he said.

Mr Backer added that claims by attackers should be “treated with caution” as they might not always accurately reflect the reality of the situation.

Analysts also told CNA the rise of the ransomware-as-a-service (RaaS) model is one of the driving factors in the increase in ransom payment.

“RaaS made it possible for low-skilled cybercriminals to join the illicit industry ultimately contributing to the surge in the number of victims,” said He Feixiang, an adversary intelligence research lead at Group-IB.

The RaaS business…

Source…

Can CRI members really avoid paying ransomware ransoms?

/in


  • The International Counter Ransomware Initiative met this week and outlined how its members would combat the growing threat of cybercrime.
  • Among the commitments was a recommendation for CRI members not to pay ransoms.
  • This will be accomplished through training and knowledge sharing among the CRI members.

Ransomware has the ability to entirely upend a business and without proper disaster recovery, a business could be forced to cough up and pay the ransom attackers demand.

This week, 50 members of the International Counter Ransomware Initiative (CRI) met in Washington, D.C for the third convening of the initiative. South Africa is a member of this group. During this meeting the group outlined the development of capabilities to disrupt attackers and the infrastructure they use to conduct said attacks.

There are some great suggestions here such as mentoring and training new CRI members, using artificial intelligence to counter ransomware and even share information about attacks between CRI members.

In addition, there was mention of adopting a policy where governments who are members of the CRI declare that they won’t pay ransoms.

“Through the Policy Pillar, CRI members affirmed the importance of strong and aligned messaging discouraging paying ransomware demands and leading by example. CRI members endorsed a statement that relevant institutions under our national government authority should not pay ransomware extortion demands. CRI members intend to implement the Financial Action Task Force (FATF)’s Recommendation 15 on the regulation of virtual assets and related service providers, which would help stem the illicit flow of funds and disrupt the ransomware payment ecosystem,” reads a briefing published by The White House.

This sounds great but the fact of the matter is that many companies still pay ransoms. In its The State of Ransomware 2023 report, Sophos found that 46 percent of the 3 000 IT and cybersecurity leaders surveyed reported that ransomware ransoms were being paid.

While not paying a ransom is regarded as best practice in the cybersecurity space, as we mentioned, if there aren’t proper backups of data, disaster response and…

Source…