Tag Archive for: Ransomware

Justice ‘Hacked the Hackers’ of Hive Ransomware, Stopping $130M in Demands

/in


After a months-long effort, the Department of Justice has disrupted the Hive ransomware group—which the FBI labeled a top 5 ransomware threat—according to an announcement on Thursday.

The efforts of the DOJ and international partners “hacked the hackers,” hindering $130 million in ransom demands, according to Deputy Attorney General Lisa O. Monaco.

Hive ransomware group went after more than 1,500 victims in 80-plus countries, the announcement noted. Victims included hospitals, school districts, financial firms and critical infrastructure. 

These attacks have greatly disrupted victims’ operations, such as impacting a hospital’s response to COVID-19, the DOJ stated. Specifically, one hospital had to use analog methods to treat existing patients and could not accept new patients after the attack. 

“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” Attorney General Merrick B. Garland said in a press release. “Cybercrime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack. We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks.”

The FBI infiltrated Hive’s networks in July 2022 and remained to capture the group’s decryption keys. The FBI provided more than 300 decryption keys to victims under attack and more than 1,000 decryption keys to previous victims, preventing victims from having to pay $130 million in ransom demands. Beginning in June 2021, the ransomware group was able to extort more than $100 million in ransom payments, before the FBI operation.

As noted in the announcement, Hive utilized a ransomware-as-a-service, or RaaS, model that included administrators—occasionally called developers—and affiliates. According to the announcement, RaaS is a…

Source…

Justice Department seizes website of major ransomware gang – KATU

/in



Justice Department seizes website of major ransomware gang  KATU

Source…

Battle of the breach: Prioritizing proactive ransomware defense

/in


Editor’s note: The following is a guest article from Sebastian Goodwin, chief information security officer at Nutanix. 

Over the last decade, ransomware has become the de facto tactic of cybercriminals looking to make a quick buck.

And why not? Average ransomware payments are nearing the $1 million mark, and many criminal groups are now selling their tools and services on specialty ransomware as a service marketplaces.

With nearly every business already permanently connected to the internet, global ransomware damage is expected to reach an annual impact of $265 billion within this decade.

In practical terms, this means that we will soon face a reality where organizations are attacked every two seconds by threat actors that continue to evolve their tools and tactics. 

Doing business in such a world can seem overwhelming, but modern cybersecurity approaches are working to keep up with the growth of ransomware.

As a result, CISOs looking to apply advanced thinking to ransomware defense can integrate new processes and tactics as they formulate their cybersecurity strategies. 

What’s in a name? Ransomware types by description 

Today’s ransomware can come from many specialized groups and threat actors. To make things more complicated, some criminal groups even sell their tools through a ransomware as a service business model, letting anyone with a bank account or cryptocurrency wallet automate ransomware attacks via the dark web. 

Most common types of ransomware fall into six distinct categories: 

  • Crypto ransomware: After breaching individual workstations and systems, this type of ransomware finds and encrypts files, rendering them unusable. Victims are encouraged to pay a ransom or lose access to their data permanently, often by having it completely deleted off their system. 
  • Locker ransomware: While crypto-style ransomware blocks access to individual files, Locker-type ransomware affects whole machines, preventing a user from accessing any files or programs until a ransom is paid. In general, this type of ransomware affects computer systems, though some are specifically made to lock IoT and smart home…

Source…

Ransomware attack costs school board more than $300K

/in


Huron-Superior Catholic District School Board is projecting a deficit due to cyberattack; board also doling out cash for credit monitoring, cybersecurity measures

SAULT STE. MARIE — The Huron-Superior Catholic District School Board will operate with a $325,000 deficit for its 2022-2023 budget due to a ransomware attack that crippled the board’s information systems in mid-December and compromised personal information belonging to a number of its employees. 

“This deficit is a result of the cyber incident,” said business superintendent Justin Pino in an email to SooToday Monday. “Before the incident the board was projecting a balanced budget.”  

Additional expenses related to the Dec. 15 cyberattack covered by the board’s cyber insurance are not being disclosed. 

The English Catholic school board is also spending USD $69,212 annually for three years on software from SentinelOne, a California-based cybersecurity company, in order to protect it from potential cyberattacks. 

A two-year credit monitoring service for affected school board employees through TransUnion will run the board $30,000 following the Royal ransomware attack, which resulted in the theft of personal information — including social insurance numbers and banking information — for staff members employed by the board between 2019 and 2022. 

Board officials are not disclosing whether or not the school board paid a ransom to the attackers. 

 

 

 

 

 

 

Source…