In this Help Net Security video, Kevin Holvoet, Cyber Threat Intelligence Instructor, SANS Institute, discusses ransomware and Ransomware as a Service (Raas) attacks, and illustrates how preparedness with a proper top-down response is critical for business continuity in case of an attack.
The U.S. Department of Justice (DOJ) has secured the extradition of Denis Mihaqlovic Dubnikov, a Russian citizen from the Netherlands. He will face trial in the United States on allegations of participating in money laundering for a ransomware group.
In a press release, the DOJ accused the 29-year-old of laundering as much as $400,000 that was proceeds from the victims of ransomware attacks. Overall, Dubnikov and his co-conspirators, who are yet to be identified, laundered as much as $70 million extracted using the Ryuk malware variant.
“After receiving ransom payments, Ryuk actors, Dubnikov and his co-conspirators, and others involved in the scheme, allegedly engaged in various financial transactions, including international financial transactions, to conceal the nature, source, location, ownership, and control of the ransom proceeds,” the release said.
The Ryuk malware variant was first identified in 2018. The malware operates by encrypting files and attempting to delete any system backups when it is executed on a computer or network. It targets both storage drives connected to or in the computer and those accessed remotely via networks.
The attacks targeted individuals and organizations throughout the United States and abroad. Victims were blackmailed into paying ransoms in digital assets to access their files.
One high-profile victim was the U.S. Coast Guard, which saw its operations stopped for over 30 hours following an attack perpetuated through an email phishing campaign in 2020. In the same year, the U.S. classified the malware variant as an “imminent and increasing cybercrime threat to hospitals.”
Earlier this year, the U.S. Department of State linked the ransomware to Conti, a Russian ransomware group. The department has promised a $15 million bounty for information on the group. Ryuk ransomware has also been linked to the North Korean Lazarus group.
US cracking down hard on digital assets money laundering
Dubnikov has already made his first appearance in a court in Portland. A five-day jury trial will be held for him starting on October 4, and he could face up to 20 years imprisonment if found guilty.
The DOJ’s investigation of the case was coordinated…
Ransomware attacks, like the one that cost Hanesbrands Inc. about $100 million in second-quarter sales, are increasing in frequency among corporations facing uncertain prospects of a complete restoration and recovery.
Ransomware is a type of malicious software employed by hackers that can block access to a computer system until a ransom is paid.
The Winston-Salem-based apparel manufacturer reported in a May 31 regulatory filing that it began experiencing the ransomware attack on May 24.
Hanesbrands disclosed Aug. 11 in its second-quarter earnings report that its global supply chain network and ability to fulfill customer orders were affected for about three weeks.
“At this time, we believe the incident has been contained,” the manufacturer said in a separate quarterly regulatory filing Aug. 11.
Ransomware variants have almost doubled in the past six months, with exploit trends demonstrating the endpoint remains a target as work-from-anywhere continues, according to the latest semiannual FortiGuard Labs Global Threat Landscape Report.
“Cyber adversaries are advancing their playbooks to thwart defence and scale their criminal affiliate networks,” says Derek Manky, chief security strategist and VP global threat intelligence, FortiGuard Labs.
“They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment,” he says.
“To combat advanced and sophisticated attacks, organisations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks.”
Glenn Maiden, director of threat intelligence, Australia and New Zealand, Fortinet, adds, “The FortiGuard Labs Global Threat Landscape 1H 2022 report has found the number of ransomware variants has almost doubled over the previous six months while the volume of ransomware, which spiked in 2021, has remained steady.
“This means FortiGuard Labs has seen the same amount of ransomware attacks; however, there is double the diversity of ransomware variants,” he says.
One of the drivers for this increase in diversity is the popularity of Ransomware-as-a-Service (RaaS). RaaS can enable even a relatively unsophisticated criminal to execute a lucrative ransomware attack.
As organisations maintain remote and hybrid working models, cyber adversaries are focusing on concealing activity from end point security systems. Looking at the top tactics and techniques from the past six months of endpoint detection and response (EDR) telemetry, defence evasion is the top tactic employed by malware developers. Attackers are likely to use techniques like system binary proxy execution to hide malicious intentions.
Cyber affiliates are now much more sophisticated in selecting their targets. An attacker that conducts deeper pre-attack reconnaissance will lead…