Tag Archive for: Ransomware

White House plans 30-country meeting on cyber crime and ransomware -official


By Trevor Hunnicutt and Nandita Bose

WASHINGTON (Reuters) – Top U.S. national security advisers will gather officials from 30 countries this month with plans to combat the growing threat of ransomware and other cyber crime, President Joe Biden said on Friday.

An online session hosted by the White House National Security Council will also be aimed at “improving law enforcement collaboration” on issues like “the illicit use of cryptocurrency,” Biden said in a statement.

The Biden administration has elevated the response to cybersercurity to the senior-most levels of the administration following a set of attacks this year that threatened to destabilize U.S. energy and food supplies.

The meat producer JBS SA paid https://www.reuters.com/technology/jbs-paid-11-mln-response-ransomware-attack-2021-06-09 $11 million to end an attack on its systems that halted production and was believed to have originated from a criminal group with Russian links.

Colonial Pipeline paid a hacker gang believed to be based in Eastern Europe nearly $5 million https://www.reuters.com/business/colonial-pipeline-ceo-tells-senate-cyber-defenses-were-compromised-ahead-hack-2021-06-08/#:~:text=NEW%20YORK%2C%20June%208%20(Reuters,by%20stealing%20a%20single%20password to regain access, some of which was later clawed back by U.S. law enforcement.

Both companies paid the ransoms in bitcoin.

Ransom software works by encrypting victims’ data. Typically hackers will offer the victim a key in return for cryptocurrency payments that can run into hundreds of thousands or even millions of dollars.

The Biden administration hopes that their new informal group, which they’re calling the Counter-Ransomware Initiative, will bolster their diplomatic push that has included direct talks with Russia as well as the NATO alliance and Group of Seven (G7) wealthy nations.

The administration has increasingly focused on blocking https://www.reuters.com/technology/us-allies-accuse-china-global-cyber-hacking-campaign-2021-07-19 what it calls China’s “malicious cyber activity,” charges which Beijing has denied.

It was not immediately clear which countries would participate or when exactly the meeting would take place.

One White…

Source…

Ransomware on Target for 150% Increase This Year — THE Journal


Data Security

Ransomware on Target for 150% Increase This Year

More bad news on the data security front. Ransomware and fileless
malware are both seeing large surges this year.

According to the newly released Q2
2021 Internet Security Report from WatchGuard Technologies, in
the first six months of 2021, ransomware attacks were already at
nearly the total volume for all of the previous year and are on
target to see a 150% increase by the end of the year. According to
WatchGuard: “While total ransomware detections on the endpoint
were on a downward trajectory from 2018 through 2020, that trend
broke in the first half of 2021, as the six-month total finished just
shy of the full-year total for 2020. If daily ransomware detections
remain flat through the rest of 2021, this year’s volume will reach
an increase of over 150% compared to 2020.”

Fileless malware — malware originating from scripting engines,
such as PowerShell — is increasing at an even greater pace and is
on track to double 2020’s total this year. AMSI.Disable.A is one such
malware type that’s on the rise. According to WatchGuard:
“AMSI.Disable.A showed up in WatchGuard’s top malware section
for the first time in Q1 and immediately shot up for this quarter,
hitting the list at #2 overall by volume and snagging the #1 spot for
overall encrypted threats. This malware family uses PowerShell tools
to exploit various vulnerabilities in Windows. But what makes it
especially interesting is its evasive technique. WatchGuard found
that AMSI.Disable.A wields code capable of disabling the Antimalware
Scan Interface (AMSI) in PowerShell, allowing it to bypass script
security checks with its malware payload undetected.”

Other findings from the report included:

  • A massive 91.5% of all malware arrived over encrypted
    connection. “Put simply, any organization that is not examining
    encrypted HTTPS traffic at the perimeter is missing 9/10 of all
    malware,” according to WatchGuard.

  • Network attacks rose 22% in the quarter, reaching the highest
    level sine…

Source…

House lawmakers seek explanation from FBI’s Wray over ransomware response


By Sean Lyngaas, CNN

(CNN) — Leaders of the House Oversight and Reform Committee are questioning the FBI’s handling of a July ransomware attack on a Florida-based IT firm that compromised up to 1,500 businesses.

Reps. Carolyn Maloney, a New York Democrat, and James Comer, a Kentucky Republican, have requested a briefing from FBI Director Christopher Wray after the bureau reportedly withheld a key to decrypt the ransomware for nearly three weeks, potentially costing victims millions of dollars in recovery costs.

“Congress must be fully informed whether the FBI’s strategy and actions are adequately and appropriately addressing” the threat of ransomware to the US economy, Maloney and Comer wrote Wednesday in a letter to Wray that was shared with CNN. The lawmakers said they want to “understand the rationale behind the FBI’s decision to withhold” the key to unlock computers infected by the ransomware.

The FBI has in recent years ramped up resources to address ransomware, with FBI field offices across the country communicating with victim US companies. But a growing chorus of lawmakers wants to know if the bureau is balancing the need to protect victims with the need to disrupt criminal groups based in Eastern Europe and Russia.

Disrupting the hackers

The Washington Post reported last week that the FBI withheld the decryption key as the bureau planned an operation to disrupt the hackers, a Russian-speaking ransomware syndicate known as REvil. That operation never materialized as REvil mysteriously went offline in mid-July, only to reemerge in September.

The Washington Post was first to report on the letter to the FBI.

The July ransomware incident at the IT firm, Kaseya, rippled across the firm’s customer base of small and medium sized businesses as the hackers were able to breach about 50 of Kaseya’s clients and some 800 to 1,5000 customers of those clients.

An FBI spokesperson said the bureau received the letter and referred CNN to Wray’s recent congressional testimony.

In testimony last week in the Senate, Wray…

Source…

Senate Bill to Mandate Cyberattack, Ransomware Payment Reporting


Energy companies, banks and other critical infrastructure operators would have to report cybersecurity incidents and ransomware payments to the federal government under legislation introduced Tuesday.

Senate Homeland Security and Governmental Affairs Chairman Gary Peters (D-Mich.) and ranking member Rob Portman (R-Ohio) are unveiling a bipartisan bill to require critical infrastructure operators to notify the Cybersecurity and Infrastructure Security Agency within at least 72 hours of experiencing a cyberattack, according to details shared with Bloomberg Government.

The measure would also require other organizations—including nonprofits, businesses with more than 50 employees and state and local governments—to notify the federal government within 24 hours if they make a ransom payment following a ransomware attack.

“When entities — such as critical infrastructure owners and operators — fall victim to network breaches or pay hackers to unlock their systems, they must notify the federal government so we can warn others, prepare for the potential impacts, and help prevent other widespread attacks,” Peters said in a press statement.

Companies Must Report Ransomware, Cyberattacks in Senate Measure

The Biden administration’s top cybersecurity officials, CISA Director Jen Easterly and National Cyber Director Chris Inglis, backed a draft version of the measure during a committee hearing last week.

Biden Cyber Officials Back Breach Incident Reporting Mandate

The Senate bill is similar to legislation from House Homeland Security Chair Bennie Thompson (D-Miss.) and Reps. Yvette Clarke (D-N.Y.) and John Katko (R-N.Y.), which was included in an amendment to the House version of the fiscal 2022 National Defense Authorization Act (H.R. 4350) passed on Sept. 23. The House bill doesn’t mandate reporting of ransom payments.

Cyber Incident Reporting by Industry Mandated in Draft Bill

Peters said he plans to mark up the legislation and is considering the Senate version of the defense policy bill as a potential vehicle to advance the measure on the Senate floor, he told Bloomberg Government last week.

To contact the reporter on this story: Rebecca…

Source…