Tag Archive for: Stop

Ransomware Groups’ Data Leak Blogs Lie: Stop Trusting Them


Fraud Management & Cybercrime
,
Ransomware


March 15, 2024    

Ransomware Groups' Data Leak Blogs Lie: Stop Trusting Them
Ransomware leak sites are not reliable sources of data. (Shutterstock)

Ransomware gangs are not reliable sources of information. Groups that run data leak blogs – and not all do – use them to pressure new and future victims into paying for the promise of either a decryptor or a pledge to delete stolen data.

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

The number of victims that end up on a data leak site is inherently incomplete. Victims who pay a ransom quickly don’t get posted; criminals don’t publish these numbers. In addition, “some groups post more of their nonpaying victims than others,” and it’s often not clear why, said Brett Callow, a threat analyst at Emsisoft.

As a result, relying on data leak blogs to build a picture of attack volume can lead to wildly inaccurate results, not only about victim count but about the impact of any given attack. Unfortunately, some cybersecurity organizations, often aided and abetted by us in the media, regularly track fresh victims claimed by ransomware groups via their Tor-based data leak blogs, aka “name and shame” sites.

“Relying on shame blogs is the last thing we should do while assessing a group threat,” said Yelisey Bohuslavskiy, chief research officer at RedSense. “Blogs reflect how often extortion fails, and the victim decides to show the criminals a middle finger. Often, the fewer victims are on the blogs, the more successful the group…

Source…

STOP ransomware, more common than LockBit, gains stealthier variant


StopCrypt, the most common ransomware family of 2023, has a new variant leveraging more advanced evasion tactics.

StopCrypt, also known as STOP/DJVU, surpassed the LockBit ransomware family in detections in 2023, according to Trend Micro’s 2023 Annual Cybersecurity Report published last week. STOP typically targets smaller targets with an average ransom payment size of $619 in the first half of 2023, according to a mid-year report by Chainalysis.

SonicWall reported Tuesday that a new StopCrypt variant employes several evasion tactics in a multi-stage shellcode deployment process, including a long delay loop, dynamic API resolution and process hollowing, or the replacement of code in a legitimate executable to malicious code.

‘Msjd’ StopCrypt ransomware attempts to dodge anti-virus protection

The StopCrypt variant studied by SonicWall’s Capture Labs begins its stealth mission by copying the same data to a location more than 65 million times in a delay loop likely intended to dodge time-sensitive anti-virus mechanisms such as sandboxing.

It then employs multiple stages of dynamic API resolution — calling APIs at runtime rather than linking them directly. This prevents anti-virus detection of artifacts created by direct API calls from static links in the malware code.  

After taking a snapshot of the current processes using CreateToolHelp32Snapshot, extracting information using Module32First, and calling VirtualAlloc to allocate memory with read, write and execute permissions, the malware enters a second stage in which it dynamically calls additional APIs to perform process hollowing.

Ntdll_NtWriteVirtualMemory is used to write malicious code into a suspended process created with kernel32_CreateProcessA.

When the suspended process is resumed, the final ransomware payload launches icacls.exe to modify access control lists to prevent the ability to modify or delete a new directory and files created by StopCrypt. The ransomware encrypts the user’s files and adds the extension “.msjd.”

The ransomware note found in the variant studied by SonicWall includes a demand for $980, with a “discount” offer of $490 if the victim contacts the threat actor within 72 hours.

The STOP variant…

Source…

How To Stop Your Wireless Security Camera From Being Hacked


As well as enabling you to remotely keep an eye on your home, wireless security cameras should also protect your data security and home privacy. 

Our product tests and investigations have revealed models that lack even basic protections, and could put you at risk of being hacked.  

All wireless security cameras we review are fully assesed for how they protect you and your data from hackers. See the best wireless security cameras. 

How wireless security cameras get hacked

There are many different ways that an indoor surveillance camera might be targeted by hackers. 

Weak or generic default passwords are one of the most exploitable issues you’ll find. Some wireless cameras come with weak usernames, such as ‘admin’, and also easy to guess passwords, such as ‘admin’ (again), ‘888888’ or ‘123456’. Attackers know this, and can scan for cameras that are online to try these weak login details to gain access. You can also use a password manager to help.

Password security is also an issue if the camera sends unencrypted data. Even if you change the camera’s password, some cameras will send it, unencrypted, over the internet. This means that when you enter your password, an attacker could steal it and use it to access your camera. Some cameras even transmit your wi-fi password, too, putting your home internet at risk.

With some cameras, an attacker can take complete control over the device – known as full camera takeover. This involves gaining what’s known as ‘root’ access to the camera; a bit like having the keys to the front door of a house. They can then tamper with virtually any aspect of the camera and even load it up with malware.


Could your wireless camera be breaking the law? Read more about the laws around privacy and recording footage with security cameras at the home.


What happens if my camera gets hacked?

Unless the camera starts moving without you doing anything, or a voice sounds from the built-in microphone, you might not actually know that your camera has been hacked.

However, the impact of a hacking attack can be devastating; from intrusion to your privacy to potential compromise of other connected devices you have at home.

Smart home spying

Dodgy cameras…

Source…