Tag: Strikes | Page 3

FBI, Microsoft Strikes Against Hackers Are Harbinger Of More Pre-Emptive Actions

April 11, 2022/in Computer Security

First the FBI. Now Microsoft.

A day after the FBI revealed last week that it had pre-emptively disrupted a Russian-government backed botnet, Microsoft revealed that it had proactively thwarted an attempt by Russian hackers to attack Ukrainian entities.

James Morrison, who spent 22 years with the FBI as a senior computer scientist focused on cybersecurity, cybercrime and ransomware and is now CISO at Spring, Texas-based Ntirety, said he believes that the FBI and Microsoft’s aggressive actions are a harbinger of more pre-emptive strikes to come amid the ongoing war between Russia and Ukraine and heightened concerns over cybersecurity in general.

“It’s not a coincidence,” said Morrison, adding, however, that he’s not saying the FBI and Microsoft collaborated behind the scenes on their separate actions against Russian cyberintruders.

Instead, he said, the actions are more a sign of the tense times—with increasing global cyberattacks and threats against government agencies and private institutions alike. Indeed, he noted that cyberattacks have increased by 800 percent since the start of the Russian-Ukrainian war, based on data from the FBI and Homeland Security.

As for Microsoft’s recent action against Russian hackers, he said it’s a “good thing” for cybersecurity in general. But he said a “little caution” is in order because such strikes must be legally permissible in each case.

In a blog entry posted late Thursday, Tom Burt, a Microsoft corporate vice president, customer security and trust, stressed that Microsoft obtained a court order before it moved against the Russian group, known as Strontium, which has been linked to Russian intelligence services.

In his blog post, Burt said that Strontium, which Microsoft has been tracking “for years,” was attempting to seize control of seven internet domains to launch attacks against Ukrainian institutions, including media organizations.

“[Strontium] was also targeting government institutions and think tanks in the United States and the European Union involved in foreign policy,” Burt wrote.

“We believe…

Source…

Ray Saitz: Restore or repair when computer disaster strikes?

February 17, 2022/in Computer Security

Nothing lasts or works forever, and that’s especially true of your computer. In time the Windows operating system might malfunction, your ancient computer could get annoyingly slow, or the hard drive might fail entirely.

Repairing or restoring a defective Windows operating system or replacing a hard drive is a time-consuming and usually expensive job, but with some care and guidance you might be able to perform the job yourself. Luckily, Windows has built-in tools which will either attempt to repair your system or reinstall the Windows operating system, and Microsoft has a website with a list of numerous disasters that could befall your Windows 11, 10 or 8.1 computer with suggestions for what to do (https://tinyurl.com/3wh4a3vj).

The critical factor is whether or not your computer will boot to the desktop or crashes before even getting that far.

If it will boot up then you’ll find the tools to fix it by clicking on the Start button, opening Settings, and in Update and Security click on Recovery in the list on the left. Choose Reset This PC and pay attention to the two choices.

One option will be to reinstall Windows but keep the files in your Documents, Pictures, Music, Downloads and Video folders. It will also retain your account info and system settings which will eliminate the tedious process of setting up the computer from scratch.

The other choice is to delete everything on the computer and reinstall Windows. This is what you will choose if you are selling, gifting, or donating your computer since all of your personal files, settings, passwords, and logins will be permanently deleted, but the computer will still have a functioning operating system.

In either reset option you will usually get the choice to reinstall Windows using a version saved on the computer or downloading a fresh version of Windows from Microsoft. Use the version on the computer to restore it to its factory settings along with all of the trial versions of products and ads, or choose the download option to just get Windows without the factory installed apps.

Be aware that in both cases all of the programs or apps that did not come with the computer will be deleted and you will have reinstall them along with…

Source…

Python ransomware strikes virtual machines in ‘ultra-high-speed’ attacks

October 5, 2021/in Internet Security

Cybersecurity experts have shared details about a speedy new ransomware campaign attacking virtual machines (VM) hosted on a VMware ESXi hypervisor.

Describing it as a sniper-like operation, Sophos researchers claim that it took the attackers less than three hours from breaching the target to encrypting it.

“This is one of the fastest ransomware attacks Sophos has ever investigated and it appeared to precision-target the ESXi platform,” said Andrew Brandt, principal researcher at Sophos.

TechRadar needs you!

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

>> Click here to start the survey in a new window <<

The researchers note that while malware that runs under a Linux-like operating system, such as the one ESXi uses, is still relatively uncommon, hypervisors are an attractive target since the VMs they host usually run business-critical services.

Splash and dash

Sophos researchers add that even notorious ransomware operators such as DarkSide and REvil have targeted ESXi servers.

However, two aspects of this particular attack that stand out are the swiftness shown by the attackers, and the use of the Python ransomware.

The attackers logged into the network after compromising a TeamViewer account that was running in the background on a computer that belonged to a user with Domain Administrator credentials.

Ten minutes after logging in the attackers downloaded an IP scanner to map the network. Soon after identifying the ESXi server, the attackers discovered that the target’s staff had mistakenly forgotten to disable the built-in SSH service in ESXi.

It didn’t take them long to log into the hypervisor to deploy the Python ransomware.

“Python is a coding language not commonly used for ransomware. However, Python is pre-installed on Linux-based systems such as ESXi, and this makes Python-based attacks possible on such systems,” reason the researchers, who managed to scrape the ransomware for analysis after putting in some serious effort.

In their analysis, the…

Source…

Ransomware attack strikes Nygard IT systems on Dec. 12, receiver company assessing impact

December 31, 2020/in Internet Security

Peter Nygard will ring in the new year behind jail bars, while the company in control of Nygard’s assets recovers from a ransomware attack that impacted dozens of computer servers linked to the Nygard IT system.

RCMP and Winnipeg police arrested Nygard on Dec. 14 in relation to a nine-count indictment in the United States accusing the 79-year-old of racketeering, sex trafficking and other related crimes. He is currently in custody at the Winnipeg Remand Centre.

While in court on Dec. 15, Justice Sheldon Lanchbery said Nygard would be held in jail until Jan. 13, 2021. But on Thursday, Nygard’s bail application was set for 10 a.m. on Jan. 6, 2021.

A total of 57 women have joined a class-action suit, filed in New York earlier this year, accusing Nygard of rape, sexual assault and human trafficking dating back to 1977.

The class action was put on hold in August after a judge presiding over the case in the Southern District of New York entered a stay of proceeding so that the FBI could complete its investigation, according to court documents.

U.S. authorities asked Canada law enforcement to issue an warrant for Nygard’s arrest through the two countries’ extradition treaty. (YouTube)

The FBI is urging anyone who believes they are a victim of the sexual abuse perpetrated by Nygard to contact them at 1-800-225-5324.

No allegations have been proven in court.

Nygard IT system hacked

Richter Advisory Group Inc., the court-appointed receiver of Nygard’s assets, says Nygard IT servers were a victim of a ransomware attack, according to a court document dated Dec. 30.

Informanix — a third-party IT consultant hired to preserve digital records — and the Nygard IT staff were working to recover records and computer servers impacted by a November power outage in northwestern Winnipeg when they had to pivot to deal with a ransomware attack on Dec. 12.

The ransomware attack — a type of malware attack where the perpetrator locks and encrypts the victim’s data and demands payment to unlock and decrypt the data — compromised “certain electronic records, programs and IT infrastructure of the Nygard organization, including the debtors,” the court document says.

But “by…

Source…

Tag Archive for: Strikes

Nygard IT system hacked