Tag Archive for: takes

Resumption of all Kyivstar services in compliance with security protocols takes time – security service

/in


Resumption of all Kyivstar services in compliance with security protocols takes time – security service

It is planned to resume the Kyivstar fixed-line Internet for households and begin the launch of mobile communications and the Internet on Wednesday, December 13, while the resumption of all services of the mobile operator in compliance with the necessary security protocols will take time, the Security Service of Ukraine has reported.

On Wednesday, Security Service of Ukraine said on its Telegram channel that its cyber specialists and Kyivstar experts, in collaboration with other government agencies, continue to work on restoring the network after the cyber attack.

“According to preliminary estimates, on December 13 it is planned to resume fixed-line Internet for households, and begin the launch of mobile communications and the Internet,” the security service said.

At the same time, the Security Service of Ukraine emphasizes that critical damage was inflicted on Kyivstar’s digital infrastructure, and therefore “the restoration of all services in compliance with the necessary security protocols will take time.”

“The responsibility for the attack has already been claimed by one of the Russian pseudo-hacking groups. It is a hacker unit of the main intelligence directorate of the General Staff of the Russian Armed Forces (more commonly known as GRU), which thus publicly legitimizes the results of its criminal activities in this way,” the Security Service of Ukraine said.

The Ukrainian service continues to document the Russian cyber attack on Ukraine’s civil infrastructure as another war crime committed by the occupiers.

Source…

Ransomware attack takes down systems at 60 credit unions across country

/in


SALT LAKE CITY (KUTV) — Dozens of credit unions across the country are dealing with outages due to a ransomware attack.

Credit unions report the attack affected part of Trellance, a cloud computing firm used by many credit unions across the country.

At least 60 credit unions have been affected.

One credit union in New York facing outages due to the ransomware attack says online and mobile banking are down but that other services like debit cards are working normally.

The National Credit Union Association said the accounts of all customers are safe and are federally insured up to $250,000.

Recently hospitals, fuel pipelines and schools have all been disrupted by the ransomware attacks that lock up files unless someone pays up.

Source…

Conti-linked ransomware takes in $107 million in ransoms: Report

/in


Black Basta, a ransomware campaign thought to be the brainchild of people linked to the infamous Conti malware gang, has been paid more than $100 million in the past year and a half, infecting 329 known victims.

According to a report published this week by blockchain analytics firm Elliptic, the Black Basta ransomware has attacked targets in a pattern similar to that of the Conti gang, both in terms of regionality and industry. Nearly two-thirds of Black Basta’s attacks have been against US companies, and, like Conti, manufacturing, engineering and construction and wholesale/retail businesses have been the most common targets. Other industries were also targeted, however, including law firms, real estate offices, and more besides.

Elliptic, in concert with Corvus Insurance, researched the blockchain connections between cryptowallets used to accept Bitcoin ransom payments, and discovered distinctive patterns. This, the report said, allowed the researchers to identify more than 90 ransom payments to Black Basta, which averaged $1.2 million each. They identified a total of $107 million in payments to the group.

The report noted that this figure is likely to be a “lower bound,” however, given the likelihood of payments that they were unable to identify. The two highest-profile victims are Capita, a tech outsourcing firm with huge UK government contracts, and industrial automation company ABB.

The report notes that neither company has disclosed any ransom payments. Capita did not immediately reply to requests for comment; ABB acknowledged in a statement that it experienced a “security incident,” but did not specify whether the incident involved ransomware.

“In May 2023, ABB became aware of an IT security incident impacting certain company IT systems. As a result of the incident, ABB started an investigation, notified certain law enforcement and data protection authorities, and worked with leading experts to determine the nature and scope of the incident,” according to an ABB statement sent by its media relations head. “ABB also took steps to contain the incident and further enhance the security of its systems. Based on its investigation, ABB…

Source…

FBI-Led Global Effort Takes Down Massive Qakbot Botnet

/in


Botnet text on a red background of binary values.
Image: Whatawin/Adobe Stock

A multinational action called Operation “Duck Hunt” — led by the FBI, the Department of Justice, the National Cybersecurity Alliance, Europol, and crime officials in France, Germany, the Netherlands, Romania, Latvia and the U.K. — was able to gain access to the Qakbot network and shut down the malicious botnet, which has affected 700,000 computers worldwide.

Jump to:

Qakbot nets nearly $58 million in ransom in just 18 months

Over the course of its more than 15-year campaign, Qakbot (aka Qbot and Pinkslipbot) has launched some 40 worldwide ransomware attacks focused on companies, governments and healthcare operations, affecting some 700,000 computers. Qakbot, like almost all ransomware attacks, hit victims through spam emails with malicious links, according to the Justice Department. The DOJ noted that over just the past year and a half, Qakbot has caused nearly $58 million in damages. As part of the action against Qakbot, the DOJ seized approximately $8.6 million in cryptocurrency in illicit profits (here’s the department’s seizure warrant).

According to the DOJ, the action represented the largest U.S.-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals to commit ransomware, financial fraud and other cyber-enabled criminal activities.

“Cybercriminals who rely on malware like Qakbot to steal private data from innocent victims have been reminded today that they do not operate outside the bounds of the law,” said Attorney General Merrick B. Garland in a statement.

SEE: LockBit, Cl0P expand ransomware efforts (TechRepublic)

FBI Director Christopher Wray said on the FBI’s website that the victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.

FBI injects computers with uninstaller file to dislodge Qakbot

The FBI said that, as part of the operation, it gained access to Qakbot’s infrastructure and identified hundreds of thousands of infected computers worldwide, including more than 200,000 in the U.S. As part of the action, the Bureau…

Source…