Tag Archive for: Victims

94% of Ransomware Victims Have Their Backups Targeted

/in


Organisations that have backed up their sensitive data may believe they are relatively safe from ransomware attacks; however, this is not the case based on findings from a new study from IT security company Sophos. The report showed that cybercriminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year.

Attackers are aware that those who fall victim to ransomware must choose to either pay the ransom or recover their now-encrypted systems from a backup. To put more pressure on decision-makers to pay up, it is becoming more common for them to target the duplicated data as well as the production data. Indeed, the report showed the victim is almost twice as likely to pay up if their backup is compromised, and recovery from the attack is eight times more expensive.

The Sophos research revealed the extent of the popularity and effectiveness of ransomware groups targeting corporate backups (Figure A).

Figure A

Percentage of ransomware victims that paid the ransom to recover their data from cyber criminals.
Percentage of ransomware victims that paid the ransom to recover their data from cyber criminals. Image: Sophos

SEE: What is ransomware? Read this TechRepublic cheat sheet

How much does it cost to recover from a ransomware attack on the backup?

The Sophos research found that the median ransom demand for organisations whose backups are compromised is $2.3 million (£1.8 million) (Figure B). When the backup is not compromised, the median ransom demand is $1 million (£790k), as the attacker has less leverage.

Figure B

The median ransom demanded by cyber criminals when they have access or don’t have access to their victim’s backups.
The median ransom demanded by cyber criminals when they have access or don’t have access to their victim’s backups. Image: Sophos

“Ransomware-led outages frequently have a considerable impact on day-to-day business transactions while the task of restoring IT systems is often complex and expensive,” Sally Adam, the senior director of marketing at Sophos, wrote in the report.

Companies without compromised backups are also more likely to be able to negotiate the ransom payment down, paying out an average of 82% of the initial demand. Those whose backups are compromised will pay 98% of the demanded sum, on average.

The total cost of a ransomware attack is often more than just the ransom, as it incorporates the…

Source…

U.S. still finding victims of advanced China-linked hacking campaign, NSA official says

/in


The U.S. is still identifying victims targeted by an extensive China-backed hacking campaign that became the subject of a recent FBI takedown operation and other advisories from officials over the past year, a top NSA cyber official said.

Rob Joyce, the agency’s outgoing cybersecurity director, said on Friday that the U.S. is still finding victims of the Volt Typhoon hacking collective that’s been latching onto critical infrastructure through compromised equipment including internet routers and cameras, and that NSA is not yet done with efforts to eradicate such threats.

The clandestine activities, which are said to be backed by the Chinese government, have allowed the hackers to conceal their intrusions into U.S. and foreign allies’ systems for at least five years, officials have previously said. 

The FBI in January announced it had jettisoned a significant portion of the group’s operations from compromised equipment it had burrowed into. These claims were subsequently affirmed by analysis from the private sector. But Friday’s remarks indicate there is still a way to go before Volt Typhoon is completely eradicated from U.S. networks.

Joyce, who was speaking to a group of reporters, declined to give a precise account of how many victims were remaining, but said the Chinese cyberspies are using tradecraft that’s difficult to uncover because of its reliance on stolen administrator credentials which allow them to more easily mask exploits.

The Volt Typhoon group has been carrying out “station keeping” activities, in an effort to preposition themselves to take down key infrastructure like transportation networks, he said. As for when the dismantling order would come down from Chinese authorities, the agency assesses it would be a “pretty high bar” reserved for major conflict like a possible Chinese invasion of Taiwan, he said.

The Volt Typhoon hackers have been using “living off the land techniques” that allow them to hide inside systems and bypass detection, previous U.S. reports said, noting that they have breached American facilities in Guam, as well as other key infrastructure in facilities both inside and outside the U.S.

Joyce added that NSA has been able to…

Source…

LockBit 3.0 Ransomware Attack Hits Again: Add 2 New Victims

/in


The nefarious LockBit 3.0 ransomware group has struck once again, targeting unsuspecting victims in their latest wave of attacks. The most recent victims to fall prey to the LockBit 3.0 ransomware attack are MMI Culinary Services and Caribbean Radiation Oncology Centre.

The authenticity of the LockBit group’s claims regarding the cyberattack on MMI Culinary Services and Caribbean Radiation Oncology Centre remains shrouded in uncertainty.

What We Know About this LockBit 3.0 Cyberattack?

Despite assertions of successful infiltration and data compromise, the official websites of the targeted companies appear to be fully operational, casting doubt on the veracity of the cybercriminals’ boasts.

The Cyber Express Team has tried to substantiate LockBit 3.0 ransomware attack claims by reaching out to company officials for clarification. However, as of the time of this report, no response has been forthcoming, leaving the LockBit 3.0 ransomware attack claim unverified.

MMI Culinary Services, based in Louisiana and established in 1986, has evolved from a modest catering business specializing in Cajun-style seafood boils to a leading manufacturing company renowned for its “kettle-cooked” foods.

On the other hand, the Caribbean Radiation Oncology Centre, located in Guaynabo, Puerto Rico, has been providing cutting-edge cancer diagnosis and treatment services since its inception in 2007, earning a reputation as one of the region’s premier medical facilities for advanced oncological radiation technology.

Repercussions of Cyberattack on Targeted Firms

The repercussions of the cyberattack on MMI Culinary Services and Caribbean Radiation Oncology Center, if proven true, could extend far beyond immediate financial losses.

These attacks have the potential to compromise highly sensitive data, ranging from proprietary recipes and manufacturing processes to patients’ medical records and treatment protocols.

For MMI Culinary Services, a breach could not only result in the loss of valuable intellectual property but also undermine customer trust and confidence in the safety and quality of their products.

Similarly, for Caribbean Radiation Oncology Center, the exposure of patient data could…

Source…

Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised?

/in


eyes on a blue background with a phone featured prominently with location markers falling out of it, suggestive of a leak

Image Credits: Bryce Durbin / TechCrunch

A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never fixed.

Now, two hacking groups have independently found the flaw that allows the mass access of victims’ stolen mobile device data directly from TheTruthSpy’s servers.

Switzerland-based hacker maia arson crimew said in a blog post that the hacking groups SiegedSec and ByteMeCrew identified and exploited the flaw in December 2023. Crimew, who was given a cache of TheTruthSpy’s victim data from ByteMeCrew, also described finding several new security vulnerabilities in TheTruthSpy’s software stack.

SPYWARE LOOKUP TOOL

You can check to see if your Android phone or tablet was compromised here.

In a post on Telegram, SiegedSec and ByteMeCrew said they are not publicly releasing the breached data, given its highly sensitive nature.

Crimew provided TechCrunch with some of the breached TheTruthSpy data for verification and analysis, which included the unique device IMEI numbers and advertising IDs of tens of thousands of Android phones recently compromised by TheTruthSpy.

TechCrunch verified the new data is authentic by matching some of the IMEI numbers and advertising IDs against a list of previous devices known to be compromised by TheTruthSpy as discovered during an earlier TechCrunch investigation.

The latest batch of data includes the Android device identifiers of every phone and tablet compromised by TheTruthSpy up to and including December 2023. The data shows TheTruthSpy continues to actively spy on large clusters of victims across Europe, India, Indonesia, the United States, the United Kingdom and elsewhere.

TechCrunch has added the latest unique identifiers — about 50,000 new Android devices — to our free spyware lookup tool that lets you check if your Android device was compromised by TheTruthSpy.

Security bug in TheTruthSpy exposed victims’ device data

For a time, TheTruthSpy was one of the most prolific apps for facilitating…

Source…