Tag: Victims | Page 3

Ransomware Leak Site Victims Reached Record-High in November

December 25, 2023/in Internet Security

After a quieter month in October, ransomware groups seemed to return with a vengeance in November, with the highest number of listed victims ever recorded, according to Corvus Insurance.

In a report published on December 18, 2023, Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November.

This represents a 39.08% increase from October and a 110.43% increase compared with November 2022.

This is the eleventh month in a row with a year-on-year increase in ransomware victims and the ninth in a row with victim counts above 300. This is also the third time such a record has been broken this year.

However, while the previous two records in 2023 were primarily attributed to Clop’s MOVEit supply chain attack, this was not the case in November.

A CitrixBleed-Induced LockBit’s Activity Peak

According to Corvus’ data, the November peak was partly due to a resurgence in LockBit’s activity.

November was LockBit’s third-highest month of 2023 in terms of listed victims (121) after a quieter Fall.

If the first two peaks were due to affiliates returning to work after a winter or a summer break, Corvus threat intelligence analysts estimated that the November increase could be attributed to the CitrixBleed vulnerability, “which has reportedly become a new staple for the group.”

Could QakBot Resurgence Mean a New Record this Winter?

Based on historical seasonal data, the Corvus Threat Intel team predicted that the number of ransomware leak site victims listed in December will be higher than in December 2022 but likely won’t match November’s numbers.

“We expect a decrease in January as the humans behind ransomware attacks take some time off,” the researchers added.

Finally, Corvus observed that although the take-down of malware loader QakBot (aka QBot) by law enforcement in August impacted ransomware groups. This new resurgence in victim listings showed that “the ransomware ecosystem has successfully pivoted away from QBot.”

The fact that…

Source…

Police Bust Ransomware Gang in Ukraine for Attacking 1,800 Victims

November 29, 2023/in Internet Security

European police say they’ve dismantled a ransomware group in Ukraine that was behind a series of high-profile attacks on corporations across the globe.

Law enforcement arrested the suspected 32-year-old ringleader to the group, along with four of his most active accomplices, Europol said on Tuesday. Law enforcement agencies including officials from the US, also helped investigate 30 properties across Ukraine, including in the capital of Kyiv, tied to the gang.

Europol didn’t say whether the gang developed the ransomware code. But the group used several ransomware strains, including “LockerGoga, MegaCortex, HIVE and Dharma” to attack companies. This suggests they operated as an “affiliate,” buying access to the attacks from ransomware code developers.

Police investigating the hacker's phones.

(Credit: Cyber Police of Ukraine)

Europol adds: “The suspects had different roles in this criminal organization. Some of them are thought to be involved in compromising the IT networks of their targets, while others are suspected of being in charge of laundering cryptocurrency payments made by victims to decrypt their files.”

To spread ransomware to the corporations, the group resorted to sending phishing emails to employees or guessing their login passwords. Once inside a company network, the gang would use other tools, including the Trickbot malware, to gain wider access. The ensuing ransomware attack would then encrypt servers across the network, forcing the victim companies to pay up in cryptocurrency or risk losing their data forever.

“These attacks are believed to have affected over 1,800 victims in 71 countries,” added the European Union Agency for Criminal Justice Cooperation. “The perpetrators targeted large corporations, effectively bringing their business to a standstill and causing losses of at least several hundred millions of euros.”

The Cyber Police of Ukraine also assisted in taking down the gang, which allegedly began targeting companies starting in 2018. In one example, the group demanded a company in the Netherlands pay 450 Bitcoin ($16.8 million in today’s value) to restore their servers.

Recommended by Our Editors

“It has been established that over several years of criminal…

Source…

NPC Says PhilHealth Hacking Victims Can File Complaint; Warns Against Resharing Of Leaked Data

October 10, 2023/in Internet Security

The National Privacy Commission said people can claim damages if proven affected by the Medusa ransomware attack on the Philippine Health Insurance Corp.

Individuals who had their personal data stolen in the Medusa
ransomware attack on the Philippine Health Insurance Corp. (PhilHealth)
can file a complaint before the National Privacy Commission.

NPC
Public Information and Assistance Division chief Roren Marie Chin said
on Tuesday, Oct. 10, people who think their personal data had been
compromised in the successful ransomware attack on PhilHealth can file
their individual complaint before the commission.

“Individuals affected may file a complaint to NPC and if proven, they can claim damages,” Chin said.

She added their investigation of the complaint would determine the damage claims that can be awarded.

Warning

The NPC has also issued a warning against the resharing of leaked data from the PhilHealth ransomware attack.

“It
has come to our attention that the personal data exfiltrated from
PhilHealth is being shared illicitly. We want to emphasize the gravity
of this situation and the severe consequences that await anyone involved
in processing, downloading or sharing this data without legitimate
purpose or without authorization,” the NPC said in a statement on
Tuesday.

“In unequivocal terms, the NPC issues a stern warning to
the public: Any individual or organization found to process, download or
share the exfiltrated data from PhilHealth will be held accountable for
unauthorized processing of personal information and may face criminal
charges,” it stated.

The Privacy Commission emphasized that under
Section 25 of the Data Privacy Act of 2012 (DPA), those found guilty of
unauthorized processing of personal information will face penal-ties
that include imprisonment for one to three years and a fine ranging from
P500,000 to P2 million.

In addition, unauthorized processing of
sensitive personal information carries even more substantial penalties,
particularly imprisonment for three to six years and a fine ranging from
P500,000 to P4 million.

“Sharing such leaked data exposes
affected individuals to a range of risks, including identity…

Source…

Scattered Spider traps 100+ victims in its web as it moves into ransomware • The Register

September 16, 2023/in Internet Security

Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the cybercrime scene, according to Mandiant.

Further, as also witnessed in the ongoing MGM Resorts network outage, the gang, known for its social-engineering-based attacks, is now throwing data-stealing ransomware at victims, too.

In its analysis this week into Scattered Spider’s evolving tactics, Mandiant says the “expansion in the group’s monetization strategies” began in mid-2023. That write-up should be useful for IT defenders: it details mitigations, advice, and indicators of compromise to look out for.

The Google-owned threat intel firm tracks Scattered Spider as UNC3944. Its comments on the crime gang are significant because Mandiant is one the top incident response teams called in to clean up the messes made by such high-profile intruders.

“These changes in their end goals signal that the industries targeted by UNC3944 will continue to expand,” the analysis says. “Mandiant has already directly observed their targeting broaden beyond telecommunication and business process outsourcer (BPO) companies to a wide range of industries including hospitality, retail, media and entertainment, and financial services.”

Scattered Spider, which has been around for about two years, is a US-UK-based Lapsus$-like gang that specializes in SMS phishing and phone-based social engineering that it uses to steal login credentials belonging to employees of targeted organizations or otherwise ultimately sneak into IT networks of its targets without permission.

In one of the group’s first major phishing campaigns in 2022, dubbed Oktapus, the criminals initially went after employees of Okta customers, targeting as many as 135 orgs — IT, software development and cloud services providers based in the US.

First, Scattered Spider sent text messages to the employees with malicious links to sites spoofing their company’s authentication page. This allowed the gang to steal some 9,931 user credentials and 5,441 multi-factor authentication codes, we’re told.

Just last month, the crew targeted more Okta customers, this…

Source…

Tag Archive for: Victims

A CitrixBleed-Induced LockBit’s Activity Peak

Could QakBot Resurgence Mean a New Record this Winter?

Recommended by Our Editors