Collaborate Disseminate
Ransomware attacks have continued to make headlines, and for good reason: on average, there is a new ransomware attack every 11 seconds, and the losses to organizations from ransomware attacks is projected to reach $20 billion over the course of 2… Continue reading Report: Ransomware Attacks and the True Cost to Business
Details about the “ANOM” global crime sting where the FBI created a fake encrypted mobile phone for criminals that promised secure communications, new details about how the Colonial Pipeline ransomware attack started, and some really bad security resea… Continue reading ANOM FBI Global Crime Sting, Colonial Pipeline Updates, Password Leak Research
A ransomware gang has apparently disappeared just as its fortunes were rising. Ransomware experts said Avaddon shut down as of Friday. The operators left no explanation for why they might have done so, and they’re letting their remaining victims off the hook. Avaddon sent Bleeping Computer 2,934 decryption keys, after which the security firm Emsisoft produced a free, public decryption tool. After last month’s ransomware attack on Colonial Pipeline caused disruptions in the U.S. on fuel delivery, Avaddon became one of the most prolific posters of victim data to its extortion site, compared to other such groups. “This is great news,” tweeted Allan Liska, a Recorded Future analyst specializing in ransomware. “Avaddon was considered a second tier ransomware operator, but since the Colonial Pipeline attack they have been tied with Conti in terms of number of victims posted to their extortion site.” But with success has come attention. The FBI […]
The post Burgeoning ransomware gang Avaddon appears to shut down, mysteriously appeared first on CyberScoop.
Continue reading Burgeoning ransomware gang Avaddon appears to shut down, mysteriously
It’s been two months since President Joe Biden announced his two most important Senate-confirmed cybersecurity picks: Jen Easterly to lead the Department of Homeland Security’s cybersecurity agency, and Chris Inglis to be the national cyber director. During that time, ransomware attacks have forced temporary shutdowns of a major fuel pipeline and a big meat supplier, and Biden has signaled he will raise the issue of harboring criminal hackers in a meeting next week with Russian President Vladimir Putin. Americans got their closest look yet of how Inglis and Easterly would approach those pressing issues during a Senate confirmation hearing Thursday. The nominees labeled ransomware a “scourge” that threatens national security, vowed to work with critical infrastructure firms to improve their defenses, and wondered aloud if additional federal regulations were necessary to incentivize firms to reduce their vulnerabilities to hacking. The U.S. government, Inglis said, must “seize back the initiative that […]
The post Biden cyber nominees Easterly, Inglis describe ransomware as urgent national security threat appeared first on CyberScoop.
If those burgers you throw on the grill are even more expensive this summer, this might be one of the reasons. Meat processor JBS USA paid out $11 million to hackers after a ransomware attack compelled it to shutter beef processing in the U.S. and par… Continue reading Who Wore It Better? JBS Paid Ransom, Fujifilm Did Not
JBS, one of America’s biggest meat processors, said Wednesday that it paid cybercriminals an $11 million ransom to ensure the hackers didn’t steal company data. The payment is more than double the $4.4 million that Colonial Pipeline, a major fuel supplier, paid to recover its data in the wake of a separate ransomware attack. “In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated,” JBS’s U.S. division said in a statement. In the same company statement, Andre Nogueira, CEO of JBS’s U.S. division, said it was a “very difficult decision” for the company and for him. “However, we felt this decision had to be made to prevent any potential risk for our customers,” he said. The ransomware attack forced JBS, which accounts for an estimated one-fifth of U.S. beef production, […]
The post Meat supplier JBS says it paid $11 million ransom to keep attackers from stealing data appeared first on CyberScoop.
Lawmakers repeatedly challenged Colonial Pipeline CEO Joseph Blount on Wednesday about the steps it took to work with the government after a May ransomware attack, often suggesting the company fell short. A long string of House Homeland Security Committee members questioned Blount about his assertion that Colonial had not, as reported, refused voluntary Transportation Security Administration cybersecurity reviews. Instead, the company delayed them due to COVID-19 restrictions and a physical move to a new building, he said. “Delaying these assessments for so long amounts to declining them, sir,” said Rep. Bonnie Watson Coleman, D-N.J., citing communications that began in March of 2020. “It raises serious questions,” she said, while noting that her information says that Colonial turned down even a virtual assessment offers before the ransomware attack that led to fuel delivery slowdowns last month. Colonial has now scheduled a TSA review for late July, Blount said. Blount’s answers about government […]
The post Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident appeared first on CyberScoop.
A new ransomware group claims to have breached 30 organizations in government, financial services, health care services, and energy firms in the United States, United Kingdom, and a dozen more countries, according to Palo Alto Networks research published Wednesday. The group, which Palo Alto researchers have dubbed “Prometheus,” most frequently targets the manufacturing industry. The activity comes amid ongoing concern about the effect of ransomware on national security and global supply chains after incidents at Colonial Pipeline and the meat-processing corporation JBS. “The Prometheus ransomware gang has the potential to target organizations that would lead to national concerns,” Doel Santos, threat intelligence analyst at Palo Alto Networks’ Unit 42, wrote in an email. “These threat actors are opportunistic. They are willing to target any organization.” The group has also targeted victims in manufacturing, logistics, consulting, agriculture, insurance, and legal industries. Prometheus claims to be affiliated with REvil, a Russia-based hacking […]
The post Emerging ‘Prometheus’ ransomware claims 30 victims in a dozen countries, Palo Alto Networks says appeared first on CyberScoop.
Colonial Pipeline did not have guidance in place on how to handle a ransom demand from cybercriminals who locked up its systems, its CEO testified in a hearing before the Senate Homeland Security and Governmental Affairs Committee Tuesday. The company’s failure to prepare explicitly for a ransomware attack — despite warnings from Homeland Security Department’s Cybersecurity and Infrastructure Security Agency as early as February 2020 about the risk of such attacks against the pipeline industry — underscores growing concerns from lawmakers that the critical sector needs tighter regulations when it comes to cybersecurity. “We have an emergency response process: See the threat, contain the threat, remediate the threat, and restore,” Colonial Pipeline CEO Joseph Blount said in response to a question from Sen. Maggie Hassan, D-N.H. about ransomware-specific guidance. “So in this case, you use the same process, but you use a different set of experts.” Hassan chastized Blount’s response, […]
The post Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack appeared first on CyberScoop.
Continue reading Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack
The scourge of ransomware has now hit closer to home for U.S. politicians. Ransomware has impacted the newsletter service of iConstituent, a firm that U.S. lawmakers use to contact constituents, the House of Representatives’ Chief Administrative Officer (CAO) said Tuesday. Individual offices choose to buy iConstituent services, which include virtual town halls, email and texting, and other data services. “At this time, the CAO is not aware of any impact to House data,” the CAO office said in an emailed statement. “The CAO is coordinating with the impacted offices supported by iConstituent and has taken measures to ensure that the attack does not affect the House network and offices’ data.” iConstituent boasts that its software “supports millions of digital interactions between people and their governments each year.” It was unclear Tuesday morning how broadly the incident would impact House legislators’ communication with constituents. The Washington-based firm did not immediately respond […]
The post Ransomware hits iConstituent, a service lawmakers use to communicate with voters appeared first on CyberScoop.
Continue reading Ransomware hits iConstituent, a service lawmakers use to communicate with voters