NSA, DHS shine light on BlackMatter ransomware threat to food industry, demands of up to $15 million

A government advisory published Monday warned that BlackMatter ransomware attackers are going after U.S. critical infrastructure, including food and agriculture organizations, and demanding exorbitant payouts. It’s the latest joint alert from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency, this time about a form of ransomware that first emerged in July. It comes just days after a similar alert about ransomware threats to water and wastewater facilities. It’s also part of a recent push by federal security agencies to put a focus on the food and agriculture sector. “This advisory highlights the evolving and persistent nature of criminal cyber actors and the need for a collective public and private approach to reduce the impact and prevalence of ransomware attacks,” said Eric Goldstein, executive assistant director for cybersecurity at CISA. BlackMatter seeks between $80,000 and $15 million in cryptocurrency, including bitcoin and Monero, […]

The post NSA, DHS shine light on BlackMatter ransomware threat to food industry, demands of up to $15 million appeared first on CyberScoop.

Continue reading NSA, DHS shine light on BlackMatter ransomware threat to food industry, demands of up to $15 million

2021 ransomware transactions have already exceed 2020 numbers, Treasury Department says

As of June, financial institutions have already reported 635 suspicious ransomware-related activities to the Financial Crimes Enforcement Network, according to a report out Friday from the Treasury Department — a 30% increase from all reported activity in 2020. The report also found that the cost of ransomware payments is climbing. The total value of the 2021 reports was $590 million — or a $66.4 million monthly average — compared to $416 million for all of 2020. The analysis, which is the first issued under the updated FinCEN threat trend reporting requirements enacted into law earlier this year, underscores both concerns with the growing cost of ransomware as well as the role of virtual currencies in how criminals extort and launder funds. The Treasury Department last month announced its first sanctions against a cryptocurrency exchange for facilitating transactions involving money gained from ransomware. The report, as well as guidance issued Friday […]

The post 2021 ransomware transactions have already exceed 2020 numbers, Treasury Department says appeared first on CyberScoop.

Continue reading 2021 ransomware transactions have already exceed 2020 numbers, Treasury Department says

Olympus probes apparent cyberattack, its second in less than a month

Japanese technology manufacturer Olympus announced Tuesday that it was investigating “a potential cybersecurity incident” affecting IT systems in the U.S., Canada and Latin America. The Oct. 12 statement was light on detail but said the “incident” was detected Sunday, Oct. 10. The Tokyo-based company has offices and subsidiaries around the world, which produce and sell equipment such as medical devices and various microscopes. The issue comes nearly a month after the company was the victim of a ransomware attack affecting its business units in Europe, the Middle East and Africa. That incident was reportedly the work of an attacker affiliated the BlackMatter ransomware group, one of the successor groups of DarkSide, the Russia-based gang behind the Colonial Pipeline attack in May, which became a major discussion point between President Joe Biden and Russian President Vladimir Putin during a bilateral summit in June. BlackMatter is also linked to REvil, another prolific […]

The post Olympus probes apparent cyberattack, its second in less than a month appeared first on CyberScoop.

Continue reading Olympus probes apparent cyberattack, its second in less than a month

Ransomware gangs are starting more drama on cybercrime forums, upending ‘honor among thieves’ conventions

When ransomware group REvil reappeared in September after a nearly two-month downtime, its return was met with a less-than-friendly reception on the cybercriminal underground. Before going dark, the Russia-based gang attracted attention from the White House for two attacks that disrupted U.S. supply chains: the May breach at global meat supplier JBS that netted a reported $11 million payment, and a July hack on the software company Kaseya that immobilized hundreds of clients, some for months. REvil’s sudden disappearance left hackers that had been leasing out the group’s ransomware tools to conduct their own attacks, also known as affiliates, in the lurch. Almost immediately, several affiliates opened arbitration cases against the group on illicit forums. One hacker “Boriselcin” claimed on the XSS forum that the REvil owed him money before it disappeared. While the two parties quickly resolved the case, not all disputes end so quietly, according to researchers who study dark […]

The post Ransomware gangs are starting more drama on cybercrime forums, upending ‘honor among thieves’ conventions appeared first on CyberScoop.

Continue reading Ransomware gangs are starting more drama on cybercrime forums, upending ‘honor among thieves’ conventions

Olympus investigating reported ransomware attack with BlackMatter hallmarks

A Japanese technology manufacturer confirmed it is investigating a reported ransomware attack affecting business units in Europe, the Middle East and Africa dating back to Sept. 8. In a statement Saturday, Tokyo-based Olympus said it’s looking into “a potential cybersecurity incident” that resulted in the suspicion of data transfers between relevant systems. The apparent breach is in fact a ransomware incident that began on Sept. 8 carried out by a hacker who claims to be affiliated with the BlackMatter extortion group, TechCrunch first reported. The attacker included a note on infected computers promising to decrypt the relevant systems in exchange for payment, according to TechCrunch. “Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue,” the company said. The ransom message directed recipients to visit a page reportedly known to be affiliated […]

The post Olympus investigating reported ransomware attack with BlackMatter hallmarks appeared first on CyberScoop.

Continue reading Olympus investigating reported ransomware attack with BlackMatter hallmarks

National cyber director declares ‘too soon to say we’re out of the woods,’ as US enjoys dip in ransomware

After a summer marked by big ransomware attacks from suspected Russian gangs, some of those same groups went quiet. National Cyber Director Chris Inglis said Thursday that it’s too early to tell if the trend will hold. “Those attacks have fallen off. Those syndicates have to some degree deconstructed,” Inglis said at an event hosted by the Ronald Reagan Presidential Foundation and Institute. “I think it’s a fair bet they have self-deconstructed and essentially gone cold and quiet to see whether the storm will blow over and whether they can then come back.” Whether they do so will depend largely on whether Russian President Vladimir Putin takes steps to undo the “permissive” atmosphere after U.S. President Joe Biden warned him repeatedly about ransomware attacks originating from his country. “It’s too soon to say we’re out of the woods on this,” Inglis said. The FBI blamed Russian ransomware gang REvil for […]

The post National cyber director declares ‘too soon to say we’re out of the woods,’ as US enjoys dip in ransomware appeared first on CyberScoop.

Continue reading National cyber director declares ‘too soon to say we’re out of the woods,’ as US enjoys dip in ransomware

A US official explains why the White House decided not to ban ransomware payments

The Biden administration backed away from the idea of banning ransomware payments after meetings with the private sector and cybersecurity experts, a top cybersecurity official said Wednesday. “Initially, I thought that was a good approach,” Anne Neuberger, deputy national security advisor for cyber and emerging technology, said at an Aspen Security Forum event. “We know that ransom payments are driving this ecosystem.” Experts, including former government officials serving on a non-profit ransomware task force, helped shift that view, following high-profile hacks against Colonial Pipeline, the food production company JBS and Kaseya, a Florida-based IT firm. Payments from the Colonial Pipeline and JBS attacks totaled more than $15 million, a number that likely represents a fraction of the funds sent to extortionists. “We heard loud and clear from many that the state of resilience is inadequate, and as such, if we banned ransom payments we would essentially drive even more of […]

The post A US official explains why the White House decided not to ban ransomware payments appeared first on CyberScoop.

Continue reading A US official explains why the White House decided not to ban ransomware payments

2 new ransomware gangs Haron, BlackMatter appear after REvil, DarkSide

By Sudais Asif
Currently, it is unclear if Haron and BlackMatter ransomware gangs have been started by now-defunct REvil and DarkSide ransomware operators.
This is a post from HackRead.com Read the original post: 2 new ransomware gangs Haron, BlackMatt… Continue reading 2 new ransomware gangs Haron, BlackMatter appear after REvil, DarkSide

Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers

Digital sleuths at cyber threat intelligence firms have found clues that a seemingly new ransomware organization has links to DarkSide and REvil, two gangs that suddenly disappeared shortly after major attacks. From the moment DarkSide vanished following the Colonial Pipeline incident and REvil went dark after locking up JBS and customers of Kaseya, questions swirled about whether a government took them down, whether attackers quit, or whether they simply went underground to rebrand. Flashpoint, Mandiant and Recorded Future on Tuesday and Wednesday said they discovered at least some connection between DarkSide and/or REvil and BlackMatter, a group that emerged last week. “The project has incorporated in itself the best features of DarkSide, REvil, and LockBit,” BlackMatter itself proclaimed, according to Recorded Future. LockBit is another ransomware operation that first appeared in 2019, and all three are thought to operate out of Russia. Exactly what “best features” BlackMatter borrowed from other […]

The post Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers appeared first on CyberScoop.

Continue reading Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers

Colonial Pipeline Hinted at Critical Infrastructure Threat

The long gas lines, panic buying and price spikes are fading into memory. But the ransomware attack in early May 2021 on the largest fuel pipeline in the U.S. must continue to drive urgent action by the industry and policymakers to protect the nation’… Continue reading Colonial Pipeline Hinted at Critical Infrastructure Threat