Category Archives: Emsisoft

How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS

Posted on by

The Russian ransomware gang REvil is loud, ambitious and particularly nasty. Even by hackers’ standards. Before claiming responsibility for a breach at the software company Kaseya, which has resulted in breaches at perhaps thousands of other businesses and newfound attention from the White House, the group accounted for less than 10% of known ransomware victims, according to the threat intelligence firm Recorded Future. Now, it accounts for 42%. As U.S. national security officials and much of the cybersecurity community race to mitigate the fallout from the Kaseya incident, the incident serves as yet another reminder of how groups of scammers are making millions of dollars after years of honing their tradecraft. A “conservative estimate” by IBM placed REvil’s 2020 profits at $123 million, first among ransomware gangs, while multiple firms said the gang’s malware was the most common digital extortion tool. That was before the REvil group also struck the […]

The post How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS appeared first on CyberScoop.

Continue reading How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS

Burgeoning ransomware gang Avaddon appears to shut down, mysteriously

Posted on by

A ransomware gang has apparently disappeared just as its fortunes were rising. Ransomware experts said Avaddon shut down as of Friday. The operators left no explanation for why they might have done so, and they’re letting their remaining victims off the hook. Avaddon sent Bleeping Computer 2,934 decryption keys, after which the security firm Emsisoft produced a free, public decryption tool. After last month’s ransomware attack on Colonial Pipeline caused disruptions in the U.S. on fuel delivery, Avaddon became one of the most prolific posters of victim data to its extortion site, compared to other such groups. “This is great news,” tweeted Allan Liska, a Recorded Future analyst specializing in ransomware. “Avaddon was considered a second tier ransomware operator, but since the Colonial Pipeline attack they have been tied with Conti in terms of number of victims posted to their extortion site.” But with success has come attention. The FBI […]

The post Burgeoning ransomware gang Avaddon appears to shut down, mysteriously appeared first on CyberScoop.

Continue reading Burgeoning ransomware gang Avaddon appears to shut down, mysteriously

Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees

Posted on by

Ransomware gangs have now struck two cybersecurity insurers in as many months, with AXA confirming over the weekend that an attack had affected its Asian operations. AXA joins CNA Insurance, which in April confirmed that a ransomware incident had forced the company to take its operations offline. The attack on AXA, though, comes shortly after the French insurer said it would no longer reimburse ransomware payments under new policies it writes in that country, although a source familiar with the attack said there was no connection between AXA’s decision and the attack on its own networks. The so-called Avaddon ransomware operators posted screenshots of information online that they said they obtained from AXA’s Asia Assistance subsidiary. The screenshots include a claim that the operators stole three terabytes of data, such as customer medical reports and claims, customer IDs and bank account papers, payments to customers and other health information. “Asia […]

The post Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees appeared first on CyberScoop.

Continue reading Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees

Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent

Posted on by

When French insurer AXA signaled last week that it would no longer write new cyber-insurance policies covering  extortion payouts to criminals, ransomware and cyber insurance experts had two reactions. They wondered why it took so long, and how long it would take others to follow suit. Ransomware is an ever-increasing cause of cyber-insurance claims, according to industry estimates, and having such insurance may make policyholders more likely to be attacked. A representative of the REvil ransomware gang said in a March interview that the group specifically targets victims known to have cyber-insurance, because they’re “one of the tastiest morsels” who can more easily afford to pay. In perhaps the biggest ransomware payment of 2020, smartwatch maker Garmin paid a reported $10 million and said it wasn’t sure how much its insurance would cover of all the costs, which it didn’t enumerate by type of expense.  Those conditions can perpetuate themselves. […]

The post Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent appeared first on CyberScoop.

Continue reading Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent

Task Force Seeks to Disrupt Ransomware Payments

Posted on by

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes. Continue reading Task Force Seeks to Disrupt Ransomware Payments

Ransom Gangs Emailing Victim Customers for Leverage

Posted on by

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up. Continue reading Ransom Gangs Emailing Victim Customers for Leverage

Ransomware Group Turns to Facebook Ads

Posted on by

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. Continue reading Ransomware Group Turns to Facebook Ads

Why Paying to Delete Stolen Data is Bonkers

Posted on by

Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data published anyway. Continue reading Why Paying to Delete Stolen Data is Bonkers

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Posted on by

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet. Continue reading Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Ransomware Hit ATM Giant Diebold Nixdorf

Posted on by

Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network. Continue reading Ransomware Hit ATM Giant Diebold Nixdorf