Category Archives: Financial

Cryptocurrency reporting requirement in infrastructure bill sees potential changes

Posted on by

U.S. lawmakers are moving forward with a revised version of an idea that aims to gather data about cryptocurrency transactions in a way meant to curb tax cheats. Senate Finance Committee Chair Ron Wyden (D-Ore.) joined by colleagues Sens. Cynthia Lummis (R-Wyo.) and Pat Toomey (R-Pa.) have filed an amendment seeking to put to rest some of the cryptocurrency industry’s concerns about a sweeping new $1 trillion infrastructure package Congress is set to vote on this week. The amendment alters current language in the infrastructure bill that enforces requirements for “brokers” to report cryptocurrency that is bought, sold, and traded. The idea comes as U.S. officials are exploring regulations that might shed light on ransomware payments made through the technology. U.S. Securities and Exchange Commission chairman Gary Gensler on Tuesday also called on Congress for additional authorities to undertake regulatory efforts. “Our amendment makes clear that reporting does not apply […]

The post Cryptocurrency reporting requirement in infrastructure bill sees potential changes appeared first on CyberScoop.

Continue reading Cryptocurrency reporting requirement in infrastructure bill sees potential changes

Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers

Posted on by

Digital sleuths at cyber threat intelligence firms have found clues that a seemingly new ransomware organization has links to DarkSide and REvil, two gangs that suddenly disappeared shortly after major attacks. From the moment DarkSide vanished following the Colonial Pipeline incident and REvil went dark after locking up JBS and customers of Kaseya, questions swirled about whether a government took them down, whether attackers quit, or whether they simply went underground to rebrand. Flashpoint, Mandiant and Recorded Future on Tuesday and Wednesday said they discovered at least some connection between DarkSide and/or REvil and BlackMatter, a group that emerged last week. “The project has incorporated in itself the best features of DarkSide, REvil, and LockBit,” BlackMatter itself proclaimed, according to Recorded Future. LockBit is another ransomware operation that first appeared in 2019, and all three are thought to operate out of Russia. Exactly what “best features” BlackMatter borrowed from other […]

The post Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers appeared first on CyberScoop.

Continue reading Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers

Kaseya says it didn’t pay ransomware gang for decryption key after hacks affected hundreds

Posted on by

Kaseya, the company at the center of a ransomware outbreak that claimed perhaps thousands of victims, said on Monday that it didn’t pay off the attackers to obtain the decryption tool it announced last week. The Florida IT firm, breached just before the July 4 holiday, did not elaborate on how it obtained the working decryption key, beyond its statement that a “trusted third party” provided it. “While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment,” the company said in a website update. “As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom — either directly or indirectly through a third party — to obtain the decryptor.” Kaseya said it was teaming with the security firm […]

The post Kaseya says it didn’t pay ransomware gang for decryption key after hacks affected hundreds appeared first on CyberScoop.

Continue reading Kaseya says it didn’t pay ransomware gang for decryption key after hacks affected hundreds

Scammers are using fake Microsoft 11 installers to spread malware

Posted on by

Windows 11 won’t hit the street until later this year, but that hasn’t stopped hackers from trying to use it to infect victims with malware. Security firm Kaspersky warned on Friday that crooks were exploiting people overeager to get their hands on the Microsoft operating system update, due for fall release, with fake installers. “Although Microsoft has made the process of downloading and installing Windows 11 from its official website fairly straightforward, many still visit other sources to download the software, which often contains unadvertised goodies from cybercriminals (and isn’t necessarily Windows 11 at all),” Kaspersky wrote. Those sarcastic “goodies” range from relatively innocuous adware to password stealers and trojans. It’s not unprecedented for cybercriminals to use demand for a product or service to take advantage of victims, be it coronavirus contact tracing apps or the Telegram encrypted messaging app. Microsoft announced Windows 11 in late June, and shortly after […]

The post Scammers are using fake Microsoft 11 installers to spread malware appeared first on CyberScoop.

Continue reading Scammers are using fake Microsoft 11 installers to spread malware

Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says

Posted on by

The tides may be starting to turn on the ransomware epidemic, new industry findings show. The average ransomware payment declined to $136,576 in the second quarter of 2021, according to numbers published Friday by ransomware response firm Coveware. The company did not share how many companies that data was based on. The 38% decrease is a dramatic drop from the average demand of $220,298 that the firm reported in April for the first quarter. That number was a 43% increase from the last quarter of 2020. The decline comes in the shadow of three major ransomware attacks hitting the U.S. supply chain. Since May, U.S. officials have faced three high-profile ransomware attacks against fuel provider Colonial Pipeline, meat supply company JBS, and most recently Florida IT company Kaseya. The latter two attacks have been attributed to REvil, a ransomware gang thought to be based in Russia. The resulting wake-up call in both […]

The post Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says appeared first on CyberScoop.

Continue reading Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says

Dutch police bust alleged ‘Fraud Family’ phishing service members

Posted on by

Dutch police have arrested two people for their alleged involvement in a phishing fraud-as-a-service scheme, one of them a 15-year-old suspect and the other a 24-year-old due to appear in court on Friday. Authorities got an assist from security vendor Group-IB in the arrests for the “Dutch-speaking syndicate that develops, sells and rents sophisticated phishing frameworks,” according to the company. Group-IB had dubbed the syndicate and its “massive” operation “Fraud Family.” The unnamed 24-year-old is accused of developing the phishing service kits, while the 15-year-old allegedly sold them. The younger suspect was released pending further investigation. Dutch police also said they searched a third 18-year-old suspect. Group-IB said the Fraud Family operation, which has mainly hit victims in the Netherlands and Belgium since at least 2020 but perhaps as far back as 2018, is focused on stealing banking credentials. The criminals advertised their service to less-skilled cyber crooks on the […]

The post Dutch police bust alleged ‘Fraud Family’ phishing service members appeared first on CyberScoop.

Continue reading Dutch police bust alleged ‘Fraud Family’ phishing service members

Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy

Posted on by

In a series of ransomware payment negotiations last December, operatives from a gang known as “Egregor” alternated from treating their victims with surprising civility, and behaving like cartoonish movie villains. “The Egregor Team wishes you a Merry Christmas and a Happy New Year,” they’d say at intervals of their chat room communications, sometimes in the middle of an extortion back-and-forth. “We wish you wisdom in your decision making and financial stability in this difficult time for us all. Happy Holidays!” In another exchange, they weren’t as kind, threatening to leak victims’ data and publish it on a website as a warning to other organizations that might fall in the group’s crosshairs. “We simply need to determine what category you should be placed in. In the category of those who are ready to negotiate and pay or in the category of scarecrows on our news site,” one exchange read. “It’s not […]

The post Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy appeared first on CyberScoop.

Continue reading Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy

US government launches plans to cut cybercriminals off from cryptocurrency

Posted on by

The White House on Thursday announced a flurry of actions launched by a new interagency task force to combat ransomware. The updates on the White House’s plan to tackle ransomware comes on the heels of the third major ransomware attack to pose a serious threat to the U.S. national security in as many months. The Russia-tied group REvil hit Florida-based IT firm Kaseya earlier this month, potentially affecting more than 1,500 companies. The group’s websites recently went dark for reasons that are still unclear. The senior administration declined to comment on whether the United States has or will take action against the group. Chief among the White House task force’s new efforts is to cut groups like REvil off from virtual currencies, which they use to collect ransom from victims and sell services to affiliates. The Treasury Department will support the implementation of money laundering requirements for virtual currency exchanges […]

The post US government launches plans to cut cybercriminals off from cryptocurrency appeared first on CyberScoop.

Continue reading US government launches plans to cut cybercriminals off from cryptocurrency

Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details

Posted on by

Ransomware has never been more of a national security concern after a string of hacks against the fuel supplier Colonial Pipeline, meat giant JBS and perhaps thousands of others compromised after breach at a large IT firm. Few people, if any, seem to grasp the breadth and cost of the scourge, as there are no legal requirements for victims to disclose when they pay hackers to unlock their network.  That, combined with the suspicious that most victims don’t, report their digital extortion payments, makes it harder for law enforcement and security firms to combat attacks, or even understand how to fight them. That’s the impetus behind a project that Stanford University student and security researcher Jack Cable launched on Thursday, dubbed “Ransomwhere,” a plan to track payments to bitcoin addresses associated with known ransomware gangs. “Having public transparency around the impact of ransomware, especially as we’re proposing and considering different […]

The post Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details appeared first on CyberScoop.

Continue reading Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details

Houston man sentenced to 7 years for attempted $2 million romance scam

Posted on by

A U.S. federal judge sentenced a Nigerian national to 87 months in prison for his role in trying to steal more than $2 million from victims via romance scams and spoofed email requests for wire transfer payments. The judge on Wednesday also ordered Akhabue Ehis Onoimoimilin, who lives in Houston, to pay back nearly $900,000 to victims of the money laundering scheme to which he pleaded guilty. The indictment in the case indicates that Onoimoimilin and a co-defendant, whose name is redacted, caused $1.7 million in actual losses from the scheme. Onoimoimilin’s role involved opening bank accounts in the name of “David Harrison” to launder money for co-conspirators. Law enforcement identified more than $400,000 in attempted losses in the accounts, for which Onoimoimilin received 10 to 15% of the funds. Onoimoimilin opened the accounts in 2015, according to prosecutors. The indictment offers few details on the romance and business email […]

The post Houston man sentenced to 7 years for attempted $2 million romance scam appeared first on CyberScoop.

Continue reading Houston man sentenced to 7 years for attempted $2 million romance scam