Financial – Page 17 – WindowsTechs.com

How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS

Posted on July 8, 2021 by Tim Starks

The Russian ransomware gang REvil is loud, ambitious and particularly nasty. Even by hackers’ standards. Before claiming responsibility for a breach at the software company Kaseya, which has resulted in breaches at perhaps thousands of other businesses and newfound attention from the White House, the group accounted for less than 10% of known ransomware victims, according to the threat intelligence firm Recorded Future. Now, it accounts for 42%. As U.S. national security officials and much of the cybersecurity community race to mitigate the fallout from the Kaseya incident, the incident serves as yet another reminder of how groups of scammers are making millions of dollars after years of honing their tradecraft. A “conservative estimate” by IBM placed REvil’s 2020 profits at $123 million, first among ransomware gangs, while multiple firms said the gang’s malware was the most common digital extortion tool. That was before the REvil group also struck the […]

The post How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS appeared first on CyberScoop.

Continue reading How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS→

Two cyber insurance industry initiatives grapple with rise of ransomware

Posted on July 6, 2021 by Tim Starks

Twice in the past few weeks, insurers have joined together in response to the spiraling ransomware attacks that have rocked their industry. In mid-June, seven top insurance companies formed CyberAcuView, a company to combine their data collection and analysis powers in a bid to strengthen risk mitigation in the cyber insurance industry. The chief executive officer of CyberAcuView told CyberScoop that ransomware was one of the factors that drove creation of the company. Then, last week, the American Property Casualty Insurance Association (APCIA) released its guiding principles on cyber extortion and ransomware, including its views on regulation. Both are signs of the cyber insurance world trying to wrap its arms around ransomware, a phenomenon that is leading to costlier payouts, prompting insurers to demand security improvements from policyholders and in some cases driving companies to step back from what they’re willing to cover. For instance, the annual growth rate in […]

The post Two cyber insurance industry initiatives grapple with rise of ransomware appeared first on CyberScoop.

Continue reading Two cyber insurance industry initiatives grapple with rise of ransomware→

Kaseya says up to 1,500 victims affected by ransomware, as Biden directs ‘full resources’ to investigate

Posted on July 6, 2021 by Tim Starks

One of the largest mass ransomware attacks ever has compromised up to 1,500 businesses, according to a Tuesday update from the Florida IT company Kaseya, which the hackers used to spread their malicious software. The self-proclaimed culprit of the Friday outbreak, the Russia-based ransomware gang REvil, is seeking $70 million in cryptocurrency collectively from what it says are actually more than 1 million victims to unlock affected systems, reportedly ranging from Swedish supermarket chains to New Zealand kindergartens that were closed or knocked offline. It’s the latest of three recent huge ransomware incidents to draw White House attention, with President Joe Biden over the weekend directing “the full resources of the government to investigate this incident,” according to a statement by Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger. Unlike the last two major incidents that affected single victims in fuel transporter Colonial Pipeline and meat supplier […]

The post Kaseya says up to 1,500 victims affected by ransomware, as Biden directs ‘full resources’ to investigate appeared first on CyberScoop.

Continue reading Kaseya says up to 1,500 victims affected by ransomware, as Biden directs ‘full resources’ to investigate→

SolarWinds hackers had access to Denmark’s central bank for 7 months, report says

Posted on June 30, 2021 by Jeff Stone

A group of Russian hackers is accused of compromising a Danish bank in the latest example of fallout involving cyber-espionage emanating from Moscow, according to a European media outlet that cites documents related to the incident. Denmark’s central bank, or Danmarks Nationalbank, was compromised by the same spies who used software made by the U.S. federal contractor SolarWinds to breach nine U.S. government agencies and dozens of companies, Version 2, a Danish new site, reported Tuesday. By leveraging the SolarWinds technology, hackers infiltrated the company’s partners and clients, spending at least seven months inside the networks of the Danish financial institution, the site reported based on internal emails sent to the bank from outside investigators. Investigators have suggested that the Russian hacking group known as Cozy Bear — thought to be associated with the SVR intelligence agency — corrupted a software update in the SolarWinds Orion product, using the seemingly […]

The post SolarWinds hackers had access to Denmark’s central bank for 7 months, report says appeared first on CyberScoop.

Continue reading SolarWinds hackers had access to Denmark’s central bank for 7 months, report says→

Ransomware group ‘Hades’ claims more victims as investigators seek answers

Posted on June 29, 2021 by Tim Starks

A ransomware group that targets billion-dollar companies — but that has stubbornly defied attribution consensus among cybersecurity researchers — has claimed at least seven victims since its discovery late last year. What’s more, it has taken additional steps in an apparent bid to baffle investigators who have tried to pin down who, exactly, the operators are, according to Accenture Security research released Tuesday. The update on the operators of the self-proclaimed Hades ransomware variant adds to its mystery as much as it subtracts from it. Accenture said it “is not yet able to confidently make attribution claims,” though other researchers have variously described Hades as a new group, suggested it is connected to a wel known Russian ransomware gang, or linked the Hades activity to a Chinese nation-state hacking outfit thought to be behind this year’s Microsoft Exchange Server attack. What Accenture says it knows is this: First, the Hades […]

The post Ransomware group ‘Hades’ claims more victims as investigators seek answers appeared first on CyberScoop.

Continue reading Ransomware group ‘Hades’ claims more victims as investigators seek answers→

Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison

Posted on June 24, 2021 by Jeff Stone

A U.S. court on Thursday sentenced Andrii Kolpakov, a Ukrainian national, to seven years in prison for his role in the FIN7 gang. Kolpakov, 33, functioned as a supervisor for a small team of hackers who between 2016 and 2018 breached victims including Chipotle, Red Robin, Arby’s and other U.S. corporations. Victims experienced “enormous” losses, according to the Justice Department, that by some estimates have exceeded $1 billion. Kolpakov pleaded guilty in November 2020 and faced up to 25 years behind bars. Spanish police arrested him in 2018, ultimately extraditing him to the U.S. “During the course of the scheme, [Kolpakov] received compensation for his participation in FIN7, which far exceeds comparable legitimate employment in Ukraine,” the plea deal noted. “For the purposes of this plea agreement, the parties agree that — during [Kolpakov’s] participation in the malware scheme — FIN7 illegal activity resulted in over $100 million in losses […]

The post Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison appeared first on CyberScoop.

Continue reading Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison→

Craig Newmark Philanthropies donated $450k to boost anti-ransomware coalition

Posted on June 23, 2021 by Tonya Riley

The Institute for Security and Technology received a $450,000 donation from Craig Newmark Philanthropies to continue its work combatting ransomware, the organization shared first with CyberScoop. The money will go towards continuing the work started by the Ransomware Task Force, a public-private collaboration launched earlier this year by the Insitute. The task force brought together representatives from more than 60 companies and organizations across government, nonprofits and the private sector. Microsoft, Rapid 7, the Cyber Threat Alliance, FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency are among the participants. The Ransomware Task Force released a report at the end of April offering four dozen recommendations for policymakers and industry to take on the problem. The task force recommended that governments establish a fund to support ransomware response, and closer regulation of the cryptocurrency. IST will use the funding from Newmark, the founder of Craigslist, and other forthcoming […]

The post Craig Newmark Philanthropies donated $450k to boost anti-ransomware coalition appeared first on CyberScoop.

Continue reading Craig Newmark Philanthropies donated $450k to boost anti-ransomware coalition→

FIN7 scammers posed as SEC officials, sick restaurant customers to hack victims

Posted on June 22, 2021 by Jeff Stone

A hacking group known for innovative fraud techniques impersonated angry restaurant customers and targeted specific individuals with unique access to financial information, U.S. prosecutors argue in a court filing that sheds new light on the scammers’ work. The FIN7 gang, which researchers have blamed for more than $1 billion in theft since 2015, relied on more than 70 members who were assigned to various departments under the larger organization, according to court documents filed on June 17 in U.S. District Court in Seattle. By masquerading as a cybersecurity testing company dubbed Combi Security, FIN7 leaders organized their personnel into separate teams charged with developing malware, crafting phishing documents and collecting money from breached victims. The group targeted hundreds of U.S. companies, prosecutors say, infecting victims as diverse as the burrito chain Chipotle and the department store Saks Fifth Avenue. Court documents filed in the case of Andrii Kolpakov, who pleaded […]

The post FIN7 scammers posed as SEC officials, sick restaurant customers to hack victims appeared first on CyberScoop.

Continue reading FIN7 scammers posed as SEC officials, sick restaurant customers to hack victims→

Vigilante hacking campaign blocks victims from visiting The Pirate Bay, other piracy sites

Posted on June 17, 2021 by Sean Lyngaas

A hacker doesn’t appear to be happy with the amount of digital piracy out there. A wave of malicious software downloads from October 2020 to January 2021 blocked users from visiting websites that host pirated versions of video games, Microsoft Office and other programs, analysts at antivirus firm Sophos said Thursday. One malware strain borrowed name recognition from The Pirate Bay, a notorious portal that directs users to copyrighted material while also serving up malicious software and nefarious advertisements. The vigilante disguised their malicious code as pirated software on Discord, a popular chat service, and on file-sharing service BitTorrent, Sophos said in a blog post. But instead of getting a bootlegged version of a video game like Minecraft, targets of the campaign downloaded malicious code that prevented their machines from visiting websites for pirated software. In some cases, the attacker made the malicious code appear as if it came from […]

The post Vigilante hacking campaign blocks victims from visiting The Pirate Bay, other piracy sites appeared first on CyberScoop.

Continue reading Vigilante hacking campaign blocks victims from visiting The Pirate Bay, other piracy sites→

SEC settles with First American over massive data leak for nearly $500,000

Posted on June 15, 2021 by Tim Starks

The Securities and Exchange Commission announced Tuesday that it has settled charges with First American Financial over its 2019 leak of sensitive customer information that exposed more than 800 million document images. Under the terms of the deal, the heavyweight real estate title insurance company will pay a $487,616 fine. The SEC had charged the company with inadequately disclosing the cybersecurity vulnerability that exposed the information. The digitized records included things like Social Security numbers and bank account statements. First American first made public statements about the vulnerability in May 2019 but the company’s information security personnel had first spotted it in January, and according to the SEC they didn’t fix it and failed to notify company brass. “As a result of First American’s deficient disclosure controls, senior management was completely unaware of this vulnerability and the company’s failure to remediate it,” said Kristina Littman, chief of the SEC Enforcement […]

The post SEC settles with First American over massive data leak for nearly $500,000 appeared first on CyberScoop.

Continue reading SEC settles with First American over massive data leak for nearly $500,000→