Category Archives: Financial

‘That horse has left the barn’: Secret Service official says ransom payments have fueled hacking sprees

Posted on by

After the multimillion-dollar extortions of Colonial Pipeline and meat processor JBS, a Secret Service official is urging organizations not to pay off hackers and underscoring that more victims need to come forward in order to help U.S. officials get a handle on the problem. “We’re in this boat we’re in now because over the last several years, people have paid the ransom,” Stephen Nix, assistant to the Special Agent in Charge at the U.S. Secret Service, said at CyberTalks, a summit presented by CyberScoop. “This is the monetization of security flaws. That’s what we’re looking at. That horse has left the barn.” Nix asked ransomware victims to tell law enforcement agencies details such as the cryptocurrency wallet, or account, used by the attackers in order to track them down. “I think it’s a very small number of cases we actually hear about,” he added. “If we don’t hear about it, […]

The post ‘That horse has left the barn’: Secret Service official says ransom payments have fueled hacking sprees appeared first on CyberScoop.

Continue reading ‘That horse has left the barn’: Secret Service official says ransom payments have fueled hacking sprees

IRS, GAO at odds over cybersecurity requirements on tax preparers

Posted on by

The Internal Revenue Service hasn’t put in place a structure to issue cybersecurity dictates to paid tax preparers because it doesn’t believe it has the authority to do so — but the Government Accountability Office begs to differ. The government watchdog recommended the IRS establish a security structure in a 2019 report, but the agency contended Congress would need to take action to give the IRS more power. As of January of this year, the IRS still believes it needs statutory authority, the GAO said in a report released Monday. The GAO’s suggestion is that IRS should create a governance structure or steering committee to “to coordinate all aspects of IRS’s efforts to protect taxpayer information while at third-party providers.” Hackers have targeted tax preparation companies for years in identity theft and tax return theft schemes, as the IRS itself has repeatedly warned. In one recent case, a U.S. court […]

The post IRS, GAO at odds over cybersecurity requirements on tax preparers appeared first on CyberScoop.

Continue reading IRS, GAO at odds over cybersecurity requirements on tax preparers

Burgeoning ransomware gang Avaddon appears to shut down, mysteriously

Posted on by

A ransomware gang has apparently disappeared just as its fortunes were rising. Ransomware experts said Avaddon shut down as of Friday. The operators left no explanation for why they might have done so, and they’re letting their remaining victims off the hook. Avaddon sent Bleeping Computer 2,934 decryption keys, after which the security firm Emsisoft produced a free, public decryption tool. After last month’s ransomware attack on Colonial Pipeline caused disruptions in the U.S. on fuel delivery, Avaddon became one of the most prolific posters of victim data to its extortion site, compared to other such groups. “This is great news,” tweeted Allan Liska, a Recorded Future analyst specializing in ransomware. “Avaddon was considered a second tier ransomware operator, but since the Colonial Pipeline attack they have been tied with Conti in terms of number of victims posted to their extortion site.” But with success has come attention. The FBI […]

The post Burgeoning ransomware gang Avaddon appears to shut down, mysteriously appeared first on CyberScoop.

Continue reading Burgeoning ransomware gang Avaddon appears to shut down, mysteriously

McDonald’s discloses hack of customer data in South Korea and Taiwan

Posted on by

Hackers recently breached the IT systems of McDonald’s and accessed email addresses, phone numbers and delivery addresses for certain customers in South Korea and Taiwan, the fast food giant said Friday. “In the coming days, a few additional markets will take steps to address files that contained employee personal data,” McDonald’s said in an emailed statement. The burger chain said it quickly identified and contained the breach, which involved a “small number of files.” No customer payment information was affected, according to McDonald’s. The breach also involved business contact information of U.S. employees and franchisees, the Wall Street Journal reported. In some cases, the intruders also accessed data about restaurant seating capacity and the square footage of play areas, the Journal reported. It was unclear who was responsible for the hack. A McDonald’s spokesperson did not respond to an emailed question on who the culprit might be. McDonald’s, which reported […]

The post McDonald’s discloses hack of customer data in South Korea and Taiwan appeared first on CyberScoop.

Continue reading McDonald’s discloses hack of customer data in South Korea and Taiwan

Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive.

Posted on by

A city in California didn’t disclose a ransomware payment for more than two years after its insurer covered the cost, the city manager acknowledged amid yet another ransomware attack on the municipality. In 2018, officials in Azusa, Calif. paid $65,000 through its insurer Chubb to free up its most vital system and used a free decryption key to unlock the others, City Manager Sergio Gonzalez said. The hackers took control of the city’s police dispatch system for more than a week in the fall that year, he said. State-by-state data breach notification laws have different triggers for when hacking victims must report publicly on what happened. “We did not make a public statement and did not have to file anything legally because we could confirm that no data was migrated out” of police servers, Gonzalez said, according to local new accounts. In an interview with CyberScoop, Gonzalez said the city […]

The post Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive. appeared first on CyberScoop.

Continue reading Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive.

DOJ seizes $2.3 million in cryptocurrency payments from Colonial Pipeline ransomware attack

Posted on by

The Justice Department announced Monday that it had retrieved $2.3 million in cryptocurrency payments Colonial Pipeline made in the DarkSide ransomware attack. In May, Colonial — which delivers an estimated 45% of fuel consumed on the East Coast — paid its attackers $4.4 million worth of cryptocurrency in an incident that propelled ransomware into visibility it didn’t previously have in the U.S. On Monday, pursuant to a seizure warrant issued by the United States District Court for the Northern District of California, the department got some of that payment back, DOJ officials said at a news conference. “The sophisticated use of technology to hold businesses and even whole cities hostage for profit is a decidedly 21st century challenge — but the old adage ‘follow the money’ still applies,” Deputy Attorney General Lisa Monaco said. “Today we turned the tables on DarkSide.” It’s not the first time DOJ has seized cryptocurrency […]

The post DOJ seizes $2.3 million in cryptocurrency payments from Colonial Pipeline ransomware attack appeared first on CyberScoop.

Continue reading DOJ seizes $2.3 million in cryptocurrency payments from Colonial Pipeline ransomware attack

Government, industry scramble to prioritize ransomware amid fallout from pipeline, JBS breaches

Posted on by

Three weeks ago, the U.S. Chamber of Commerce — the most powerful business lobby in the country — called on the federal government to take several steps to combat ransomware. This week, the White House’s deputy national security adviser penned a letter to industry … urging them to take several steps to combat ransomware. Those are two of the latest moves in a long dance between the feds and private sector over cybersecurity, with a tempo that has hastened considerably since the Colonial Pipeline ransomware attack. Even as both sides say the respective calls for action on ransomware in the oft-hailed “public-private partnership” are well-received, they’re redoubling their messages to each other. As the ransomware challenge looms increasingly large and has proven difficult to wrestle, two of the largest players are trying to find their footing. “While businesses need to do what they can to enhance their security, the government […]

The post Government, industry scramble to prioritize ransomware amid fallout from pipeline, JBS breaches appeared first on CyberScoop.

Continue reading Government, industry scramble to prioritize ransomware amid fallout from pipeline, JBS breaches

FBI blames REvil gang for JBS ransomware hack as global meat supplier gets back to work

Posted on by

A prolific ransomware operation known as REvil is to blame for a ransomware attack against the global meat supplier JBS, the FBI said Wednesday. REvil, also called Sodinokibi, is an infamous hacking group perhaps best known for launching digital extortion attacks against Apple and a biotechnology firm that was researching methods of slowing the coronavirus, among other victims. In a statement, the FBI said it is “working diligently to bring the threat actors to justice” following a May 30 breach at JBS that forced the temporary closure of meat processing facilities in the U.S., Canada and Australia. Security researchers have suggested that REvil is based in Russia, as the group seems to avoid infecting Russian targets. Russian President Vladimir Putin has said that if hackers “did not break Russian law, there is nothing to prosecute them for in Russia.” The bureau said: “We continue to focus our efforts on imposing […]

The post FBI blames REvil gang for JBS ransomware hack as global meat supplier gets back to work appeared first on CyberScoop.

Continue reading FBI blames REvil gang for JBS ransomware hack as global meat supplier gets back to work

Team of romance scammers defrauded US victims out of $2.5M since 2016, DOJ says

Posted on by

U.S. prosecutors have charged nine people in connection with a scheme to defraud elderly Americans out of more than $2.5 million by pretending to be friends or romantic partners online. The suspects, who hail from Nigeria, Ghana and the U.S., used websites like Facebook and Google to find victims seeking friendship, companionship and love. By masquerading as interested partners who needed money, the thieves would convince unwitting victims, often senior citizens, to send them thousands of dollars at a time, the Justice Department said. The charges, unsealed Tuesday, are the latest allegations of so-called romance scams, in which fraudsters exploit lonely web users to try emptying their bank accounts. Victims reported $304 million in losses from romance scams in 2020, according to the Federal Trade Commission, a figure that does not account for any losses not disclosed to the government. Conversations typically begin innocuously on dating apps and social media […]

The post Team of romance scammers defrauded US victims out of $2.5M since 2016, DOJ says appeared first on CyberScoop.

Continue reading Team of romance scammers defrauded US victims out of $2.5M since 2016, DOJ says

Meat chain JBS says US production is returning after ransomware attack

Posted on by

The U.S. division of JBS, which accounts for an estimated one-fifth of the country’s beef production, said it expects the “vast majority” of its meat plants to be operational on Wednesday after a ransomware attack ground work to a halt. “Our systems are coming back online and we are not sparing any resources to fight this threat,” JBS USA CEO Andre Nogueira said in a statement Tuesday evening. The breach at JBS, the world’s largest meat supplier, has caused disruptions to the company’s facilities in Colorado, to Canada and Australia. Workers were sent home from some plants in an industry that has already faced disruptions because of the coronavirus pandemic. Nogueira said that JBS USA and Pilgrim’s, one of the company’s brands, were able to ship product from nearly all facilities in the U.S. on Tuesday. “The company also continues to make progress in resuming plant operations in the U.S. […]

The post Meat chain JBS says US production is returning after ransomware attack appeared first on CyberScoop.

Continue reading Meat chain JBS says US production is returning after ransomware attack