Category Archives: gandcrab

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Posted on by

The Russian government said today it arrested 14 people accused of working for “REvil,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin’s decision to station 100,000 troops along the nation’s border with Ukraine. Continue reading At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Ransomware Gangs and the Name Game Distraction

Posted on by

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years.

Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere.

Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members — such as which types of victims aren’t allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network. Continue reading Ransomware Gangs and the Name Game Distraction

How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS

Posted on by

The Russian ransomware gang REvil is loud, ambitious and particularly nasty. Even by hackers’ standards. Before claiming responsibility for a breach at the software company Kaseya, which has resulted in breaches at perhaps thousands of other businesses and newfound attention from the White House, the group accounted for less than 10% of known ransomware victims, according to the threat intelligence firm Recorded Future. Now, it accounts for 42%. As U.S. national security officials and much of the cybersecurity community race to mitigate the fallout from the Kaseya incident, the incident serves as yet another reminder of how groups of scammers are making millions of dollars after years of honing their tradecraft. A “conservative estimate” by IBM placed REvil’s 2020 profits at $123 million, first among ransomware gangs, while multiple firms said the gang’s malware was the most common digital extortion tool. That was before the REvil group also struck the […]

The post How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS appeared first on CyberScoop.

Continue reading How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS

South Korean cops arrest GandCrab suspect

Posted on by

South Korea’s National Police Agency said Tuesday that it had arrested a suspect involved in the distribution of thousands of emails laced with GandCrab, a once-prolific strain of ransomware. The suspect, whom South Korean authorities did not name, is accused of setting up internet domains to distribute the malicious code and netting some $10,500 from the ransomware attacks. The police statement described an investigation spanning two years and 10 countries, culminating in the suspect’s arrest on Feb. 25. Those police resources overcame the suspect’s efforts to cover their tracks by using IP addresses from different countries, police said. The investigation began when South Korean officials spotted malicious emails impersonating the police to distribute the ransomware. South Korean outlet Yonhap News reported that the suspect was 20 years old. At its height, GandCrab was one of the most commonly used strains of ransomware, infecting over a half a million victims from […]

The post South Korean cops arrest GandCrab suspect appeared first on CyberScoop.

Continue reading South Korean cops arrest GandCrab suspect

Phorpiex Botnet Named “Most Wanted Malware” in November 2020

Posted on by

The Phorpiex botnet earned the notorious designation of “most wanted malware” for the month of November 2020. In its Global Threat Index for November 2020, Check Point Research revealed that it had observed a surge in new Phorpiex botnet infections tha… Continue reading Phorpiex Botnet Named “Most Wanted Malware” in November 2020

Belarus Announces Arrest of GandCrab Ransomware Distributor

Posted on by

Government officials in Belarus announced they had arrested an individual on charges of having helped to distribute GandCrab ransomware. On July 30, the Ministry of Internal Affairs (MIA) of the Republic of Belarus revealed that it had arrested a 31-ye… Continue reading Belarus Announces Arrest of GandCrab Ransomware Distributor

This Service Helps Malware Authors Fix Flaws in their Code

Posted on by

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals. Continue reading This Service Helps Malware Authors Fix Flaws in their Code