Recorded Future – Page 5 – WindowsTechs.com

Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers

Posted on July 28, 2021 by Tim Starks

Digital sleuths at cyber threat intelligence firms have found clues that a seemingly new ransomware organization has links to DarkSide and REvil, two gangs that suddenly disappeared shortly after major attacks. From the moment DarkSide vanished following the Colonial Pipeline incident and REvil went dark after locking up JBS and customers of Kaseya, questions swirled about whether a government took them down, whether attackers quit, or whether they simply went underground to rebrand. Flashpoint, Mandiant and Recorded Future on Tuesday and Wednesday said they discovered at least some connection between DarkSide and/or REvil and BlackMatter, a group that emerged last week. “The project has incorporated in itself the best features of DarkSide, REvil, and LockBit,” BlackMatter itself proclaimed, according to Recorded Future. LockBit is another ransomware operation that first appeared in 2019, and all three are thought to operate out of Russia. Exactly what “best features” BlackMatter borrowed from other […]

The post Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers appeared first on CyberScoop.

Continue reading Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers→

Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says

Posted on July 8, 2021 by Tonya Riley

A suspected Chinese state-sponsored group is targeting telecommunications organizations in Taiwan, Nepal and the Philippines, researchers at Recorded Future’s Insikt Group said in a report Thursday. Researchers noticed intrusions from the group, which investigators called TAG-22, in June targeting telecommunications organizations including the Industrial Technology Research Institute in Taiwan, Nepal Telecom and the Department of Information and Communications Technology in the Philippines. Some of the activity appears to be ongoing as of press time, researchers said. The new findings play into a larger backdrop of apparent Chinese hackers snooping on global competition in the telecommunications space, which has become an arena of political and economic conflict between China and the United States. “In particular, the targeting of the ITRI is notable due to its role as a technology research and development institution that has set up and incubated multiple Taiwanese technology firms,” researchers wrote. They noted that the organization is […]

The post Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says appeared first on CyberScoop.

Continue reading Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says→

How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS

Posted on July 8, 2021 by Tim Starks

The Russian ransomware gang REvil is loud, ambitious and particularly nasty. Even by hackers’ standards. Before claiming responsibility for a breach at the software company Kaseya, which has resulted in breaches at perhaps thousands of other businesses and newfound attention from the White House, the group accounted for less than 10% of known ransomware victims, according to the threat intelligence firm Recorded Future. Now, it accounts for 42%. As U.S. national security officials and much of the cybersecurity community race to mitigate the fallout from the Kaseya incident, the incident serves as yet another reminder of how groups of scammers are making millions of dollars after years of honing their tradecraft. A “conservative estimate” by IBM placed REvil’s 2020 profits at $123 million, first among ransomware gangs, while multiple firms said the gang’s malware was the most common digital extortion tool. That was before the REvil group also struck the […]

The post How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS appeared first on CyberScoop.

Continue reading How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS→

VPN attacks up nearly 2000% as companies embrace a hybrid workplace

Posted on June 15, 2021 by Help Net Security

Nuspire released a report which outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from Recorded Future. “As companies return to a hybrid workplace, it’s crucial that they are aware of the evolving… Continue reading VPN attacks up nearly 2000% as companies embrace a hybrid workplace→

Burgeoning ransomware gang Avaddon appears to shut down, mysteriously

Posted on June 11, 2021 by Tim Starks

A ransomware gang has apparently disappeared just as its fortunes were rising. Ransomware experts said Avaddon shut down as of Friday. The operators left no explanation for why they might have done so, and they’re letting their remaining victims off the hook. Avaddon sent Bleeping Computer 2,934 decryption keys, after which the security firm Emsisoft produced a free, public decryption tool. After last month’s ransomware attack on Colonial Pipeline caused disruptions in the U.S. on fuel delivery, Avaddon became one of the most prolific posters of victim data to its extortion site, compared to other such groups. “This is great news,” tweeted Allan Liska, a Recorded Future analyst specializing in ransomware. “Avaddon was considered a second tier ransomware operator, but since the Colonial Pipeline attack they have been tied with Conti in terms of number of victims posted to their extortion site.” But with success has come attention. The FBI […]

The post Burgeoning ransomware gang Avaddon appears to shut down, mysteriously appeared first on CyberScoop.

Continue reading Burgeoning ransomware gang Avaddon appears to shut down, mysteriously→

Meat supplier JBS says it paid $11 million ransom to keep attackers from stealing data

Posted on June 10, 2021 by Sean Lyngaas

JBS, one of America’s biggest meat processors, said Wednesday that it paid cybercriminals an $11 million ransom to ensure the hackers didn’t steal company data. The payment is more than double the $4.4 million that Colonial Pipeline, a major fuel supplier, paid to recover its data in the wake of a separate ransomware attack. “In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated,” JBS’s U.S. division said in a statement. In the same company statement, Andre Nogueira, CEO of JBS’s U.S. division, said it was a “very difficult decision” for the company and for him. “However, we felt this decision had to be made to prevent any potential risk for our customers,” he said. The ransomware attack forced JBS, which accounts for an estimated one-fifth of U.S. beef production, […]

The post Meat supplier JBS says it paid $11 million ransom to keep attackers from stealing data appeared first on CyberScoop.

Continue reading Meat supplier JBS says it paid $11 million ransom to keep attackers from stealing data→

Russian cybercrime forum XSS claims to ban ransomware following Colonial Pipeline hack

Posted on May 14, 2021 by Sean Lyngaas

In the wake of the disruption to Colonial Pipeline, a popular Russian-language criminal forum has claimed it will ban the sale of ransomware tools, according to multiple researchers who monitor the site. XSS, a prominent underground forum for hacking tools and other scams, on May 13 said the platform would forbid “ransomware sales, ransomware rental and ransomware affiliate programs,” according to the threat intelligence firm Digital Shadows. The XSS administrator also claimed it would remove all posts mentioning ransomware. The forum post claimed it was because ransomware was attracting too much “hype” and attention from outsiders, but ransomware operators frequently engage in self-serving public relations stunts. The development pointed to newfound pressure that ransomware operators were feeling following the breach of the IT systems at Colonial Pipeline, the main artery for delivering fuel to the East Coast. The ransomware incident forced Colonial Pipeline to shut down for days. Though service […]

The post Russian cybercrime forum XSS claims to ban ransomware following Colonial Pipeline hack appeared first on CyberScoop.

Continue reading Russian cybercrime forum XSS claims to ban ransomware following Colonial Pipeline hack→

Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack

Posted on May 11, 2021 by Sean Lyngaas

The cybercriminal syndicate accused of causing one of the largest U.S. pipeline operators to shut down is known for running an enterprise that vets criminal customers and avoids targeting Russian-speaking organizations, according to analysts who have tracked the group. Since emerging on underground criminal forums in August, the so-called DarkSide malicious software has allegedly been used in dozens of intrusions in the health care, energy and finance sectors. (Ransomware gangs and the software they use often have the same name, but multiple criminal entities sometimes buy access to the same malicious code.) The creators of DarkSide have boasted that their mechanism for encrypting data is the fastest of any, and analysts say the ransomware can encrypt Windows and Linux systems alike. Now, the ransomware developers have gained international attention after hackers last week allegedly deployed DarkSide to encrypt the servers of Colonial Pipeline, a Georgia-based company that transports some 45% […]

The post Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack appeared first on CyberScoop.

Continue reading Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack→

Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack

Posted on May 11, 2021 by Sean Lyngaas

The post Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack appeared first on CyberScoop.

Continue reading Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack→

FBI blames DarkSide ransomware operators for Colonial Pipeline incident

Posted on May 10, 2021 by Sean Lyngaas

The FBI on Monday said that a cybercriminal enterprise behind a ransomware variant known as DarkSide was responsible for the hack that prompted one of the country’s largest pipeline operators to temporarily shut down. The FBI statement came as Colonial Pipeline, which says it transports some 45% of all fuel consumed on the East Coast, said that it was aiming to “substantially” restore its pipeline operations by the end of the week. In a private advisory to U.S. companies obtained by CyberScoop, the FBI said that it had been tracking the DarkSide ransomware variant since October. “Darkside has impacted numerous organizations across various sectors including manufacturing, legal, insurance, healthcare and energy,” the FBI advisory said. The authors of DarkSide lease their hacking tools to other criminals in a “ransomware-as-as-service” model that splits the proceeds among the perpetrators, the bureau added. The Colonial Pipeline incident, which began Friday, is one of […]

The post FBI blames DarkSide ransomware operators for Colonial Pipeline incident appeared first on CyberScoop.

Continue reading FBI blames DarkSide ransomware operators for Colonial Pipeline incident→