Collaborate Disseminate
As we look forward to 2023, we can find many ransomware lessons in looking back at 2022. The year brought us numerous attacks by many of the same gangs we’ve watched for years, as well as some newcomers. Many ransomware gangs operate like businesses, with their own marketing departments and user documentation. With the advent […]
The post The Most Prolific Ransomware Gangs of 2022 appeared first on Security Intelligence.
As ransomware-related payments surged toward $600 million in the first half of 2021, the U.S. government knew it needed to do more to fight back against cyber criminals. For many years, the Treasury’s Office of Foreign Assets Control (OFAC) had a Specially Designated Nationals and Blocked Persons List (SDN List for people or organizations acting […]
The post How the US Government is Fighting Back Against Ransomware appeared first on Security Intelligence.
Continue reading How the US Government is Fighting Back Against Ransomware
Ransomware gangs are major players in the cybersecurity space, especially in recent years. ZDNet reported that ransomware gangs increased their payments by over 311% from 2019 to 2020, with totals for all groups exceeding $350 million in 2020. Ransoms continued rising in 2021. Unit 42, a threat research team at Palo Alto Networks, found that […]
The post Why Do Ransomware Gangs Keep Coming Back From the Dead? appeared first on Security Intelligence.
Continue reading Why Do Ransomware Gangs Keep Coming Back From the Dead?
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees. The records also provide insight into how Conti has dealt with its own internal breaches and attacks from private security firms and foreign governments. Continue reading Conti Ransomware Group Diaries, Part I: Evasion
Not long after launching a major supply chain attack in July 2021, the REvil ransomware gang went offline. The group’s infrastructure, including its surface and dark web portals used for ransom negotiations and data leaks, shut down on July 12, according to Bleeping Computer. Russian digital crime forum XSS banned Unknown, a user believed to […]
The post What Happens to Victims When a Ransomware Gang Vanishes? appeared first on Security Intelligence.
Continue reading What Happens to Victims When a Ransomware Gang Vanishes?
It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years.
Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere.
Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members — such as which types of victims aren’t allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network. Continue reading Ransomware Gangs and the Name Game Distraction
“Everything in moderation,” the saying goes. But it may come as a surprise that this expression even seems to apply to many of the hacker forums littered across the dark web. On the surface, these forums may appear to be a lawless landscape, but there… Continue reading How (and Why) Hacker Forums Self-Moderate
Speculation swirled over why the prolific and dangerous REvil ransomware went offline – blog, payment processing, all suddenly went kaput – it’s important not to lose sight of the bigger issues. While the ransomware is gone, at least for the time bein… Continue reading Where Did REvil Ransomware Go? Will it Be Back?
Details on the Kaseya supply-chain and REvil ransomware attack, a new zero-day exploit called “PrintNightmare” affects all Windows versions before June, and how randomly generated passwords in a popular password manager were not so random. ** Links men… Continue reading Kaseya Ransomware Attack, PrintNightmare Zero-day, Kaspersky Password Manager Vulnerability
By Satya Gupta, Founder and CTO, Virsec
Over the July 4th weekend, the REvil ransomware syndicate hit software supplier Kaseya Ltd. and crippled more than 200 United States companies. The criminals took advantage of a reduced weekend security work… Continue reading CTO Perspective: Examination of the REvil Ransomware Attack