Security News
Taken at face value, these events could be taken to imply that law enforcement has found some way to crack the encryption of bitcoin wallets. Tracing bitcoin wallets is difficult but not beyond the resources of law enforcement.
Presumably conscious of the preceding Colonial Pipeline attack in which a $4.4 million blackmail payoff resulted in a decryptor that, though functional in theory, was worthless in practice because it ran far too slowly, the REvil crew even blithely claimed that their so-called universal decryptor would allow everyone to "Recover from attack [sic] in less than an hour". Account privileges that attackers typically go after include the local SYSTEM account or even Domain Administrator, which puts the attackers on an equal footing with your own sysadmins.
Cyber insurance isn't exactly driving organisations to improve their infosec practices, a think-tank has warned - and some insurers are thinking of giving up thanks to the impact of ransomware. "To date, the shortcomings of cyber insurance mean that its impact is ultimately more limited than policymakers and businesses might hope," concluded the Royal United Services Institute's latest report, Cyber Insurance and the Cyber Security Challenge.
Cyber insurance isn't exactly driving organisations to improve their infosec practices, a think-tank has warned - and some insurers are thinking of giving up thanks to the impact of ransomware. "To date, the shortcomings of cyber insurance mean that its impact is ultimately more limited than policymakers and businesses might hope," concluded the Royal United Services Institute's latest report, Cyber Insurance and the Cyber Security Challenge.
A so-called "Pen-tester" for the financial cybergang known as FIN7 will spend seven years in the slammer after being convicted for payment-card theft. FIN7 is a well-known threat that's been circulating since at least 2015.
The cybercrime ring that was apprehended last week in connection with Clop ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities. "The group - also known as FANCYCAT - has been running multiple criminal activities: distributing cyber attacks; operating a high-risk exchanger; and laundering money from dark web operations and high-profile cyber attacks such as Cl0p and Petya ransomware," popular cryptocurrency exchange Binance said Thursday.
A ransomware targeting an Israeli company has led researchers to track a portion of a ransom payment to a website promoting sensual massages. "During our investigation of the infected machines, we came across what seemed to be a treasure trove of information stored in the Music folder. It consisted of the ransomware binary itself, along with several other files-some encrypted, some not-that we believe the threat actors used to gather intelligence and propagate through the network," explains Profero's and Security Joe's report.
Deductibility is a piece of a bigger quandary stemming from the rise in ransomware attacks, in which cybercriminals scramble computer data and demand payment for unlocking the files. A ransomware attack on Colonial Pipeline last month led to gas shortages in parts of the United States.
The FBI's director told lawmakers Thursday that the bureau discourages ransomware payments to hacking groups even as major companies in the past month have participated in multimillion-dollar transactions aimed at getting their systems back online. Besides the fact that such payments can encourage additional cyberattacks, victims may not automatically get back their data despite forking over millions, "And that's not unknown to happen," Wray said.
Even though law enforcement groups around the world urge ransomware victims not to pay up, Colonial apparently decided to hand over what was then $4.4 million in bitcoins anyway. Sadly, the value of Bitcoin has taken a tumble since last month, so even though 85% of the bitcoins involved in the blackmail payment were recovered, they're now worth about 50% of what they cost when Colonial purchased them to do its deal with the criminals.