Security News

The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. "Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021," the FBI said in a TLP: WHITE flash alert.

Following the recent international law enforcement effort that dismantled the infrastructure for the REvil ransomware group, fellow cybercrime group Groove called for revenge - encouraging the wider cyber extortionist community to band together to target U.S. interests. At a time when the U.S. is leading the international law enforcement effort to make splashy busts and shows of force against cybercriminals, this seems like a bold bet by Groove.

The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil's infrastructure last week. Yesterday, Reuters reported that REvil's takedown resulted from an international law enforcement operation that included support from the FBI. Today, the Groove ransomware gang published a Russian blog post calling on all other ransomware operations to target US interests.

The Commerce Department's Bureau of Industry and Security today announced new controls that would ban U.S. companies from exporting and reselling software and hardware tools that could be used to fuel authoritarian practices through malicious hacking activities and human rights abuse.The rule will become effective in 90 days and will effectively ban the export of "Cybersecurity items" for National Security and Anti-terrorism reasons.

The latest TikTok attacks are getting served to gamers on the platform disguised as "Free" or "Hacked" versions of games like Among Us, free Steam accounts and more, according to a new report from Malwarebytes Labs. Considering games like Among Us are largely played by tweens and teenagers, the emerging TikTok landscape could be a potent tool for threat actors to launch offensives against kids, researchers pointed out.

Ransomware extracted at least $590 million for the miscreants who create and distribute it in the first half of 2021 alone - more than the $416 million tracked in all of 2020, according to the US government's Financial Crimes Enforcement Network. FinCEN analysed 635 SARs, of which 458 described transactions reported between 1 January 2021 and 30 June 2021 and the remainder reported older transactions later found to be suspicious.

Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "Escalating global security threat with serious economic and security consequences." Besides promoting incident information sharing between ransomware victims and relevant law enforcement and cyber emergency response teams, the initiative aims to improve mechanisms put in place to effectively respond to such attacks, while also countering the abuse of financial infrastructure to launder ransom payments.

Based on blockchain analysis of transactions tied to the 177 CVC wallets, FinCEN identified roughly $5.2 billion in outgoing BTC transactions potentially tied to ransomware payments. FinCEN also linked these transactions to a total of $590 million exposed by 458 transactions reported and 635 SARs filed by financial institutions this year, between January 2021 and June 2021.

U.S. Water and Wastewater Systems Sector facilities have been breached multiple times in ransomware attacks during the last two years, U.S. government agencies said in a joint advisory on Thursday. The advisory also mentions ongoing malicious activity targeting WWS facilities that could lead to ransomware attacks affecting their ability to provide potable water by effectively managing their wastewater.

The United States has kicked off meetings attended by representatives of nations that all hope to address the scourge of ransomware - without Russia or China in the room. An expression of the US National Security Council's Counter-Ransomware Initiative, the two-day meetings will occupy Wednesday and Thursday.