Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Gang. Show all posts

Hive Ransomware Gang Breached Almost 350 Organization Within 4 Months

 

As said by security experts who obtained data from Hive's administrator panel, associates of the well-known ransomware organization breached over 350 enterprises in less than 4 months. This means that the average number of attacks per day has increased to three, beginning in June, when the gang's operation was well-publicized. 

Hive ransomware originally appeared in June, with the very first publicly reported cyberattack occurring on June 23rd. At the time, the gang targeted the Canadian IT firm Altus Group. According to an investigation of this cybercrime group by Group IBM researchers, it was unclear at first if the Hive ransomware organization used ransomware as a service (RaaS) business model. 

As per analysts, the Hive ransomware group's early intrusion techniques encompass phishing emails and compromised VPN credentials. 

“Hive affiliates resort to various initial compromise methods: vulnerable RDP servers compromised VPN credentials, as well as phishing emails with malicious attachments. The data encryption is often carried out during non-working hours or on the weekend. Taking into account that Hive targets organizations from various economic sectors from all around the world and their attacks are manually controlled by the affiliates, it’s crucial to closely monitor the changes in TTP of these ransomware operators,” said researchers. 

The Group-IB researchers probed further into their study of the Hive ransomware group and gained access to the ransomware administration panel. They began collecting data regarding its mode of operation in this manner. 

It was discovered that ransomware distribution and victim negotiations were made visible and simple since affiliates could develop a version of the software in 15 minutes. The negotiation would then be handled by Hive ransomware administrators, who would transmit the message through a chat window. Furthermore, affiliates may have access to this chat window. 

Some businesses reported that the decryption tool provided after paying the ransom lacked proper functionality and rendered the virtual machines' Master Boot Record unbootable. 

According to the research, all affiliates have access to the company's IDs via the Hive ransomware database. 

An Application Programming Interface is used by both the admin panel and the site where the data is exposed (API). Due to an API issue, the specialists were able to acquire data regarding the Hive attacks and concluded that by October 16, 355 firms had been infected by this ransomware group. 

The researchers added, “Based on the analysis of company data obtained through API, the number of victims grew by 72% in less than one month. On September 16, the total number of records related to victim companies was 181. Just one month later, on October 16, the number increased to 312. Notably, 43 companies listed as victims in September disappeared from API in October, most likely after paying the ransom”.

₹79 lakh online fraud to withdraw ₹49 in over 1.5 lakh transactions

A gang from Jharkhand, responsible for fraud of over ₹79 lakh, was busted on Friday for hacking over 2,020 accounts of State Bank of Mysore (SBM) customers last year.

The gang was led by a 19-year-old school dropout. Suraj Mohali, the accused perpetrator, has now been arrested along with three others for hacking and withdrawing ₹49 from the savings bank accounts and Mastercard holders of SBM in Bengaluru, Sringeri, Mangaluru, and Tirthahalli.

The gang made as much as 1.56 lakh transactions, withdrawing over ₹79 lakh in a few hours.

Then they diverted this money into different bank accounts using fake documents and used some of the cash to recharge mobile phones, which led to the cyber police tracking them down and arresting them.

The gang is allegedly a part of a much larger network operating in Jharkhand.

The mastermind behind this network is yet to be identified, but would allegedly give them the details of various bank accounts and instruct them to withdraw only ₹49 from each account.

The Inspector-General of Police, Chandrashekhar said, “We cracked the case after tracking the accused for over a year. We are questioning them to know more about the racket.” The accused and his accomplices have been brought to Bengaluru for questioning.

It has reportedly been found during the investigation that many youths from Jharkhand are trained and involved in online fraud throughout the country.