Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Grief. Show all posts

Russian Cybercriminals Claim to have Hacked the National Rifle Association

 

On the dark web, a well-known Russian cybercriminal gang has posted files that claim to be from the National Rifle Association. Grief, a hacking group, posted 13 files to its website on Wednesday, claiming to have hacked the NRA. It has threatened to reveal more files if it is not paid, however it has not stated how much it will cost. 

The news of the incident swiftly circulated online, with dozens of Twitter accounts with no followers attempting to magnify the attack's content by retweeting it. The accounts were formed in the previous six months and followed no one, but they shared content regarding the cyberattack, including postings from The Washington Times linked to a news report and a screenshot of Grief's website from Brett Callow, an Emsisoft threat analyst. 

When asked about the new accounts' activity, Twitter stated it reviewed "many accounts violating our platform manipulation and spam policies" and then took action. Twitter could not say who was behind the manipulative activity, or whether the accounts were linked to the group that claimed responsibility for the attack on the NRA. 

Grief, according to most cybersecurity experts, is a renamed effort by a group of Russian cybercriminals known as Evil Corp, which is currently under sanctions by the US Treasury Department. "It's the same group," said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future. 

When contacted for comment, the NRA did not react. It did, however, issue a tweet in which it stated that it "does not share anything relevant to its physical or electronic security," and that it "takes extreme efforts to secure information regarding its members, donors, and operations." Grief, although being a criminal organization, isn't renowned for faking when it says an organization has been hacked, according to Brett Callow. "I’m not aware of any incidents in which Grief/Evil Corp has attempted to take credit for other operations’ attacks," Callow said. 

Some experts speculated that the NRA paid a ransom to its attackers after Grief temporarily withdrew the NRA from its website. Grief deleting the NRA from its website, according to Jon DiMaggio, chief security strategist at cyber threat analysis firm Analyst1, could be evidence that the NRA paid up. 

According to a screenshot uploaded by Mr. Callow, the NRA entry on Grief's leak website was available Monday, along with a file titled "corporate insurance" and other data. “Insurance docs are useful to ransomware operators as they effectively specify how much orgs can afford to pay — no matter what their balance sheets look like,” Mr. Callow tweeted.

Ransomware Groups Never Perish, They Reincarnate

 

It is no longer a matter of shock that ransomware attacks have surged over the past few years,  the technological advancements have proved to be a boon for them. Ransomware is indeed a malware type that encodes the files of the victim. The offender subsequently asks the victim to make payment in order to regain access to the encrypted information as he explains the directions to make payment and receive the decryption key. 

Several ransomware organizations are now in the phase of their third incarnation. In the cybercrime sphere, reinvention is a key survival technique. The earliest techniques include the fake death or retirement and then subsequently the invention of a new identity. A fundamental objective of such a ruse is to make researchers focus their attention temporarily elsewhere. 

The DarkSide, which collected a $5 million payment from the Colonial Pipeline earlier last year, is only one of the most intriguing and newest reinventions to see much of this crushed by the U.S. Department of Justice. Once someone noticed that their Internet servers had indeed been seized, DarkSide stated that it was collapsing. However, just over a couple of months later, BlackMatter was created, a new affiliate ransomware operation, and specialists immediately found out that BlackMatter was using the same unique form of encryption used by DarkSide. 

The downfall of DarkSide occurred closely with that of REvil, a long-term ransomware gang claiming more than 100 million dollars from victims. Kaseya, a Miami-based corporation, was REvil's last major victim. This exploit allowed REvil to disseminate ransomware to as many as 1500 Kaseya using organizations. REvil called upon all victims of Kaseya's attack to pay a $70 million amount for decryption. 

REvil too is commonly regarded as a boost-up for GandCrab, a prominent ransomware group with over $2 billion in extortion for 12 months before it shut down in June 2019. 

The latest ransomware start-up "Grief" was only the current DoppelPaymer paintwork, which matched most of its code with a previous iteration named BitPaymer in 2016. All three were created by a renowned cybercriminal organization, known as TA505, 'Indrik Spider' and Evil Corp.

Mark Arena, CEO of cyber threat intelligence company Intel 471, stated that whether BlackMatter is a new name for the REvil group, or merely a rebirth of DarkSide, is uncertain. “Likely we will see them again unless they’ve been arrested,” Arena further added.