Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label LockBit ransomware group. Show all posts
rewards
cryptocurrency Cyber Attacks FBI Hackers LockBit LockBit ransomware group ransomware attacks rewards

LockBit Ransomware Group Challenges FBI: Opens Contest to Find Dmitry Yuryevich

 

LockBitSupp, the alleged administrator of the notorious LockBit ransomware group, has responded publicly to recent efforts by the Federal Bureau of Investigation (FBI) and international law enforcement to identify and apprehend him. 

Following the restoration of previously seized domains, law enforcement authorities identified Dmitry Yuryevich Khoroshev as the mastermind behind LockBit operations in a recent announcement. This revelation was accompanied by official sanctions from the U.S., U.K., and Australia, along with 26 criminal charges that collectively carry a maximum sentence of 185 years imprisonment. 

Furthermore, the U.S. Justice Department has offered a substantial $10 million reward for information leading to Khoroshev's capture. Despite these developments, LockBitSupp has vehemently denied the allegations, framing the situation as a peculiar contest on the group's remaining leak site. LockBitSupp has initiated a contest on their leak site, encouraging individuals to attempt contact with Dmitry Yuryevich Khoroshev. They assert that the FBI has misidentified the individual and that Khoroshev is not associated with LockBitSupp. 

The ransomware admin suggests that the alleged identification mistake may have arisen from cryptocurrency mixing with their own funds, attracting the attention of law enforcement. The contest invites participants to reach out to Khoroshev and report back on his well-being, with a reward of $1000 offered for evidence such as videos, photos, or screenshots confirming contact. Submissions are to be made through the encrypted messaging platform Tox, using a specific Tox ID provided by LockBitSupp.  

Additionally, LockBitSupp has shared multiple links to LockBit-associated file-sharing services on the dark web, presumably for individuals to archive details and submit as contest entries. They have also listed extensive personal details alleged to belong to Dmitry Khoroshev, including email addresses, a Bitcoin wallet address, passport, and tax identification numbers. Amidst the contest announcement, LockBitSupp expressed concern for the individual mistakenly identified as them, urging Khoroshev, if alive and aware, to make contact. 

This unusual move by LockBitSupp challenges the assertions made by law enforcement agencies and highlights the complex dynamics of the cyber underworld, where hackers openly taunt their pursuers. LockBitSupp emphasized that the contest will remain active as long as the announcement is visible on the blog. They hinted at the possibility of future contests with larger rewards, urging followers to stay updated for further developments. 

The announcement was uploaded and last updated on May 9, 2024, UTC, leaving the public and cybersecurity community anticipating further developments. Recent indictments have identified Khoroshev as the mastermind behind LockBit operations since September 2019. The LockBit group is alleged to have extorted over $500 million from victims in 120 countries, with Khoroshev reportedly receiving around $100 million from his involvement in the activities.
Read more »
Ransomware
Cyber Crime Cybersecurity Law Enforcement LockBit ransomware group Ransomware

Law Enforcement Strikes Blow Against LockBit Ransomware Group

 



Marking a pivotal moment, the FBI and the U.K.'s National Crime Agency have scored a significant victory by gaining control of LockBit, a widely feared ransomware group. Their operation targeted LockBit's main website, the platform through which the group pressured victims into paying large ransom amounts. Instead of the original links leading to victims' data, authorities redirected users to press releases, sanctions details, and decryption information. This move marks a crucial step in the fight against cybercrime, as law enforcement takes bold actions to dismantle the operations of a prominent ransomware threat.

In a bold psychological manoeuvre, the law enforcement agencies hinted at having information about the leader of LockBit, known as "LockBitSupp." Although the reveal on Friday did not disclose the identity, authorities claimed to know who LockBitSupp is, where he resides, and his financial worth. Notably, they suggested that LockBitSupp has engaged with law enforcement, sparking intrigue about the nature of their interaction.

Experts suggest that this strategic messaging aims to undermine trust within the cybercrime community, particularly among LockBit's affiliates. By creating doubt and suspicion, law enforcement seeks to disrupt LockBit's operations and provoke a response from its leader. The approach appears tailored to the confident persona of LockBitSupp, who had previously offered a $10 million reward for anyone revealing his identity.

Cybersecurity analysts, including Jon DiMaggio of Analyst1, emphasize the psychological aspect of this operation, aiming to erode trust among cybercriminals and make them less likely to collaborate with LockBit. The strategy seems designed to target LockBitSupp's confidence and reputation.

Kurtis Minder, CEO of GroupSense and a ransomware negotiator, suggests that the messaging campaign might intentionally provoke LockBitSupp to say something incriminating. By insinuating collaboration between LockBitSupp and law enforcement, authorities seek to create distrust among affiliates who rely on LockBit's services.

Law enforcement's tactics also extend to the public relations realm, recognizing the need to win a battle against cybercriminals who have historically operated with impunity. By seizing the LockBit website and using it to disseminate information harmful to the criminal enterprise, authorities aim to turn cybercriminals' tools against them.

Allan Liska, a threat intelligence analyst at Recorded Future, highlights two possible interpretations of the police message about communication with law enforcement. It could suggest that LockBitSupp is an informant, a claim previously made by rival ransomware gangs. Alternatively, law enforcement might have infiltrated LockBitSupp's inner circle, with LockBitSupp unknowingly sharing sensitive information.

In the ongoing fight against online crime, law enforcement recognizes the importance of delivering impactful disruptions. By taking control of LockBit's infrastructure and using it to expose the group's activities, authorities aim to make their actions more marketable and showcase their effectiveness in combating cybercrime.

This event strongly implies a shift in law enforcement's approach, using strategic messaging and website seizures to not only disrupt criminal operations but also to sway public opinion and instil doubt within the cybercriminal community. The battle against ransomware continues, with authorities employing innovative tactics to bring cybercriminals to justice.


Read more »
Varian
Data Breach Exposed Patient Records Healthcare Data LockBit LockBit ransomware group Ransomware Gang Siemens Healthineers Varian

LockBit Attack: Ransomware Gang Threatens to Leak Cancer Patients’ Medical Data


LockBit ransomware group recently revealed its intent to leak private medical data of cancer patients, stolen in the breach on Varian Medical Systems.

Varian, a subsidiary of Siemens Healthineeres, provides software for the oncology department's applications and specializes in offering therapeutic and diagnostic oncology services. The California-based corporation has more than 10,000 employees as of 2021 and had an annual profit of £269 million. 

While it is still unclear how LockBit got access to Varian's systems or how much data was stolen, the ransomware gang warned readers of its "victim blog" that if the company did not meet their demands within two weeks, soon, its private databases and patient medical data would be made public. Apparently, Varian has until 17 August to meet the negotiation demands in order to restore their stolen data, if they wish to avoid ‘all databases and patient data’ from being exposed in LockBit’s blog. 

The attack is most likely to be a part of ‘triple extortion,’ a strategy usually used by ransomware actors. The strategy involves a three-part attack on an organization that starts with the theft of data that appears to be sensitive before it is encrypted. The corporate victim of the breach can only get their data back and keep it private if they pay a ransom, following which they will receive – in theory – a decryption key from the hackers. 

In regards to the breach, Siemens Healthineers – Varian’s parent company confirmed that an internal investigation is ongoing. However, they did not provide any further details of the breach. 

“Siemens Healthineers is aware that a segment of our business is allegedly affected by the Lockbit ransomware group[…]Cybersecurity is of utmost importance to Siemens Healthineers, and we are making every effort to continually improve our security and data privacy,” said a spokesperson.

Growing Cases of LockBit

Recent months have witnessed a good many cyberattacks conducted by LockBit against some major companies. According to a report by the US Cybersecurity and Infrastructure Security Agency, in the first quarter of 2023, the ransomware gang has already targeted 1,653 companies. They frequently repurposed freeware and open-source tools for use in network reconnaissance, remote access, tunnelling, credential dumping, and file exfiltration. 

Some examples of the LockBit hit companies would be their recent campaign against the port of Nagoya, which ossified supply chains for Japanese automobile company Toyota, and SpaceX in which the ransomware gang claims to have led to a haul of 3,000 proprietary schematics, and an attempt to extort $70 million from Taiwanese chip maker TSMC.  

Read more »
TSMC cyberattack
Cyber Attacks Kinmax LockBit LockBit ransomware group National Hazard Agency Ransomware attack Ransomware Gang Royal Mail TSMC TSMC cyberattack

TSMC Cyberattack: LockBit Demands a Ransom of $70m


Taiwan Semiconductor Manufacturing Company (TSMC) accused one of its equipment suppliers for its LockBit breach that, that has emerged in the on the gang’s dark web victim blog. Apparently, the ransomware has demanded a whopping $70 million ransom demand./ Without disclosing the type of data hacked, the corporation has named the affected third-party supplier as Kinmax Technology, a system integrator with offices in Taiwan.

TSMC stated on the issue, saying "TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident, which led to the leak of information pertinent to server initial setup and configuration." The company confirms that no customer data has been exposed in the breach.

“After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the company’s security protocols and standard operating procedures,” the statement added.

One of the affiliates of LockBit, National Hazard Agency shared screenshots of directory listings of stolen TSMC files on their leak website on Thursday, giving them a deadline of August 6 to pay the ransom amount. However, the ransomware gang did not reveal details of the amount of data it stole from the company.

The blog also gave the company an option to extend the said deadline by 24 hours for $5,000, or to delete all stolen content or download it immediately for $70 million.

Kinmax Issues an Apology

Kinmax Technology expertise in networking, cloud computing, storage, security and database management. The company claims to have experienced a breach on 29 June, stating “internal specific testing environment was attacked, and some information was leaked.” The leaked information included “system installation preparation that the company provided to our customers,” Kinmax said.

LockBit Emerges Again

LockBit is a Russian ransomware gang that first came to light in year 2019. As of the first quarter of 2023, it has a total of 1,653 alleged victims, as per a report released by US cybersecurity firm CISA.

According to the report, since its first known attack in January 2020, the cybercrime group has gathered nearly $91m in ransoms from US victims.

LockBit has also been a reason for a number of high-profile cyberattacks in the UK. This year, the gang has been responsible for the popular Royal Mail attacks, where it demanded a ransom of $80m in Bitcoin. The company however did not pay the ransom, deeming the demand as “ridiculous.” The ransomware gang then responded by exposing the data online, along with the copies of the negotiations held between LockBit and the Royal Mail representatives.

The ransomware gang was also responsible for stealing data from WH Smith, a high-end retailer in the UK. The attack was directed at present and former employees' personal information. Since then, there has been no information indicating whether the business has paid the ransom.

Read more »
religious institute
Cyber Attacks data extortion group 'Karakurt' LockBit ransomware group religious institute

Religious Institutions Become the Latest Focus of Cybercrime Groups

Over the weekend, two long-standing malicious groups declared their responsibility for attacking religious organizations. This marks a new direction for these groups, as they typically target corporations and government agencies rather than religious institutions. 

On Saturday, the LockBit ransomware group announced that it had successfully breached the systems of Relentless Church, a South Carolina-based evangelical megachurch with over 15,000 members and a massive online following. The group claimed to have obtained sensitive employee data, including financial documents and passports. Despite attempts to contact the church, no comment has been provided regarding the cyber attack. 

After a day, Our Sunday Visitor, a Catholic publishing company with a rich history that dates back to 1912, was reportedly targeted by another malicious group. And, the group that took responsibility for the attack is the data extortion group, Karakurt. The group further said that it has breached the organization's systems and stole a massive 130 gigabytes of sensitive data, including HR information, financial contracts, accounting documents, invoices, marketing information, and employee data. 

Our Sunday Visitor is known for producing a variety of Catholic-related content such as religious books, newsletters, and pamphlets. Jim Weigert, the Chief Marketing Officer of Our Sunday Visitor, confirmed that the company detected suspicious activity on their network and took immediate measures to investigate and secure their systems. 

Third-party experts were called in and law enforcement was notified. While he did not disclose whether a ransom demand was made, Weigert stated that the organization is dedicated to safeguarding the data they handle and will update its protocols to protect the data of the organization. Our Sunday Visitor's servers remained operational throughout the investigation. 

According to experts, it is uncommon for malicious groups to target religious institutions, as some groups have banned affiliates from attacking such organizations. Although such rules are sometimes disregarded, especially in the case of hospitals, there have been recent cases of enforcement. 

Last week, the LockBit ransomware group apologized for an attack on Keystone SMILES Community Learning Center and offered a free decryptor, which the organization did not comment on whether it was used. 

Jon DiMaggio, chief security strategist at Analyst1 who has studied LockBit’s operations extensively said that “they are the most notorious ransomware group, because of sheer volume. And the reason for their success is that the leader is a good businessman…” 

“…It’s not that he’s got this great leadership capability. They made a point-and-click ransomware that anyone could use, they update their software, they’re constantly looking for user feedback, they care about their user experience, and they poach people from rival gangs. He runs it like a business, and because of that, it is very, very attractive to criminals.”
Read more »
Subscribe to: Posts (Atom)