Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ransom Demands. Show all posts
University Hack
Bitfinex Cyber Attacks Data Safety Data Theft Hackers Ransom Demands Ransomware threats University Hack

Assessing F Society's Latest Ransomware Targets: Are They at Risk?

 

In recent developments, the F Society ransomware group has once again made headlines by listing four additional victims on its leak site. The alleged targets include Bitfinex, Coinmoma, Rutgers University, and SBC Global Net. Bitfinex, a renowned cryptocurrency exchange platform, and Coinmoma, offering cryptocurrency-related data, are among the victims. 

Rutgers University, one of the oldest universities in the US, and SBC Global Net, an email service once provided by SBC Communications, are also allegedly affected. While the attacks are yet to be officially confirmed, the ransomware group has provided unique descriptions for each victim, along with links to sample data obtained from the attacks. 

Bitfinex was reportedly targeted with the theft of 2.5 TB of information and personal details of 400K users. Rutgers University faced an alleged theft of 1 TB of data, with the specific type of information not disclosed. Coinmoma was claimed to have sensitive data, including user information and transaction histories, compromised, with a file size of 2TB and 210k user records. 

Similarly, SBC Global Net was stated to have unauthorized access, leading to the theft of personal user details, with a file size of 1 TB. Despite these claims, no ransom amount has been publicly mentioned, and the victims are given seven days to comply with the demands, failing which the obtained data will be leaked. 

As of now, there have been no official responses from the victims, and the claims remain unverified. While the authenticity of F Society's claims is uncertain, Bitfinex had previously experienced a significant hacking incident in 2016. During this incident, approximately 119,754 bitcoins were stolen from the platform due to a breach, leading to unauthorized transactions. The stolen bitcoins were later recovered by law enforcement after a thorough investigation, marking one of the largest recoveries in the history of the US Department of Justice. 

However, the perpetrator behind the hack remains unidentified, although it is known that they attempted to cover their tracks using a data destruction tool. The previous security lapse experienced by Bitfinex highlights the importance of robust cybersecurity measures, especially in the realm of cryptocurrency exchanges. As cyber threats continue to evolve, organizations must prioritize the implementation of stringent security protocols to safeguard sensitive data and mitigate the risk of ransomware attacks.
 
Additionally, prompt response and collaboration with law enforcement agencies are essential in investigating such incidents and holding perpetrators accountable for their actions. The recent targeting of prominent entities by the F Society ransomware group underscores the persistent threat posed by cybercriminals. As organizations strive to fortify their defenses against such attacks, proactive measures and swift action are imperative to protect valuable assets and maintain trust among stakeholders in an increasingly digital landscape.
Read more »
Tax Fraud
Cyber Attacks Identity Theft IRS Ransom Demands Ransomware attack sensitive data theft Tax Fraud

Teachers' Taxes Fraudulently Filed in Glendale Ransomware Attack

 

The Glendale Unified School District recently found itself at the center of a distressing situation when teachers, nurses, counsellors, and other faculty members received an unexpected notification from the IRS: their taxes had already been filed. What unfolded was a troubling revelation — the district had fallen victim to a ransomware attack, compromising sensitive data and leaving employees grappling with the aftermath. 

The attack, which occurred in December, targeted the school district's system, locking employees out and demanding a ransom for the safe return of their data. The stolen information included employee and student details such as names, addresses, dates of birth, Social Security numbers, and financial account information. As if that wasn't alarming enough, the breach's full extent became apparent when employees attempted to file their taxes, only to discover that fraudulent filings had already been made using their information. 

In the wake of the breach, at least 231 union members found themselves impacted, facing the arduous task of verifying their identities with the IRS to rectify the situation. The district took swift action, partnering with law enforcement agencies and cybersecurity experts to investigate the incident's scope and potential risks to employees and students. Despite the district's efforts to address the breach, some employees expressed dissatisfaction with the handling of the situation. 

Criticism centered around the perceived lack of transparency and timely communication regarding the breach. While the district maintained that it promptly informed the community about the incident and provided regular updates, employees felt otherwise, describing the information release as a "slow drip of updates." 

Amidst the fallout, concerns lingered about the compromised data's implications and the district's ability to safeguard against future attacks. School districts, while not prime targets for ransomware attacks, are vulnerable due to their extensive networks and numerous vulnerabilities. The complexity of securing these systems underscores the challenges faced by educational institutions in safeguarding sensitive information. 

Looking ahead, affected employees face an uphill battle in reclaiming their financial security, with the process of rectifying fraudulent filings expected to be prolonged and cumbersome. Despite assurances from the district and ongoing efforts to mitigate the breach's impact, the incident serves as a stark reminder of the ever-present threat posed by cybercriminals and the critical need for robust cybersecurity measures in educational institutions.
Read more »
ransomware attacks
Cyber Hacker Cyber Security Cyberattacks CyberCrime cybercriminals Ransom Demands ransomware attacks

Behind Closed Cyber Doors: 50 Ransomware Negotiations' Unexpected Insights

 


A cybersecurity expert will usually recommend that negotiators should be avoided when trying to resolve the issue of ransomware hackers. A victim recently defied conventional wisdom and attempted to negotiate with their attackers on December 30, 2020, despite their attackers attempting to kill them. 

As the victim typed the words "Help?" At one point during the compromise of the computers, a response was received from one of the hackers offering to negotiate with the victim. During the interview, the hackers admitted that they had encrypted the victim's network and data in addition to downloading internal documents and files from the victim's network. As a ransom, they requested a payment of $8,500,000 for the key to unlock the encrypted files. 

Unexpectedly, there was a misunderstanding in the negotiation that led to the breakdown of the deal. As a result, the hackers mistook the victim's wishes for the destruction of files and did not provide the decryption key to do so. In the end, the ransom demand was markedly reduced, resulting in a final amount of only $450,000 being agreed upon, thereby resulting in a 94.7% reduction from the original demand of $1 million. 

In the case of ransomware incidents, the details are usually shrouded in secrecy and made to remain out of the public domain as long as possible. Despite the secrecy, Valéry Marchive, a French journalist who specializes in cybersecurity, does not like it. This can be used as a weapon in the fight against ransomware gangs, as all these cloak-and-dagger conversations he has had with these criminal gangs provide valuable insight into how they operate and can be used by them to attack.

Marchive has been compiling a database of ransomware negotiation chats over the past few years, and as of recent made the database available to the public as part of its effort to reduce ransomware attacks. The recent research report on the data used by Cyber Threat Intelligence Analyst Calvin So focuses on how stylometric analysis (essentially, the study of writing styles) can help identify patterns and individuals based on the text dialogue they use within the report. 

The results of an analysis of negotiation transcripts of 50 trial cases from Marchive's archives show that victims who negotiate tend to pay much less than the initial ransom demand, resulting in a significant reduction in the amount asked. There has been a fair amount of negotiation between the victims and the pirates, and on average only half of the original demand was paid (52.7%). It is important to note that only one victim among the sample paid the full amount without negotiating with the con artist. 

In some interesting cases, ransomware hackers have adopted a very professional, congenial approach to communicating with victims when faced with ransomware threats. As a security vulnerability exposer, they will bill victims for their service and present themselves as a threat to your computer system. In addition to victimizing, victims sometimes engage in friendly banter with their attackers, which may suggest that their relationship with their attackers is unusual. 

There is No Set Deadline


The most common thing that victims negotiate with their lawyers is an extended deadline. When a victim appears willing to pay for the hack, it is free for the hackers, as long as they are willing to negotiate and take the victim to the table. The fact that hackers proposed reducing the ransom so long as the payment was posted as quickly as possible was a big clue that they were hacking.  

When hackers start negotiations, they often use this response as their first gesture as they want to initiate transactions as soon as possible, however, they are willing to extend this deadline as long as they feel progress is being made, or they think the victim is in the process of obtaining funds. 

A facade of civility conceals the fact that there are threats hidden both within and without the facade. When negotiations are at an impasse, hackers challenge their victims, taunt them, and issue ultimatums to end the negotiations. Even though negotiating with ransomware hackers is generally not recommended, a better understanding of how these negotiations happen can provide valuable insights into how to combat ransomware attacks in the future. 

Avoid Dealing With the Devil 


Even though anonymous company representatives may have come away relatively unscathed, this should not be taken as a sign that you should negotiate with ransomware groups – quite the opposite. 

It is important to remember that even though the company's sample set of transcripts did not show hackers reneging on their commitment to release the hostage data as soon as the victim paid for it, there is no guarantee that even if they release the data, they will not make a copy of it to sell it to others.   

Cybercriminal activity comes with a variety of risks, and this is just one of them. According to Max, there is no reason for the bad guys to carry out their plans since they have no incentive to do so. The money has been delivered, and that is a task completed for them, so they feel satisfied with their work.

One way to stick it to ransomware groups is to make sure you never fall prey to their ruse in the first place, but that should go without saying. As a result, most of the time, it is possible to prevent the vulnerability of individuals and companies to hackers by implementing some best practices. 

According to PCMag, the first step you should take is to implement a password policy that requires all passwords to be unique with at least 20 characters. There is an easy and essential policy that each employee with a work account should adhere to.

Furthermore, there should be a similar policy in place for all personal accounts of employees. Keeping that in mind, we strongly recommend you use a reliable password manager for managing your passwords across multiple accounts so that you can create and manage them easily. 

In addition, it is critical to ensure that all the devices installed on the work premises, such as smartphones and tablets, have security features enabled in their configurations. Ensure that you patch and update your operating system and software regularly, and be sure to perform regular backups of your data as well. For those users who are looking to protect themselves from ransomware, there is a wide variety of apps that can assist you.
Read more »
Subscribe to: Posts (Atom)