Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ransomware Actors. Show all posts
threat report
Cyber Crime Extortion Scheme Ransomware Ransomware Actors threat report

Ransomware Extortion Demands Increase to $5.2 Million Per Attack

 

Ransomware demands are skyrocketing in 2024, with the average extortion demand per ransomware attack exceeding $5.2 million per incident in the first half of the year. 

Following an attack on India's Regional Cancer Centre (RCC) on April 20, a review of 56 ransom demands from January to June of this year revealed that the highest demand was $100 million. The second and third highest extortion demands were issued to Synnovis, a UK pathology supplier, and London Drugs, a Canadian retailer, at $50 million and $25 million, respectively. 

Even though there were 421 ransomware attacks in the first half of 2024 as opposed to 704 attacks in the same time of 2023, the numbers for 2024 are probably going to rise as long as there are more SEC-mandated breach disclosures. In terms of how much data has been stolen in these attacks, private companies have had 29.7 million records compromised thus far, whilst governments have had 52,390, and the healthcare industry has had a startling 5.4 million exposed records. 

Prevention tips 

Maintain backups: The researchers recommend that backing up critical information is the single most effective strategy to recover from a ransomware outbreak. There are a few things to consider, however. Backup files should be securely safeguarded and stored offline or out-of-band to prevent attackers from targeting them. 

Using cloud services may help alleviate a ransomware outbreak as many retain previous versions of files, allowing you to restore to an unencrypted version.Regularly test backups for efficacy. In the case of an attack, be sure your backups aren't infected before rolling back. 

Develop strategies and policies: Create an incident response strategy so that your IT security personnel knows what to do in the case of a ransomware attack. The plan should include the roles and communications to be shared during an assault. 

You should also include a list of contacts, such as any partners or vendors that need to be informed. Do you have a "suspicious email" policy? If not, try implementing a company-wide policy. This will help instruct employees on what to do if they receive an email that they don't understand. It may be as simple as forwarding the email to the IT security staff. 

Keep systems up-to-date: Make sure that all of your organization's operating systems, apps, and software are constantly updated. Applying the most recent updates will help close the security gaps that attackers are attempting to exploit. Wherever possible, enable auto-updates so that you always have the most recent security fixes.
Read more »
Ransomware Actors
Crypto Fraud Crypto Mining Cyber Crime Illegal Funds Money Laundering Ransomware Actors

Ransomware Actors are Using Crypto Mining Pools to Launder Money

 

According to a recent analysis by the blockchain forensic company Chainalysis, the use of cryptocurrency mining as a technique to improve money laundering skills extends beyond nation state actors and has particular appeal to regular criminals. 

As per reports, sanctioned nation-states like Iran have turned to cryptocurrency mining as a way to amass money away from the traditional banking system. In a recent development, cybersecurity firm Mandiant also disclosed how the Lazarus Group, a notorious North Korean hacker group, has been utilising stolen cryptocurrencies like Bitcoin to buy freshly-mined cryptocurrency through hashing rental and cloud mining services.

Simply explained, online criminals mine "clean" coins using stolen crypto and then utilise different businesses to launder them. One of these sites, according to Chainalysis, is an unnamed "mainstream exchange" that has been acknowledged as having received "substantial funds" from wallets and mining pools connected to ransomware activity. 

In total, $94.2 million was sent to one of these recognised deposit addresses, of which $19.1 million came from ransomware addresses and the remaining $14.1 million from mining pools. However, Chainalysis found that the ransomware wallet in question was occasionally sending money to a mining pool "both directly and via intermediaries." 

“This may represent a sophisticated attempt at money laundering, in which the ransomware actor funnels funds to its preferred exchange via the mining pool in order to avoid triggering compliance alarms at the exchange,” the report reads. 

Chainalysis further asserts that "ransomware actors may be increasingly abusing mining pools"; citing its data, the company stated that "since the start of 2018, we've seen a large, steady increase in value sent from ransomware wallets to mining pools." 

A total of 372 exchange deposit addresses have received cryptocurrency transfers totaling at least $1 million from mining pools and ransomware addresses. Instances like these, in the opinion of the company, point to ransomware criminals trying to pass off their stolen money as earnings from cryptocurrency mining. 

Chainalysis said that "this sum is certainly an underestimate," adding that "these exchange deposit addresses have received a total of $158.3 million from ransomware addresses since the beginning of 2018. 

Illegal money transfers 

Chainalysis cites BitClub as an additional noteworthy instance of cybercriminals using mining pools. BitClub was a notorious cryptocurrency Ponzi scheme that deceived thousands of investors between 2014 and 2019 by making claims that its Bitcoin mining operations would generate significant returns. 

The company claims that BitClub Network transmitted Bitcoin valued at millions of dollars to wallets connected to "underground money laundering services" allegedly based in Russia. These money laundering wallets then transferred Bitcoin to deposit addresses at two well-known exchanges over the course of three years. 

The same period, between October 2021 and August 2022, saw the transfer of millions of dollars' worth of Bitcoin to the identical deposit addresses at both exchanges by an unidentified Russian Bitcoin mining company. 

The cryptocurrency exchange BTC-e, which the U.S. authorities accuse of promoting money laundering and running an illegal money service business, sent money to one of the wallets allegedly linked to the alleged money launderers. Additionally, it has been claimed that BTC-e handled money that was stolen from Mt. Gox, the biggest Bitcoin exchange in the early 2010s. 

These accusations led to the seizure of BTC-e by American authorities in July 2017, the removal of its website, and the arrest of its founder, Alexander Vinnik, in Greece the same month. 

Prevention Tips

According to Chainalysis, mining pools and hashing providers should put strict wallet screening procedures in place, including Know Your Customer (KYC) protocols, in order to "ensure that mining, which is a core functionality of Bitcoin and many other blockchains, isn't compromised."

The company also believes that these verification processes can successfully stop criminals from using mining as a means of money laundering by using blockchain analysis and other tools to confirm the source of funds and rejecting cryptocurrency coming from shady addresses.
Read more »
Subscribe to: Posts (Atom)