Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label ransom payments. Show all posts
U.S. law enforcement
Cryptonator German law enforcement Laundering Money Laundering ransom payments seized stolen cryptocurrency Technology U.S. law enforcement

Cryptonator Seized for Laundering Ransom Payments and Stolen Cryptocurrency

 

U.S. and German law enforcement have taken down the domain of Cryptonator, a cryptocurrency wallet platform allegedly used by ransomware groups, darknet marketplaces, and other illegal services. The platform's operator, Roman Boss, has been indicted on charges of money laundering and running an unlicensed money service business.

Cryptonator, established in 2014, allows users to store and exchange various cryptocurrencies within their personal wallets. However, according to blockchain investigation firm TRM, Cryptonator did not implement necessary anti-money laundering controls, enabling anonymous or pseudonymous users to conduct illicit activities.

The primary domain "cryptonator.com" now displays a seizure notice. The operation involved the U.S. Department of Justice, the FBI, the IRS:CI, the National Cryptocurrency Enforcement Team, the German Federal Criminal Police Office (BKA), and the Attorney General's Office in Frankfurt am Main.

Between 2014 and 2023, Cryptonator wallet addresses reportedly engaged in significant transactions, including:

- $25 million with darknet markets and fraud shops
- $34.5 million with scam addresses
- $80 million with high-risk exchanges
- $8 million with ransomware-associated addresses
- $54 million with hacked and crypto theft operations
- $34 million with illegal cryptocurrency mixers
- $17 million with sanctioned addresses

TRM links Cryptonator's transactions to entities such as Hydra Market, Blender.io, Finiko, Bitzlato, Garantex, Nobitex, and an unidentified terrorist group. The U.S. government has previously sanctioned Hydra Market, Bitzlato, Garantex, and Blender.io.

The Department of Justice's complaint alleges that Cryptonator's account creation process, requiring only an email and password, failed to comply with know-your-customer (KYC) regulations. It also accuses Boss of facilitating illicit activities, including discussions about supporting cryptocurrencies popular in darknet markets, such as Monero, and offering API key integrations for illegal platforms.

The complaint seeks penalties for money laundering, operating an unlicensed money service business, injunctions against Boss, damage relief, and asset seizures. The DOJ revealed that Cryptonator processed over $235 million in illicit funds.
Read more »
Technology
Energy Oil ransom payments Ransomware Technology

Securing the Grid: How Ransomware is Targeting Energy and Oil Sectors


According to a new analysis from cybersecurity firm Sophos, ransomware attacks are hitting the energy and oil and gas sectors harder, costing utilities more in recovery time and money as victims appear to be more inclined to pay ransom demands.

Ransomware Attacks: A Growing Threat

The report examines ransomware's impact on critical infrastructure firms and is based on more than 200 responses from a larger survey of 5,000 cybersecurity and IT leaders conducted in January and February. Sophos reported that the global ransomware attack rate appears to be decreasing. Still, researchers discovered that recovery times for energy, oil and natural gas, and utilities have been gradually growing since at least 2022.

This slowness could represent the increased complexity and severity of attacks, needing more recovery labor. According to the paper, this also implies a rising lack of recovery planning.

Vulnerabilities in the Energy Sector

According to the report, more than half of energy, oil and gas, and utility ransomware victims required more than a month to recover, up from 19% in 2022.

The Biden administration has spent recent months warning about Chinese-backed infiltrations into sensitive civilian and military critical infrastructure. Security officials have stated that the "Volt Typhoon" hackers may attempt to impair essential infrastructure serving people to influence public opinion as tensions rise in Taiwan. 

Researchers cautioned that cyberattacks on IT infrastructure, such as bill payment systems, can influence operations and services, implying that even if an attack solely impacts the IT side of the business, key functions such as energy generation and transmission may be affected.

"There's a preponderance of older technologies configured to enable remote management without modern security controls like encryption and multifactor authentication," Chester Wisniewski, global field chief technology officer at Sophos, said in a news statement. "Like hospitals and schools these utilities are frequently operating with minimal staffing and without the IT staffing required to stay on top of patching, the latest security vulnerabilities, and the monitoring required for early detection and response."

The Cost of Ransomware Attacks

As reported by Sophos, nearly half of all successful assaults were caused by an unpatched or untreated vulnerability, with compromised credentials accounting for slightly more than a quarter. According to the researchers, the energy, oil and gas, and utilities sectors are the "most likely to fall victim to the exploitation of unpatched vulnerabilities."

Furthermore, that same group is more inclined to pay a ransom to restore encrypted data rather than relying on backups.

According to the report, this is the first time that energy, oil/gas, and utility firms have reported a higher propensity to pay the ransom rather than employ backups.

The Rising Tide of Ransomware

While the survey highlights how ransomware remains one of the most disruptive to critical infrastructure operations, the general lack of information in the larger threat picture due to low reporting rules suggests that the true cost of ransomware could be significantly greater. 

The Cybersecurity and Infrastructure Security Agency is now working on a rulemaking process that will require many critical infrastructure businesses to report significant cyber events, with the final rule likely early next year.

Read more »
victim response
Coveware Cyber Threats Cybersecurity Data Breach Data Recovery industry collaboration Law Enforcement ransom payments Ransomware victim response

Increasing Number of Ransomware Targets Opting Against Ransom Payments

 

For an extended period, ransomware groups have instilled fear in various organizations, including businesses, schools, and hospitals. However, there is a positive shift as an increasing number of victims are now rejecting ransom demands.

In the fourth quarter, the percentage of victims succumbing to ransom payments reached an all-time low, standing at a mere 29%, according to cybersecurity provider Coveware, specializing in assisting companies against ransomware attacks. 

This decline is not an isolated incident but part of a growing trend that commenced approximately three years ago when around 60% of victims yielded to ransomware demands. Coveware attributes this change to the enhanced capabilities of the industry in responding to successful ransomware incidents. Despite these attacks having the potential to encrypt entire networks and pilfer sensitive information, many companies are now able to recover using their own backups.

Moreover, there is a heightened awareness among victims that paying a ransom provides no assurance of data deletion. Instead, there is a risk that the stolen data might be traded clandestinely to other cybercriminal groups, and the ransomware gang could exploit the information to target the victim again.

Coveware notes, "The industry continues to get smarter on what can and cannot be reasonably obtained with a ransom payment. This has led to better guidance to victims and fewer payments for intangible assurances." 

However, on the downside, ransomware groups are still extracting substantial funds from those who choose to pay up. In Q4, the average ransomware payment soared to $568,705, up from $408,644 a year earlier. Simultaneously, the number of data breaches in 2023 set a new record at 3,205 publicly known compromises, as reported by the Identity Theft Resource Center.

Coveware emphasizes the need for a united front against the ransomware menace, urging the industry to establish stronger collaborations with law enforcement on a continuous basis rather than seeking assistance only during a ransomware attack. 

The company highlights that less than 10% of victims contacted by law enforcement for further assistance in the aftermath of a ransomware incident actually continue to collaborate. This lack of follow-through impedes law enforcement efforts, as proper evidence collection from victims is crucial to concluding investigations. Coveware's data reveals that the majority of ransomware victims are small to medium-sized businesses with employee headcounts below 1,000 people.
Read more »
Subscribe to: Posts (Atom)