All posts tagged: ransomware

Cybercriminals Pose a Greater Threat of Disruptive US Election Hacks Than Russia or China

Cybercriminals Pose a Greater Threat of Disruptive US Election Hacks Than Russia or China

Russian, Chinese, and Iranian state-backed hackers have been active throughout the 2024 United States campaign season, compromising digital accounts associated with political campaigns, spreading disinformation, and probing election systems. But in a report from early October, the threat-sharing and coordination group known as the Election Infrastructure ISAC warned that cybercriminals like ransomware attackers pose a far greater risk of launching disruptive attacks than foreign espionage actors. While state-backed actors were emboldened following Russia’s meddling in the 2016 US presidential election, the report points out that they favor intelligence-gathering and influence operations rather than disruptive attacks, which would be viewed as direct hostility against the US government. Ideologically and financially motivated actors, on the other hand, generally aim to cause disruption with hacks like ransomware or DDoS attacks. The document was first obtained by the national security transparency nonprofit Property of the People and viewed by WIRED. The US Department of Homeland Security, which contributed to the report and distributed it, did not return WIRED’s requests for comment. The Center for Internet Security, which runs the …

Port of Seattle shares ransomware attack details

Port of Seattle shares ransomware attack details

The Port of Seattle released a statement Friday confirming that it was targeted by a ransomware attack. The attack occurred on August 24, with the Port (which also operates the Seattle-Tacoma International Airport) saying it had “experienced certain system outages indicating a possible cyberattack.” The Port is now describing this as “a ‘ransomware’ attack by the criminal organization known as Rhysida.” (The group was also apparently responsible for last year’s cyberattack on the British Library.) With the Port refusing to pay the ransom, Rhysida “may respond by posting data they claim to have stolen on their darkweb site.” “Our investigation of what data the actor took is ongoing, but it does appear that some Port data was obtained by the actor in mid-to-late August,” the Port said, adding that it will notify employees or passengers if it learns that any of their information was stolen. TechCrunch’s Devin Coldewey actually flew through the airport a few days after the attack, where he saw firsthand that many airport systems were still down. Source link

Sophos X-Ops: Ransomware gangs escalating tactics, going to ‘chilling’ lengths

Sophos X-Ops: Ransomware gangs escalating tactics, going to ‘chilling’ lengths

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Posting sensitive data about executives’ family members. Making prank calls to law enforcement that result in violence and even death. Snitching on organizations that don’t pay. Scouring stolen data for evidence of enterprise or employee wrongdoing. Portraying themselves as vigilantes with the public good in mind.  Ransomware actors are escalating their tactics to new, often disturbing heights, according to new research from Sophos X-Ops.  Christopher Budd, director of threat intelligence at the Threat Response Joint Task Force, even called some of their actions “chilling.” “One thing is clear: Attackers are looking not just at technical levers to pull but human levers they can pull,” Budd told VentureBeat. “Organizations have to think about how attackers are trying to manipulate these human levers.” Threats, seeking out wrongdoing, alerting authorities That most “chilling” example identified by Budd involved a ransomware group doxing a CEO’s daughter, posting screenshots of her identity documents, as well as a link to her Instagram …

LockBit ransomware indictment and reward for Russian

LockBit ransomware indictment and reward for Russian

Zoom In IconArrows pointing outwards Dmitry Yuryevich Khoroshev, Russian national and a leader of LockBit. Courtesy: U.S. Department of the Treasury Federal prosecutors on Tuesday announced criminal charges against a Russian national, Dmitry Yuryevich Khoroshev, for allegedly creating, developing and administrating the LockBit ransomware-as-a-service group. The U.S. State Department at the same time offered a $10 million reward for information leading to the apprehension and arrest of Khoroshev, a 31-year-old from Voronezh, Russia. The Treasury Department also imposed sanctions on Khoroshev, blocking all property and interests he holds in the U.S. or are in the possession of Americans. The Department of Justice said the LockBit group led by Khoroshev at times was “the most prolific ransomware group in the world,” targeting more than 2,000 victims, most of them in the U.S., stealing more than $500 million in ransomware payments, and causing billions of dollars more in broader losses including lost revenue. LockBit’s ransomware-as-a-service model licensed its software to other cybercriminals in exchange for payments that included a percentage of ransoms paid by victims, which included …

Dmitry Khoroshev named as alleged leader of ransomware gang LockBit | Cybercrime

Dmitry Khoroshev named as alleged leader of ransomware gang LockBit | Cybercrime

The alleged leader of what was once the world’s largest ransomware outfit, LockBit, has been named as Russian national Dmitry Khoroshev by the UK’s National Crime Agency (NCA), after the seizure of the criminal gang’s infrastructure. Khoroshev, who lived his online life under the name LockBitSupp, has been sanctioned by the UK, US and Australia as a result of the unmasking. He was so certain of his anonymity that he once offered a $10m (£8m) reward to anyone who could reveal his identity. The US government is now offering a reward of up to $10m for anyone who can share information leading to his arrest or conviction. LockBit was seen as one of the world’s most dangerous ransomware groups and its high-profile victims included delivery firm Royal Mail and aerospace company Boeing. In February, LockBit’s entire “command and control” apparatus was seized by law enforcement after a joint international operation. Graeme Biggar, the director general of the National Crime Agency (NCA), said: “These sanctions are hugely significant and show that there is no hiding place …

The Alleged LockBit Ransomware Mastermind Has Been Identified

The Alleged LockBit Ransomware Mastermind Has Been Identified

“If you are a cyber criminal, and you are operating in these marketplaces, or forums or platforms, you cannot be certain that law enforcement are not in there observing you and taking action against you,” says Paul Foster, the head of the NCA’s National Cyber Crime Unit. Rise of Supp LockBit first emerged in 2019 as a fledgling “ransomware-as-a-service” (RaaS) platform. Under this setup, a core handful of individuals, organized by the LockBitSupp handle, created the group’s easy-to-use malware and launched its leak website. This group licenses LockBit’s code to “affiliate” hackers who launched attacks and negotiated ransom payments, eventually providing LockBit with around 20 percent of their profits. Despite launching thousands of attacks, the group initially tried to keep a low profile compared to other ransomware groups. Over time, as LockBit became more well known and started to dominate the cybercrime ecosystem, its members became more brazen and arguably careless. The NCA senior investigator says they pulled data about 194 affiliates from LockBit’s systems and are piecing together their offline identities—only 114 of them …

Microsoft goes from bad boy to top cop in the age of AI

Microsoft goes from bad boy to top cop in the age of AI

This article is part of a series, Bots and ballots: How artificial intelligence is reshaping elections worldwide, presented by Luminate. REDMOND, Wash. — In a shabby corner of Microsoft’s sprawling campus in this suburb of Seattle, Juan Lavista Ferres spun around in his chair and, with a mischievous grin, asked a simple question: “Do you want to play a game?” Microsoft’s chief data scientist — speaking at a frenetic pace, seemingly powered by unlimited free soft drinks and espressos from the building’s unkempt kitchen — pushed himself across his office and typed something into his computer. Within seconds, an image of former U.S. President Donald Trump popped up on the Uruguayan’s massive flatscreen monitor. “What do you think?” he asked, laughing. “Is this real or fake?” This is not just a game. (The Trump photo is an AI-generated forgery.) Lavista Ferres also runs the company’s AI For Good Lab in a converted warehouse here that still has the loading docks left over from when Microsoft used to ship floppy disks to customers worldwide. Alongside efforts to use …

Haun Ventures is riding the bitcoin high

Haun Ventures is riding the bitcoin high

The firm invested $5M in Agora, a front-end solution for Dao governance, this week Blockchain startups were red-hot when Katie Haun left Andreessen Horowitz in 2021 to launch her own crypto-focused venture firm. But shortly after Haun announced that Huan Ventures’ two funds totalled $1.5 billion, cryptocurrency prices cratered, and FTX collapsed.  Despite having a massive arsenal of dry powder, Haun Ventures didn’t rush to scoop up stakes in crypto and web3 on the cheap, and many observers wondered when the firm would pick up its deployment pace. While Haun Ventures says it wasn’t exactly sitting on its hands (and capital) through crypto’s downturn, the firm was perhaps more cautious than it initially intended.  But now that bitcoin prices have rebounded to their previous highs, Haun Ventures’ investment activity is increasing dramatically. Including some of its token positions, the firm has made 48 investments across its early-stage $500 million and $1 billion later-stage acceleration funds, Haun Ventures told TechCrunch.  The firm’s latest investment is Agora, an app that streamlines voting and other decision-making for decentralized …

Change Healthcare Finally Admits It Paid Ransomware Hackers—and Still Faces a Patient Data Leak

Change Healthcare Finally Admits It Paid Ransomware Hackers—and Still Faces a Patient Data Leak

For Change Healthcare and the beleaguered medical practices, hospitals, and patients that depend on it, the confirmation of its extortion payment to the hackers adds a bitter coda to an already dystopian story. AlphV’s digital paralysis of Change Healthcare, a subsidiary of UnitedHealth Group, snarled the insurance approval of prescriptions and medical procedures for hundreds of medical practices and hospitals across the country, making it by some measures the most widespread medical ransomware disruption ever. A survey of American Medical Association members, conducted between March 26 and April 3, found that four out of five clinicians had lost revenue as a result of the crisis. Many said they were using their own personal finances to cover a practice’s expenses. Change Healthcare, meanwhile, says that it has lost $872 million to the incident and projects that number to rise well over a billion in the longer term. Change Healthcare’s confirmation of its ransom payment now appears to show that much of that catastrophic fallout for the US healthcare system unfolded after it had already paid the …

UnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’

UnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’

Health insurance giant UnitedHealth Group has confirmed that a ransomware attack on its health tech subsidiary Change Healthcare earlier this year resulted in a huge theft of Americans’ private healthcare data. UnitedHealth said in a statement on Monday that a ransomware gang took files containing personal data and protected health information that it says may “cover a substantial proportion of people in America.” The health insurance giant did not say how many Americans are affected but said the data review was “likely to take several months” before the company would begin notifying individuals that their information was stolen in the cyberattack. Change Healthcare processes insurance and billing for hundreds of thousands of hospitals, pharmacies and medical practices across the U.S. healthcare sector; it has access to massive amounts of health information on about half of all Americans. UnitedHealth said it had not yet seen evidence that doctors’ charts or full medical histories were exfiltrated from its systems. The admission that hackers stole Americans’ health data comes a week after a new hacking group began publishing …