ransomware (64)

8615969486?profile=RESIZE_400xWhile in existence prior to 2016, ransomware gained notoriety that year targeting the global healthcare industry, and in several instances, successfully extorting ransoms from victims. Since then, ransomware has turned out to be more than just a nuisance crime, with ransomware operators adjusting targeting strategies, malware deployment, and diversifying how they executed their campaigns to maintain success rates. Over the past few years, ransomware operators have shifted tactics, moving from wi

8566308097?profile=RESIZE_400xNo one needs reminding that ransomware has reached incredible proportions; one widely reported statistic from Purplesec suggests that $20 billion was paid out in 2020. That's almost double its $11.5 billion estimate from 2019, with a commensurately huge increase in the number of attacks, while BitDefender suggested a 715% increase in the first half of the year.

The "crews" have multiplied, adopted tactics that are reminiscent of nation-state attacks, and developed partnerships and relationships

8565096268?profile=RESIZE_400xA group of cybercriminals known for ransomware attacks has started leaking files allegedly stolen from Jones Day.  Jones Day is an international law firm based in the US.  As of 2018, it was the fifth largest law firm in the US and the 13th highest grossing law firm in the world.  Jones Day has represented former US president Donald Trump, including his inquiries into the 2020 voting irregularities. 

The cybercriminals behind the ransomware operation known as Clop (Cl0p) have been known to encry

8547598053?profile=RESIZE_400xBack in the 1960’s, our educational systems began teaching a concept called, Phonics.  Phonics is a method for teaching people how to read and write an alphabetic language. It is done by demonstrating the relationship between the sounds of the spoken language, and the letters or groups of letters or syllables of the written language.  Enter FonixCrypter, not the mobile app but the criminal hacking gang - which is far from the innocent way of teaching language. 

It is being reported that the Foni

8539955457?profile=RESIZE_400xIn 1972, Alice Cooper sang a popular song: “School’s Out.”  In 2020, school has literally been 'OUT for Covid.'  The global pandemic has shut down many, many global school systems.  This created a system of teaching virtually using a variety of on-line platforms.   That turned the heads of black hat hackers to successively focus on attacking school systems, teachers, parents and students.  Recently, there has been a significant increase in ransomware cyber-attacks on virtual classrooms.  The Cor

8532841253?profile=RESIZE_400xA report published today by blockchain investigations firm Chainalysis confirms that cybercrime groups engaging in ransomware attacks don't operate in their own bubbles but often switch ransomware suppliers (RaaS services) in a search for better profits. The report analyzed how Bitcoin funds were transferred from victims to criminal groups, and how the money was divided among different parties involved in the ransomware attack, and how it was eventually laundered.

In today’s world, the ransomwar

8493720681?profile=RESIZE_400xSANS has long been a leader in cyber and has recently published a research paper on Ransomware Prevention.  2020 saw ransomware attacks sky-rocket.  Below is a brief introduction and link to the full report.  "Ransomware is a fast-growing threat affecting organizations of all sizes and industries.  Quick spreading and highly interruptive, ransomware damage ranges from profoundly impacting a business’s finances to threatening proper healthcare by disabling access to critical data needed for medic

8490804099?profile=RESIZE_400xCybercriminals will often use brute-force attacks, phishing emails, and existing data dumps to break into corporate networks but there is one area that is often ignored to a company's detriment: ghost accounts.  It is not always the case that when a staff member leaves their employ, whether due to a new job offer, changes of circumstance, illness, or in unfortunate cases, death, that their accounts are removed from corporate networks. 

This oversight is one that cybercriminals are now taking adv

8467395687?profile=RESIZE_400xAttacks involving million-dollar ransom demands attract headlines, but the payout is no longer the sole financial incentive for attackers. The exfiltration of critical data is a key motivator that can be used to extort victims into paying even larger fees to recover assets.  Data, including intellectual property such as research and patents, is often targeted by organized groups or as part of corporate espionage. Stealing this information and then coercing a business into paying to get access to

8423424691?profile=RESIZE_400xIn their attempt to extort as much money as quickly as possible out of victims, ransomware gangs know some effective techniques to get the full attention of a firm’s management team.  One of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom. 

Although the technique of prioritizing the theft of data from managers’ PCs

8399725677?profile=RESIZE_400xLast October 2020, researchers at US security company AdvIntel discovered that one of the Internet’s most troublesome malware platforms, Trickbot, had started testing something rather threatening: probing UEFI firmware chips inside targeted PCs to see whether they were vulnerable to known firmware vulnerabilities.  This was only reconnaissance, Trickbot was not infecting the SPI flash chip on which UEFI firmware resides, but the discovery is significant.

UEFI (Unified Extensible Firmware Interfa

8390510860?profile=RESIZE_400xOur Red Sky Alliance research predictions for 2021 are not necessarily in any order of importance yet presented as what we believe are the most important.

Ransomware…Ransomware… Ransomware

2020 saw a dramatic rise in ransomware activity.  While it is difficult to predict specifically what ransomware authors will do next, it can be expected that they will continue to do what has worked well for them in the past if it continues as profitable.  Ransomware ‘payment’ amounts saw a 217% rise in 2020 f

8370100074?profile=RESIZE_400xThe Covid pandemic add numerous concerns with the shipment of cargo in many countries.  Part of these “concerns” are the drastic increase of ransomware into the IT and OT (operating technology) systems of the transportation sector.  Transportation Topics published a recent article regarding the growing transportation targeted ransomware threat.[1]  The authors report that ransomware attacks have jumped 715% year-over-year.   

United States Tennessee state-based trucking and logistics company For

8270285688?profile=RESIZE_400xFor ransomware actors, innovation is a key to success, as crime gangs look for new ways to dupe people and make crypto-locking malware even more lucrative.  Some hacking groups have started cold-calling victims to inform them that their systems have been hit by ransomware and request a ransom to resolve the situation.  An old, yet tried and true use of chicanery.  Sometime old schemes become new schemes.  This is just the latest in a long line of shakedown tactics, which include not just using c

8263146099?profile=RESIZE_400xThe cybercriminal-controlled botnet known as TrickBot has become a public enemy number one (again) for the cybersecurity community. It has survived takedown attempts by Microsoft, analysts from leading cybersecurity firms, and even US Cyber Command. It now appears that the hackers behind TrickBot are trying a new technique to infect the deepest recesses of infected machines, reaching beyond their operating systems and into their firmware.

The security firms AdvIntel and Eclypsium revealed that t

8246208482?profile=RESIZE_400xRansomware was one of the most observed cyber threats this year to date. Ryuk and Sodinokibi, were the most observed villains in Red Sky Alliance’s client investigations, have been joined by Maze as the top three ransomware variants so far in 2020.  After launching several high-profile attacks earlier in 2020, the actors behind Ryuk ransomware seem to have gone on a vacation near the end of Q2. According to cyber threat analysts, Crimeware and their developers often have periods where they go do

8241714491?profile=RESIZE_400xRansomware attacks on enterprises of all sizes across industry sectors are on the rise.  Cyber threat experts estimate that worldwide, ransomware is expected to infect a business every 11 seconds and projected to cost over $20 billion in 2021.  Any organization can be a victim as a successful ransomware attack is within the reach of cybercriminals everywhere.  As ransom demands have increased, organizations continue to pay these hefty sums.

The sophisticated threat actors have proven to be metic

8196171482?profile=RESIZE_400xRemember the Dark Side comics?  Well, the DarkSide criminal hacking group is no laughing matter.  The DarkSide Ransomware gang claims they are creating a distributed storage system in Iran to store and leak data stolen from victims.  DarkSide is operated as a Ransomware-as-a-Service (RaaS) where developers control programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.

DarkSide is the latest ransomware criminal gang to anno

8196181261?profile=RESIZE_400xDistributed denial-of-service attacks target websites and online services. The aim is to overwhelm them with more traffic than the server or network can accommodate. The goal is to render the website or service inoperable.  The traffic can consist of incoming messages, requests for connections, or fake packets. In some cases, the targeted victims are threatened with a DDoS attack or attacked at a low level.

DDoS attacks have not been in the spotlight this year, due the onslaught of high dollar a

8155549678?profile=RESIZE_400xThe Ragnar Locker ransomware group has decided to ratchet up the pressure on its latest high-profile victim, Italian liquor conglomerate Campari, by taking out Facebook ads threatening to release the 2TB of sensitive data it downloaded in a November 3, 2020 attack unless a US$15 million ransom is paid in Bitcoin.  Attacks that are carried out by the gang behind Ragnar Locker, break into company networks, make themselves admins, conduct reconnaissance, delete backups and deploy ransomware manuall