Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations. A direct cyber shot was delivered to the US oil and gas industry by a Russian criminal group known as DarkSide. DarkSide was identified in the ransomware attack that shut down the US-Georgia-based Colonial Pipeline, which immediately created fuel shortages to cars, trucks, and the airline industry. The ransom of $5 million USD was eventually paid to get the pipeline back i
ransomware (345)
From Krebs On Security, 17 May 2021.[1] Our analysts think this is important information and wish to share with our Red Sky Alliance members. In a Twitter discussion last week on ransomware attacks, Krebs On Security noted[2] that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukr
Recently a trusted cyber professional of Red Sky Alliance, with close to 40 years in the business said, “As cyber technology grew in the last thirty plus years, our international community sacrificed security for convenience.” So true.
Now we ask: if a Russian cyber-criminal group[1] or the North Korean military hacks[2] your company, places ransomware on your network because of corporate carelessness and then demands millions to unlock your valuable data - at that point - does it really matte
Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations. A direct cyber shot was delivered to the US oil and gas industry, allegedly by a Russian criminal group known as DarkSide. DarkSide is suspected in the ransomware attack that shut down the US-Georgia based Colonial Pipeline, which immediately created fuel shortages to cars, trucks and the airline industry.
This pipeline attack now has other energy sector officials on edge
What is RedPane?
RedPane is a dark web search engine tool that has been developed by Red Sky Alliance since late January 2021. With RedPane we are able to make dark web content available without the need for analysts to touch the dark web to visit Tor .onion sites. To date, we have over 300,000 data points on over 50 sites and we are adding new sites weekly.
With RedPane we have developed custom processes to capture text data from dark web sites that we designate, parse that information into a for
Cyber threat actors are increasingly using and abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems. Telegram is a cloud-based instant messaging and voice-over IP service. Telegram client apps are available for Android, iOS, Windows Phone, Windows NT, macOS, and Linux. Users can send messages and exchange photos, videos, stickers, audio, and files of any type. Even when Telegr
US Atlanta based Colonial Pipeline Company said in a statement last Friday that it was the victim of a cybersecurity attack, and so "proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems." An updated statement over the weekend it said it had "determined that this incident involves ransomware."
A former U.S. official and two industry sources have told media that the group DarkSide is among the sus
The US Nation’s Capital police department has reportedly been hit by Russian-speaking ransomware threat actors who claim to have stolen sensitive information on informants. If true, this is a very troubling cyber-attack. If informants cannot keep their anonymity, they will never work with the police. The Babuk group gave police three days to pay-up before it shares the data with local gangs, according to media sources. The files were allegedly posted on a dark web forum.
Babuk ransomware is
The malware seems like nothing special at first, but further exploration shows it can wreak serious damage in follow-on attacks. The NitroRansomware malware strain is changing the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money. Discord is a VoIP, instant messaging and digital-distribution platform designed for creating communities. Users communicate with voice calls, video calls, text messaging, media and files in private chats or as part of communit
Ransomware has been one of the hottest topics in cybersecurity during the last year. Some researchers are labeling it the "perfect storm." A storm made more severe by the pandemic, with so many employees working remotely, exacerbating the risk of ransomware. However, there are other contributing factors to the rise in ransomware the world witnessed in 2020.
The Royal United Services Institute for Defense and Security Studies (RUSI), a British defense and security think tank, has released a repo
Researchers have dissected some of the attacks involving the Hades ransomware and published information on both the malware itself and the tactics, techniques and procedures (TTPs) employed by its operators. Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid. Hades was named
The Houston Rockets professional basketball team is reporting that their security and law enforcement authorities are investigating a cyber-attack. Officials are claiming a new hacking group attempted to install ransomware on the basketball team’s internal systems. “The Rockets organization recently detected suspicious activity on certain systems in its internal network. We immediately launched an investigation,” the Rockets said in an emailed statement, adding cybersecurity experts are assis
One of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cybersecurity attack” on 21 March 2021. The cyber-attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.
Founded in 1967, the Loews Corp subsidiary is among the top 10 cyber insurance companies and the leading 15 casualty and property insurers in the US. It employs about 5,800 workers and
After recently announcing the end of the operation, the administrator of Ziggy ransomware is now pledging to give their ransom generated money back. BleepingComputer says that it appears that this is a planned move since the admin shared the "good news" a little over a week ago but gave no details. Ziggy ransomware ceased operations in early February. In a brief announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all
The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations. The REvil ransomware threat group is on a cyberattack tear, claiming over the past three weeks to have infected ten organizations across Africa, Europe, Mexico and the US. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the US; as well as two large international banks (one in Mexico and
“No entiendo como se comprometió España.” Responder en Inglés, “well my friends, no one is immune to cyber-attacks - no one.” Spain’s State Public Employment Service (SEPE), which coordinates unemployment benefits and ERTE throughout Spain, has been the victim of a cyberattack that has crippled its electronic and face-to-face appointment-setting services and other procedures.[1] A government Spanish spokesman said, “At the moment it is not possible to access the website”, with the Central Tra
A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have recently found. The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then copying a unique version of the ransomware executable (with the file name rep.exe or lan.exe) to each of them as
