Daily NCSC-FI news followup 2021-04-30

DarkPath scam group loses 134 domains impersonating the WHO

therecord.media/darkpath-scam-group-loses-134-domains-impersonating-the-who/ United Nations security experts and security firm Group-IB said they worked together to take down 134 websites operated by a cybercrime group known as DarkPath. Group-IB told The Record that after notifying the UN’s International Computing Centre, they worked with “a wide network of regulators and service suppliers domain name registrars, hosting providers, associations, including FIRST, TRUSTED Introducer, APWG, Scamadviser and many others” to take down the 134 sites.

Brazil’s Rio Grande do Sul court system hit by REvil ransomware

www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/ Brazil’s Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that encrypted employee’s files and forced the courts to shut down their network. BleepingComputer was told that the REVil ransomware operation demanded a $5, 000, 000 ransom to decrypt files and not leak data.

Babuk ransomware readies ‘shut down’ post, plans to open source malware

www.bleepingcomputer.com/news/security/babuk-ransomware-readies-shut-down-post-plans-to-open-source-malware/ Whenever the Babuk ransomware gang decides to call it quits, at least under the Babuk name, they would “do something like Open Source Ransomware-as-a-Service (RaaS), everyone can make their own product based on our product and finish with the rest of the RaaS.”

Ransomware is now a national security risk. This group thinks it knows how to defeat it

www.zdnet.com/article/ransomware-is-now-a-national-security-risk-this-group-thinks-it-knows-how-to-defeat-it/ A paper by the Institute for Security and Technology’s (IST) Ransomware Task Force (RTF) a coalition of cybersecurity companies, government agencies, law enforcement organisations, technology firms, academic institutions and others has 48 recommendations to help curb the threat of ransomware and the risk it poses to businesses, and society as a whole, across the globe. Some solutions focus on more direct action, such as taking the fight to ransomware gangs by disrupting their infrastructure, or even regulating Bitcoin and other cryptocurrencies that cyber criminals use to anonymously demand ransom payments from victims.

UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat

www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other vendors as SOMBRAT. Mandiant has linked the use of SOMBRAT to the deployment of ransomware, which has not been previously reported publicly.

You might be interested in …

Daily NCSC-FI news followup 2020-11-19

Tahmaako netti? Liisa-myrskyn aiheuttamia tuhoja korjaillaan www.tivi.fi/uutiset/tv/e78e181b-62f7-45cb-ac38-e30eee4f8017 Liisa-myrskyn aiheuttamat sähkökatkokset aiheuttavat parhaillaan häiriöitä matkapuhelinverkossa. Accused Ringleader of FIN7 Hacking Group Pleads Guilty www.bankinfosecurity.com/accused-ringleader-fin7-hacking-group-pleads-guilty-a-15397 Andrii Kolpakov, who is a Ukrainian national, pleaded guilty to charges of conspiracy to commit wire fraud and conspiracy to commit computer hacking. He faces up to a 25-year federal prison term […]

Read More

Daily NCSC-FI news followup 2021-02-10

Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7 www.zdnet.com/article/following-oldsmar-attack-fbi-warns-about-using-teamviewer-and-windows-7/ An FBI alert sent on Tuesday warns companies about the use of out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. French MNH health insurance company hit by RansomExx ransomware www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/ French health insurance company Mutuelle Nationale des Hospitaliers (MNH) […]

Read More

Daily NCSC-FI news followup 2019-06-10

Email attacks are on the rise www.itproportal.com/news/email-attacks-are-on-the-rise/ The number of organisations that use email security as part of their threat defences is actually shrinking, new figures from Cisco are showing. The Cisco 2019 Cybersecurity Series says that this year, 41 per cent of organisations have this type of security set up, down from 56 per […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.