Friday, January 21News That Matters

Tag: Extortion and Blackmail

Companies Linked to Russian Ransomware Hide in Plain Sight

Companies Linked to Russian Ransomware Hide in Plain Sight

Technology
MOSCOW — When cybersleuths traced the millions of dollars American companies, hospitals and city governments have paid to online extortionists in ransom money, they made a telling discovery: At least some of it passed through one of the most prestigious business addresses in Moscow.The Biden administration has also zeroed in on the building, Federation Tower East, the tallest skyscraper in the Russian capital. The United States has targeted several companies in the tower as it seeks to penalize Russian ransomware gangs, which encrypt their victims’ digital data and then demand payments to unscramble it.Those payments are typically made in cryptocurrencies, virtual currencies like Bitcoin, which the gangs then need to convert to standard currencies, like dollars, euros and rubles.That this ...
Karim Benzema, French Soccer Star, Is Convicted in Sex Tape Scandal

Karim Benzema, French Soccer Star, Is Convicted in Sex Tape Scandal

Sports
PARIS — Karim Benzema, a star striker for Real Madrid, was found guilty by a French court on Wednesday on charges that he was part of an attempt to blackmail a fellow player in a case involving a sex tape, a scandal that saw Benzema excluded from France’s national soccer team for more than five years.Benzema, 33, was given a one-year suspended prison sentence and a fine of 75,000 euros, or about $84,000.He had been accused of helping four other men blackmail Mathieu Valbuena, a teammate in the France squad, over an intimate video that had been taken from Valbuena’s mobile phone.Benzema has always denied the accusations, and his lawyers quickly announced that he would appeal the verdict. He was preparing for Real Madrid’s Champions League match later on Wednesday against Sheriff Tiraspol an...
A Rare Win in the Cat-and-Mouse Game of Ransomware

A Rare Win in the Cat-and-Mouse Game of Ransomware

Technology
While Emsisoft would not identify the victims, it said they had included key manufacturers, transportation companies and food suppliers across continental Europe, Britain and the United States.The timeline of Emsisoft’s effort overlaps with BlackMatter’s ransomware assaults last month on two American agriculture organizations: NEW Cooperative, an Iowa grain cooperative, and Crystal Valley, a Minnesota farming supply cooperative. Both cooperatives recovered quickly, suggesting that Emsisoft might have helped. Neither company returned requests for comment.Eric Goldstein, the executive assistant director for cybersecurity at the federal Cybersecurity and Infrastructure Security Agency, called the effort a model for public and private collaboration. The agency is trying to develop a comprehens...
Russia Influences Hackers but Stops Short of Directing Them, Report Says

Russia Influences Hackers but Stops Short of Directing Them, Report Says

Technology
WASHINGTON — Moscow’s intelligence services have influence over Russian criminal ransomware groups and broad insight into their activities, but they do not control the organizations’ targets, according to a report released on Thursday.Some American officials said there had been a lull, at least for now, in major ransomware attacks against high-profile American critical infrastructure that were attributed to Russian criminal groups — a pause that reflects Moscow’s ability to partly check the criminal networks operating in the country.But a ransomware group that faded away after attacks over the summer, REvil, appears to have returned this week to the dark web and reactivated a portal victims use to make payments.While attacks have fallen off, “it's a fair bet” that the criminal networks are...
Kaseya, the tech firm hit by ransomware, gets the key to unlock its customers’ data.

Kaseya, the tech firm hit by ransomware, gets the key to unlock its customers’ data.

Technology
Kaseya, the Miami-based company at the center of a ransomware attack on hundreds of businesses over the Fourth of July holiday weekend, said on Thursday that it had received a key that would help customers unlock access to their data and networks.The mystery is how the company obtained the key. Kaseya said only that it had obtained the key from a “third party” on Wednesday and that it was “effective at unlocking victims.”The development is among the latest mysteries surrounding the Kaseya attack, in which a Russia-based ransomware group called REvil, short for Ransomware Evil, breached Kaseya and used it as a conduit to extort hundreds of Kaseya customers, including grocery and pharmacy chains in Sweden and two towns in Maryland, Leonardtown and North Beach.The attack set off emergency mee...
REvil, Hacking Group Behind Major Ransomware Attack, Disappears

REvil, Hacking Group Behind Major Ransomware Attack, Disappears

Technology
Just days after President Biden called President Vladimir V. Putin of Russia and demanded that he act to shut down ransomware groups that are attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday morning, terminating negotiations over ransom payments and even bringing down the page where it boasted about its most successful extortion schemes.The mystery is who made that happen.The group, called REvil, short for “Ransomware evil,” has been identified by U.S. intelligence agencies as responsible for the attack that brought down one of America’s largest beef producers, JBS. Two weeks after Mr. Biden and Mr. Putin met in Geneva last month, REvil took credit for a hack that affected thousands of businesses around the world over the July 4 holiday.Tha...
Biden Warns Putin to Act Against Russian Ransomware Group

Biden Warns Putin to Act Against Russian Ransomware Group

Technology
Before gaining the attention of the White House, REvil accounted for less than ten percent of known ransomware victims; now it accounts for 42 percent, according to Recorded Future, a cybersecurity company.“It might feel like this problem is new but it’s been exhausting security teams for years now,” said John Hultquist, a director of threat intelligence at FireEye. “Ransoms have exploded and actors have become more audacious. Where we are now was entirely predictable. It has been like watching a slow motion car crash.”Inside the White House, Mr. Biden’s senior aides acknowledge that America’s cyberdefenses have been woefully neglected over the past three administrations, a period of time that includes Mr. Biden’s service as vice president. Now they say it is up to Mr. Biden to shore up th...
Up to 1,500 businesses could be affected by a cyberattack carried out by a Russian group.

Up to 1,500 businesses could be affected by a cyberattack carried out by a Russian group.

Technology
Between 800 and 1,500 businesses around the world were compromised or affected by a cyberattack on Friday that security experts said could be the largest attack in history using ransomware, in which hackers shut down systems until a ransom is paid.“This is the worst ransomware incident to date, but if we don’t take action, the worst is yet to come,” said Kyle Hanslovan, the chief executive of the cybersecurity firm Huntress Labs.Hackers compromised Kaseya, a Miami-based software maker that provides technology services to tens of thousands of organizations around the world. Many of its customers are so-called managed service providers, which in turn provide security and tech support to other companies and collectively reach millions of businesses.“It totally sucks,” Fred Voccola, Kaseya’s c...
Hundreds of Businesses, From Sweden to U.S., Affected by Cyberattack

Hundreds of Businesses, From Sweden to U.S., Affected by Cyberattack

Technology
Hundreds of businesses around the world, including one of Sweden’s largest grocery chains, grappled on Saturday with potential cybersecurity vulnerabilities after a software provider that provides services to more than 40,000 organizations, Kaseya, said it had been the victim of a “sophisticated cyberattack.”Security researchers said the attack may have been carried out by REvil, a Russian cybercriminal group that the F.B.I. has said was behind the hacking of the world’s largest meat processor, JBS, in May.In Sweden, the grocery retailer Coop was forced to close at least 800 stores on Saturday, according to Sebastian Elfors, a cybersecurity researcher for the security company Yubico. Outside Coop stores, signs turned customers away: “We have been hit by a large IT disturbance and our syste...
Kaseya, a Software Provider, Investigates Potential Cyberattack

Kaseya, a Software Provider, Investigates Potential Cyberattack

Technology
Kaseya, a software company that provides services to more than 40,000 organizations around the world, said on Friday that it was investigating the possibility that it had been the victim of a cyberattack.The company urged customers that use its systems management platform, called VSA, to immediately shut down their servers to avoid the possibility of being compromised by attackers.“We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only,” the company posted on its website, referring to organizations that keep their software at their own sites rather than housing it with a cloud provider. “We are in the process of investigating the root cause of the incident with the utmost vigilance.”Kaseya did not respond to a request for...