Top Cybersecurity Predictions 2023

Categories
News

Every year brings new challenges for cybersecurity as cybercriminals learn to adopt new technologies to carry out increasingly more sophisticated attacks. But 2022 was a more quiet year, with fewer notable incidents compared to previous years. However, that does not mean cybercriminals were not busy. Ransomware attacks were carried out, new cybergangs emerged, data breaches occurred, and damages worth trillions of dollars were caused.

In 2022, cybercrime, ransomware, in particular, remained one of the biggest headlines, not only because of carried-out attacks but also because some major arrests were made. Most notably, members of the notorious Lapsus$ cyber gang were arrested in early 2022. The year 2023 will not be drastically different and trends will remain more or less the same. We can expect more focus on privacy in 2023, with certain regulations coming into effect. We may also see cybercriminals using more sophisticated technologies in their attacks, as well as witness certain gradual changes in the ransomware landscape. It’s also an easy prediction that Russia will carry out state-sponsored cyberattacks not only against Ukraine but also its allies, including the US. And lastly, by the end of 2023, damage caused by cybercrime will have exceeded $8 trillion.

What you can expect in cybersecurity in 2023

Increased focus on privacy

Following the California Consumer Privacy Act (CCPA) that took effect on January 1, 2023, companies should expect even more scrutiny when it comes to how they handle consumer data. This is good news for consumers as they will get more control over what companies can do with their data. Privacy laws differ in different US states but we will likely see privacy become one of the main priorities in 2023 as consumers are becoming increasingly more concerned with what organizations do with their information and whether their privacy is protected. With GDPR, European countries already have one of the strictest privacy laws but other countries will likely follow as well, as privacy becomes one of the main topics.

Ransomware groups may change strategies but continue to carry out targeted attacks

According to certain statistics, ransomware has started declining in the last year, with a more than 20% decrease compared to 2021. This may be the result of many factors, including stricter regulations when paying the ransom, as well as victims being more prepared to mitigate attacks. Whether this trend continues only time will tell but this certainly does not mean that cybercriminals will halt their malicious activities. Rather, it’s likely that in the near future, ransomware operators will start changing their strategies. Instead of only encrypting files, more ransomware gangs will focus on exfiltrating files in order to threaten victims into paying the ransom or simply sell the data to other cybercriminals.

After large-scale and significant ransomware attacks, particularly the Colonial Pipeline attack, there have been changes in how an affected company should deal with an attack. It’s somewhat more complicated for victims to pay the demanded ransom because of stricter regulations that require cyber incident reporting when paying the ransom. Furthermore, insurance companies are getting less and less inclined to reimburse ransom payments, which will also contribute to the decline. Businesses are also better prepared to deal with ransomware attacks because of reliable backups, as well as operation recovery plans. All of this may contribute to the changing ransomware landscape.

Large-scale targeted ransomware attacks are one thing that is not going to change in 2023 or in the near future. While such attacks require more preparation, resources, and effort, they bring in significantly larger sums of money. However, ransomware gangs will need to select their targets very carefully in order to not attract too much attention as increased scrutiny has already resulted in many arrests. It’s likely that more notable ransomware groups will rebrand with new names in 2023 in order to avoid the spotlight and the problems it brings.

More sophisticated phishing attacks

As is the case every year, we can expect that cyberattacks will become increasingly more sophisticated. Regular users will continue to deal with mostly poorly-made phishing emails with grammar and spelling mistakes because this method is relatively low-effort but can have high rewards. However, attacks aimed at specific targets will be much more sophisticated. Phishing attempts will be personalized and well-written, as well as have all the relevant logos to make them almost indistinguishable at first glance. To carry out such phishing attacks successfully, malicious actors need to put in a lot of work and time, which is why such attacks will be reserved for high-level targets. It’s also worth mentioning that cybercriminals will use artificial intelligence to enhance their phishing attempts. Social engineering attacks using audio and video will become increasingly more common.

More sophisticated phishing attacks mean companies need to up their security as well. That includes training employees to spot potential attacks.

Cyberattacks originating from Russia will continue 

Russia has always been a safe haven for cybercriminals and cyber gangs. The country is also no stranger to performing state-sponsored cyber attacks. As Russia continues to suffer losses in the war it started against Ukraine, it’s likely that the number of cyberattacks originating from Russia will increase. Ukraine will not be the only target, as Russian hackers will also attack Western countries for their continued support of Ukraine and the enforced sanctions. Critical infrastructure and sectors including energy, financial services, shipping, etc., will likely be targeted for the sake of disruption. In order to cause as much disruption as possible in both Ukraine and its allied countries, Russia’s state-sponsored attacks will likely forgo ransom demands and focus on shutting down critical infrastructure and preventing access to it. Whether it will be successful in doing so is another question. But considering Russia’s long history of cybercrime, the threat of a cyberattack should not be taken lightly.

Cybercrime damage will reach an all-time high

This one is not difficult to predict as damage from cyberattacks has been steadily raising for years now. But in 2023, cybercrime damage cost is expected to be above a staggering $8 trillion. It’s also expected that cybercrime costs will grow by 15% per year over the next three years, reaching $10.5 trillion by 2025. Data damage, stolen money, intellectual property theft, productivity loss, downtime, regular operation restoration, file recovery, forensic investigation, etc., are all included in calculating damage caused by cybercrime.

The threat of ransomware for businesses in 2023

Categories
News

The threat of ransomware for businesses in 2023

Every year, thousands of businesses, organizations, government entities, institutions, etc., become victims of cyberattacks. And every year, there are at least a few attacks that top the ones from previous years. According to a study by the IDC, 37% of global organizations were victims of cyberattacks involving ransomware in 2021. This year, the attacks on Colonial Pipeline and Kaseya were two of the most serious ones. But there were thousands of businesses and organizations that fell victim to ransomware in 2021.

Using SpyWarrior and Cypherdog together provides the ultimate protection

Categories
News

SpyWarrior for your computer protection

Computer infections come in all kinds of forms. And while some infections may do only minimal harm, others can cause crippling damage. For individual users, a malware attack could mean permanently lost files, stolen credentials, and even financial loss. For businesses, a malicious software attack could halt operations, lead to significant data breaches, and cause millions of dollars in damages. It is estimated that the total cost of ransomware in 2021 was $20 billion. The number is expected to rise to $265 billion by 2031.

We understand that avoiding cyber threats can be very challenging, even impossible in some cases. But in today’s cyberspace, with threats becoming increasingly more sophisticated, becoming a victim is more dangerous than ever. So the question is, what can you do about it?

A good anti-virus program is essential if you want to protect yourself from malware and the damage such infections can cause. And SpyWarrior is more than just a good anti-virus program. SpyWarrior provides the finest security for your computer for a malware-free experience.

source: cybersecurityventures.com

SpyWarrior can and will protect your device from a wide range of infections, including adware, browser hijackers, spyware, keyloggers, botnets, rootkits, trojans, and ransomware. Real-time protection will prevent malware from entering, while a full scan will detect malware that has managed to sneak in unnoticed.

SpyWarrior’s most important feature is protection against ransomware. There’s likely no need to introduce this particular threat as it has become quite notorious in the last 5 years. But ransomware threats have only gotten worse and not only do they now take files hostage, but they also threaten to leak the files if a ransom is not paid.

According to statistics, a staggering 77% of ransomware attacks carried out in the first quarter of 2021 also threatened to leak data. So backing up data and having a recovery plan is no longer enough. This is where SpyWarrior comes in. Artificial technology integrated within SpyWarrior allows the program to immediately detect a malicious process that intends to encrypt files. The program will instantly halt the process and remove the infection before it can do any damage.

SpyWarrior already has a significant threat database. And because it’s continually updated with new threats, it can stay on top of its game when it comes to detecting malware.

SpyWarrior can deal with the following:

  • minor threats (e.g. adware and spyware);
  • malware (e.g. trojans and viruses);
  • ransomware;
  • privacy issues.

Cypherdog for your privacy

SpyWarrior’s companion security tool is Cypherdog. To put it simply, Cypherdog provides encryption services. It offers three main services: File Exchange & Storage, e-mail encryption, and a Messenger app. All three are developed with complete privacy in mind.

Cypherdog’s main goal is to ensure that communication between you and the recipient stays between you, whether you’re using email, Cypherdog’s Messenger, or the File Exchange & Storage app. Whatever data is sent or received by you will be encrypted and can be opened using a private key. The key is available only in the Cypherdog application. You will be the only one with access to it.

It should also be mentioned that Cypherdog has no access to the data and does not take part in the encryption/decryption process. This means that it cannot access files being sent or received. Whatever data you receive, it’s for your eyes only.

This also means that if you lose your private key, its backup, or your password, Cypherdog cannot help you recover your data or gain access to your account. And if you’re worried about data leaks, don’t be! Public keys that are used to encrypt files and messages being sent are stored in distributed registers using blockchain technology.

Cypherdog also allows you to confirm someone’s identity using a QR code, whether you’re using File Exchange & Messenger, or doing a face-to-face meeting. When exchanging files or meeting someone, you can be completely certain they are who they claim to be.

When using Cypherdog, everything about your communications will be completely private. Cypherdog will not know who you are contacting, what files you send, or how long the communication lasts. It will also have no access to address books and files stored in cloud storage, on local disks, or when they’re being transferred.

Cypherdog is also not interested in knowing anything about you. Your IP address, location, logs, mobile phone number, connections, etc., will not be collected.

Lastly, with Cypherdog, you can encrypt your files locally on your device. Whether you’re keeping sensitive files or simply want your files to be for your eyes only, you can easily encrypt them. And if you do not want to keep your files locally, you can store them in Cypherdog’s encrypted cloud.

Taking all of the above into account, it can be said that Cypherdog protects you against the following:

  • economic (and foreign) espionage and data theft;
  • business email compromise;
  • a new generation of ransomware with double extortion;
  • invoice hacking;
  • data leaks.

Using SpyWarrior and Cypherdog together provides the ultimate protection

Protecting yourself from malicious threats and ensuring your complete privacy are both equally important things in today’s cyberspace. And there’s no need to prioritize one or the other. If you want to cover all bases, why not allow SpyWarrior to take care of your computer while Cypherdog will secure your privacy? Together, SpyWarrior and Cypherdog will provide the ultimate protection, securing you on all accounts.

FBI takes down Russia-linked botnet Cyclops Blink

Categories
News

The US Department of Justice (DOJ) has announced that an FBI-led operation disrupted the Cyclops Blink botnet in March. The operation successfully removed the Cyclops Blink malware from internet-connected firewall devices. The botnet is believed to be operated by a group known as Sandworm (also known as Unit 74455), an alleged Russian cyber military unit. Many cyberattacks are associated with Sandworm, including attacks on Ukraine’s critical infrastructure and NotPetya ransomware. The unit is also believed to have interfered in the 2017 French presidential elections, as well as carried out the cyberattack on the 2018 Winter Olympics opening ceremony.

The Cyclops Blink botnet was first publicly revealed in February this year when the US and UK governments warned that WatchGuard firewall devices were being attacked. The Cyclops Blink malware specifically targeted WatchGuard and Asus network devices. While it was publicly revealed only in February, the botnet is believed to have begun operations as early as June 2019, likely as a successor to a similar botnet the DOJ took down four years ago.

Both WatchGuard and Asus released guidance and remediation tools to help affected devices immediately after the revelation by the US and UK governments. But the majority of compromised devices remained infected nonetheless, prompting DOJ to act.

“The same day as the advisory, WatchGuard released detection and remediation tools for users of WatchGuard devices. The advisory and WatchGuard’s guidance both recommended that device owners deploy WatchGuard’s tools to remove any malware infection and patch their devices to the latest versions of available firmware. Later, ASUS released its own guidance to help compromised ASUS device owners mitigate the threat posed by Cyclops Blink malware. The public and private sector efforts were effective, resulting in the successful remediation of thousands of compromised devices. However, by mid-March, a majority of the originally compromised devices remained infected,” the DOJ has said.

Following court authorization, the department carried out an operation that removed the malware from all remaining identified command and control (C2) devices that Sandworm used to control the botnet. Furthermore, it also closed the external management ports that Sandworm was using to access those C2 devices.

“These steps had the immediate effect of preventing Sandworm from accessing these C2 devices, thereby disrupting Sandworm’s control of the infected bot devices controlled by the remediated C2 devices,” the DOJ said.

However, the DOJ also warned that WatchGuard and Asus devices that acted as bots might remain vulnerable to Sandworm if no action is taken by the device owners.

No information/data was accessed by the FBI

The DOJ stressed that issuing the commands did not permit the FBI to search, view, or retrieve content/data on a victim’s device.

“The operation announced today leveraged direct communications with the Sandworm malware on the identified C2 devices and, other than collecting the underlying C2 devices’ serial numbers through an automated script and copying the C2 malware, it did not search for or collect other information from the relevant victim networks. Further, the operation did not involve any FBI communications with bot devices”.

6 Tips To Protect Your Cryptocurrency Wallet 2023

Categories
News

Why crypto wallets are often targeted

In recent years, cryptocurrency popularity has skyrocketed, with anyone and everyone now investing in various cryptocurrencies. This has attracted a lot of novice investors who know very little about cybersecurity, as well as cybercriminals who try to take full advantage of that. Less tech-savvy investors are often more susceptible to both investment scams and crypto wallet hacks because they are unaware of how these types of scams work, nor do they properly secure their crypto accounts.

8 Steps to Take When Dealing With a Ransomware Attack

Categories
News

Ransomware attacks are becoming increasingly more common. It’s no longer a question of if but rather when will a business/organization suffer a ransomware attack. For businesses and organizations, correctly responding to a ransomware attack can mean the difference between a quick recovery and permanent closure. It’s essential that all businesses have detailed cyberattack response plans in addition to investing major resources into preventing an attack in the first place.

Below are just general guidelines and certainly not a complete guide on how to deal with a ransomware attack. The entire process is highly complicated and it’s best to contact professionals to minimize damage.

What to do if you are hit with a ransomware attack

1. Do not panic and isolate affected systems

When prevention methods fail and ransomware is able to get in, it’s essential to not panic and take the correct steps to minimize damage. Isolating affected systems immediately after a ransomware attack is critical. In order to contain the infection and prevent it from spreading, you must remove the affected system from the network immediately. If you fail to do that, the ransomware may spread to other systems, doing even more damage.

Throughout the whole ransomware attack and recovery process, it’s essential that you keep a clear head. You should also not rush to make decisions but rather focus on minimizing damage.

2. Disconnect backup

Once you have isolated the affected systems, you need to focus on securing your backups. Whatever strain of ransomware it is that you are dealing with, it will most certainly target your backup in order to encrypt or delete files. To prevent this from happening, immediately disconnect your backup from the network and do not reconnect until the infection has been dealt with.

3. Disable maintenance tasks

When you have confirmed a ransomware attack, it’s essential to disable any automated maintenance tasks (e.g. temporary file removal, log rotation, etc.). This is mostly done to prevent any contaminations that could hinder an investigation.

4. Back up infected systems

It’s recommended to make backups of infected systems once they’re isolated. This could prevent the loss of data during the decryption process. If, for example, you make the decision to pay the ransom and receive a decryptor but the decryptor does not work correctly. The decryptor may not work as intended and could damage files during decryption. To avoid corrupting or damaging your only copies, it’s a good idea to back up encrypted systems just in case something goes wrong.

Backing up infected systems is also a good idea for those who do not intend to pay the ransom. If the files are not critical and do not need to be recovered immediately, you can back them up in case a free decryptor becomes available sometime in the future. Law enforcement agencies are actively pursuing cybercrime gangs and are sometimes successful in apprehending them. If this were to happen with the cybercrime gang responsible for the ransomware that’s affecting you, a decryptor may be provided for you.

5. Quarantine the ransomware

Rather than outright removing ransomware, victims should quarantine it until an investigator has given the okay. When victims completely purge an infection from their systems before investigators can analyze it, it makes it that much more difficult for specialists to perform an investigation. During an investigation, specialists need to carefully analyze samples and other data in order to identify which ransomware is responsible, what specifically was affected during the attack, and whether it’s possible to somehow recover encrypted files. And removing the ransomware infection hinders these investigations.

6. Investigate how the ransomware got in

Determining how a ransomware infection got in is an essential step. Not only would it help prevent future infections, but also provide curial information about what other systems may have been affected, or what was done exactly. If the ransomware got in due to a vulnerability, identifying the source of the infection would certainly prevent future incidents. If the infection is the result of an employee error, an investigation would help identify which areas specifically employees need training in.

For businesses and organizations, it’s recommended to contact professionals that specialize in such attacks. It’s often difficult to find the origin of the attack. By the time a ransomware attack is launched and is noticed, cybercriminals will have been in the systems for a while, so it’s recommended to have professionals identify the origin of the attack.

7. Identify the ransomware

In order to figure out the next course of action, it’s essential to correctly identify the ransomware strain. It can be done by using free services like Emsisoft’s ransomware identification tool or ID ransomware. You would need to upload the ransom note, an encrypted file as a sample, and some information. If the ransomware is known, these services would identify it. Identifying the ransomware strain would also help determine whether there is a free decryptor available. There are various resources for victims of ransomware (e.g. NoMoreRansom) that can help find a free decryptor if one is available.

8. Make the decision on whether to pay the ransom

The decision that comes with a ransomware attack is whether to pay the ransom. For victims who have no backups, or if they’re damaged, paying the ransom may seem like a good option. Oftentimes, paying the ransom may be a cheaper option than facing downtime until systems are restored. But the decision to give in should not be taken lightly as it comes with consequences. For one, it should be emphasized that paying the ransom does not automatically mean a decryptor will be provided. In most cases, it will be but there is always that chance that the cybercriminals will just take the money. This is more likely to happen if you’re dealing with a relatively unknown ransomware strain. There’s also a chance that even if the decryptor is sent, it may not work as it’s supposed to. Victims should never rush the decision of whether to pay the ransom and consider all outcomes.

Prevent future ransomware attacks

If you have already dealt with ransomware, you will now realize that such an attack will have lasting consequences. And if you don’t want to go through the whole file recovery and ransomware removal process again, you need to ensure that ransomware will not be able to infiltrate your systems in the future. And the most efficient way to do that is to use security software that’s designed to prevent and deal with such attacks.

Anti-malware program SpyWarrior uses artificial intelligence technology to effectively deal with ransomware attacks. Known ransomware strains will be immediately detected and blocked before they can do any damage or encrypt files. And if the ransomware strain is new, its suspicious behavior would still be detected, and the attack would be stopped in time.

Ransomware Explained – definition, prevention and removal

Categories
News

What is ransomware

For those fortunate enough to not have heard of ransomware, it’s a type of malware that encrypts files, making them essentially useless. To put it simply, ransomware holds files hostage until a ransom is paid. To decrypt the encrypted files, it’s necessary to pay money, aka a ransom. It’s a highly complicated malware infection that can do and has done significant damage. It is estimated that ransomware will cost around $6 trillion in damages in 2021.

How does ransomware work

The first step in any ransomware attack is getting access to the system. It can happen in a variety of different ways and often depends on who the target is. Malspam and phishing emails are common means of infection. For malware to initiate, all that is necessary to do is for users to open attached malicious files. The emails are often made to look like they come from trusted sources to encourage users to open the files without much thought. Some malspam attempts are more sophisticated than others, with generic ones being quite obvious.

The whole process is quite difficult but the gist of it is that once ransomware is inside a computer, it usually starts encrypting files as soon as possible. During an attack on individual users, personal files (photos, images, videos, documents, etc.) are encrypted. When targetting a business or organization, essential files for the business to operate are usually targeted. More recently, certain ransomware strains started, in addition to file encryption, stealing sensitive information. The cybercriminals operating the ransomware then essentially blackmail the victims by threatening to release the information online if the ransom is not paid.

After ransomware successfully encrypts files, a ransom note is dropped. Generally, the note contains instructions on how the purchase the decryptor and/or contact the cybercriminals operating the malware. Getting the decryptor always involves paying the ransom, though the sum differs from ransomware to ransomware.

Common ransomware targets

Depending on the ransomware and the gang that operates it, victim types are different. While one ransomware may focus on individual users, another may only attack large organizations.

  • Regular users

While the big money is in attacks on big organizations, there are many ransomware strains that only target individual users. These infections usually spread via emails or torrents. Ransomware strains targetting random individual users usually demand up to $1000 in ransom.

  • Small businesses

In recent years, small businesses have become a common target for ransomware attacks. The logic for that is that they tend to have lax security, either because of insufficient funds or the belief that they will never be targeted. Ransom demands are usually what small businesses would be able to pay.

  • Large organizations/businesses

Large organizations and businesses, as well as government organizations, are often a tempting target for ransomware operators as that is where the biggest money is. Some organizations are also more likely to pay the ransom to restore operations quickly. For example, organizations in the healthcare sector cannot afford any downtime, thus are a common target.

How to prevent a ransomware attack

There are a couple of essential steps when it comes to preventing a ransomware infection, or at least lessening the damage an attack could cause.

  • File backup

The most important thing to do is regularly make backups. Not just because of ransomware, backing up all important files is critical for anyone who does not wish to lose them. There are multiple ways to back them up, including cloud services and external hard drives. It’s best to set up automatic backups but in the worst-case scenario, manually backing up is also an option.

  • Anti-virus software

Anti-virus software is the one thing that often stands between malware and a computer. It’s important to choose a reliable anti-virus program that has protection against ransomware. Anti-virus software is essential to less tech-savvy users in particular, as they are less likely to recognize potential malware attacks.

  • Updates

The WannaCry ransomware attack proved the importance of installing updates. System and software vulnerabilities are often used by malware to infect computers and known vulnerabilities are patched by updates. Thus, installing an update could prevent a serious malware attack. If possible, it’s recommended to set up automatic updates.

  • Becoming familiar with the common ransomware distribution methods

In many cases, it’s not difficult to recognize a potential malware attack, users just need to know what to look for. Regular ransomware attacks are often initiated by users opening malicious email attachments or torrent files, so if users learn what that looks like, they should be able to avoid it.

Ransomware removal

The best course of action when dealing with ransomware infections is to use anti-malware software. Ransomware is a highly complicated infection and trying to manually remove it could result in more damage. It’s also much easier to use anti-malware software.

Unfortunately, removing the ransomware does not decrypt files. The files have been encrypted and it’s not possible to open them unless they are first run through a decryptor. However, while removing the ransomware will not decrypt files, it’s an essential step if files are to be recovered from a backup. If the ransomware is still present when the backup is accessed, those files would become encrypted as well.

Why paying the ransom is not recommended

Many victims face the dilemma of whether they should pay the ransom or not when dealing with the aftermath of a ransomware attack. For users who have backed up their files, there is no reason to pay the ransom because they can easily recover files after removing the ransomware. However, for businesses and organizations, using backup is not always the quickest option. Or the cheapest choice. This is the reason why some victims choose to pay the ransom, despite having a backup.

In most cases, both malware specialists and law enforcement recommend against paying the ransom. Generally, there are a couple of reasons for this. One of the biggest reasons, though more applicable to regular users rather than bigger targets, is that cybercriminals do not always provide the decryptors. In other cases, the decryptor may not work as it is supposed to. Though that is often fixable, and victims can turn to specialists to fix the decryptor so it actually decrypts files. It is important for users to remember that ransomware is operated by cybercriminals and there is little to obligate them to help victims. Numerous users in the past paid the ransom only to receive nothing in return. Like we already mentioned, not receiving a decryptor is more common for individual users rather than bigger targets because if a large target does not receive a decryptor, it would discourage other bigger victims from paying the ransom.

Another significant reason why it isn’t a good idea to pay the ransom is that it encourages cybercriminals to continue their malicious activities. This is the main reason law enforcement does not encourage paying. Ransomware operators make a lot of money from ransomware. Some of the biggest ransomware payouts include travel company CWT paying $4.5 million in ransom, and Colonial Pipeline agreeing to pay $4.4 million. The latter was one of the most serious ransomware attacks in history with consequences felt by millions of people in the US. With payouts like this, even if they’re not particularly common, it’s no surprise that cybercriminals choose to perform ransomware attacks.

Interestingly enough, some ransomware operators adjust their ransom demands depending on who they target. It’s not uncommon for targets located in poorer countries to get smaller ransom demands than victims in economically more wealthy countries. Ransomware operators also modify ransom demands to make it worth it for businesses to pay. When it comes to a ransomware attack, it’s important to consider not only the recovery time but also how downtime will impact the business. If recovery from backup takes a while, downtime for a business can have significant financial consequences. Paying the ransom may be cheaper than actually recovering data from a backup. Thus, it’s important for businesses to not only have a backup but also a fast recovery plan so that when an attack happens, they can avoid significant downtime and return to normal operations as fast as possible.

Most famous ransomware attacks

  • Colonial Pipeline ransomware attack

On May 7, 2021, the American oil pipeline Colonial Pipeline became the victim of a ransomware attack that crippled all of the pipeline’s operations for a number of days. The ransomware, now known as DarkSide ransomware, targeted the computerized equipment that was used to manage the pipeline. In order to contain the attack, the pipeline halted all of the pipeline’s operations. DarkSide also reportedly stole 100 GB of data, which they threatened to release publicly if the pipeline did not agree to pay the ransom.

Mere hours after the attack, Colonial Pipeline paid the 75 Bitcoin ($4.4 million at the time) ransom. However, the decryptor Colonial Pipeline received was so slow that it was quicker for the pipeline to use its own backups. Fortunately, it appears that the Department of Justice was able to successfully recover 63.7 Bitcoins ($2.3 million at the time).

The attack, or rather the impact, attracted a significant amount of attention from the media and law enforcement. The attention the group behind the attack got was perhaps much bigger than the cybercriminals anticipated, as the group shut down all operations and went dark for a period of time.

  • Kaseya ransomware attack

On July 2, 2021, Kaseya, an IT management software company, was the target of a cyberattack that resulted in a number of managed service providers (MSPs) becoming the victim of ransomware attacks, which in turn also affected over 1,000 MSP customers. Soon after reports started coming in that hundreds of companies were dealing with ransomware, Kaseya’s remote monitoring and management software package VSA (Virtual System Administrator) was identified as the source of the outbreak. It soon became clear that a vulnerability allowed cybercriminals, now identified as the REvil gang, to distribute malicious payload through the compromised VSA software. Kaseya infected their managed service provider customers, who then infected their own customers, resulting in over a thousand affected companies that had to deal with ransomware.

The cyber gang demanded a $70 million ransom payment in return for a universal decryptor. It is not exactly known whether Kaseya paid the ransom but the software provider did obtain a working decryptor from an unnamed “trusted third party”.

Similarly to the Colonial Pipeline ransomware attack, this too attracted a lot of attention. Because REvil is suspected to be operating from Russia, US President Biden discussed the incident during a phone call with Russia’s President Putin, threatening to take down the gang’s servers if Russia did not agree to do it itself. Almost two weeks after the attack on Kaseya, REvil’s entire infrastructure disappeared.

  • WannaCry ransomware attack

Perhaps one of the most well-known ransomware attacks was WannaCry. In May 2017, WannaCry ransomware managed to spread worldwide, infecting over 300,000 computers. The ransomware used EternalBlue, an exploit developed by the US National Security Agency (NSA), to spread to older, unupdated Windows computers, resulting in over 200,000 victims. The exploit used in this attack was stolen from the NSA the year prior to the attack by a group known as the Shadow Brokers. Microsoft was aware of the exploit and released an update that patched it two months prior to the attack. However, many users, particularly businesses and organizations, that fell victim either did not install the update or were using old Windows OSs that were no longer supported, thus did not receive updates.

The spread of the ransomware was halted within a couple of hours when a security researcher discovered the kill switch. Nonetheless, the damage was already done. The damage was estimated to range from hundreds of millions to billions of dollars. North Korea was officially named to be behind the attack.

Business Email Compromise Explained

Categories
News

What is business email compromise?

Business email compromise (BEC), alternatively known as email account compromise (EAC), is a type of cybercrime that uses email fraud to target companies, businesses, and corporations. Business email compromise scams involve scammers sending emails to company employees with certain requests, such as making a money transfer. Because they are able to successfully pretend to be authentic senders, cybercriminals are able to scam businesses out of thousands if not millions of dollars every year.

Identity Theft Explained

Categories
News

Identity theft is a serious crime that happens when someone essentially steals another person’s identity and poses as them. Criminals steal a victim’s personal data, including the Social Security number or the equivalent for those not in the US, and use the information to impersonate them. This can be done for a variety of reasons, though it’s usually because of money.

Health Care Fraud Explained

Categories
News

What is health care fraud?

The term health care fraud refers to any kind of fraud that is related to health care and is carried out by medical professionals, patients, or anyone who aims to intentionally deceive the health care system. According to the FBI, health care fraud can cost American taxpayers an estimated amount of $80 billion every year. Health care fraud has serious consequences for anyone, as it can raise health insurance premiums, subject patients to unnecessary medical procedures and medication, as well as increase taxes.