Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Armenia Cyber Security. Show all posts
World Leaks
Armenia Cyber Security Hunters International RaaS Group Threat Intelligence World Leaks

'Hunters International' RaaS Outfit Shuts Down Its Operation

 

Hunters International, a ransomware-as-a-Service (RaaS) outfit, shut down operations and will provide free decryptors to victims seeking to restore their data without paying a ransom. 

"After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with," the ransomware outfit notes in a statement published on its dark web.

"As a gesture of goodwill and to assist those affected by our previous activities, we are offering free decryption software to all companies that have been impacted by our ransomware. Our goal is to ensure that you can recover your encrypted data without the burden of paying ransoms.”

The attackers also erased all entries from the extortion platform and stated that firms whose systems were encrypted in Hunters International ransomware assaults can access decryption tools and recovery guidance from the gang's official website. 

While the ransomware group does not specify what "recent developments" it alludes to, the latest development follows a November 17 statement stating that Hunters International will soon cease operations due to growing law enforcement scrutiny and diminishing profitability. 

In April, threat intelligence firm Group-IB also disclosed that Hunters International had started a new extortion-only operation dubbed "World Leaks" and was rebranding with plans to zero in on data theft and extortion-only attacks. 

Group-IB stated at the time that "World Leaks operates as an extortion-only group using a custom-built exfiltration tool, in contrast to Hunters International, which combined encryption with extortion." The new tool seems to be an improved version of the Storage Software exfiltration tool that Hunters International's ransomware affiliates used. 

Due to code similarities, security researchers and ransomware specialists identified Hunters International, which surfaced in late 2023, as a potential rebranding of Hive. The malware from the ransomware group supports x64, x86, and ARM architectures and targets a variety of platforms, including Windows, Linux, FreeBSD, SunOS, and ESXi (VMware servers). 

Hunters International has attacked businesses of all sizes over the last two years, demanding ransoms ranging from hundreds of thousands to millions of dollars, depending on the size of the compromised organisation. The ransomware group has claimed credit for around 300 attacks worldwide, making it one of the most active ransomware campaigns in recent years. 

The ransomware outfit has claimed several notable victims, including the United States Marshals Service, the Japanese optical firm Hoya, Tata Technologies, the North American car dealership AutoCanada, the United States Navy contractor Austal USA, and Integris Health, Oklahoma's largest non-profit healthcare network.
Read more »
Ransomware Gang
Armenia Cyber Security Azure Azure Storage Data Theft Ransomware Gang

Ransomware Outfits Are Exploiting Microsoft Azure Tool For Data Theft

 

Ransomware gangs like BianLian and Rhysida are increasingly using Microsoft's Azure Storage Explorer and AzCopy to steal data from compromised networks and store it in Azure Blob Storage. Storage Explorer is a graphical management tool for Microsoft Azure, whereas AzCopy is a command-line utility for large-scale data transfers to and from Azure storage. 

The stolen data in these attacks is thereafter kept in an Azure Blob container in the cloud, where threat actors can subsequently move it to their own storage, according to cybersecurity firm modePUSH's observations. 

However, the researchers observed that the perpetrators had to do additional work to make Azure Storage Explorer operate, such as installing prerequisites and upgrading.NET to version 8. This reflects the growing emphasis on data theft in ransomware operations, which is the primary leverage for threat actors in the subsequent extortion phase. 

Why Azure?

Though each ransomware gang has a unique set of exfiltration tools, they often use Rclone for syncing data with various cloud providers and MEGAsync for syncing with the MEGA cloud. 

Furthermore, Azure's scalability and efficiency, which allow it to manage massive volumes of unstructured data, are extremely useful when attackers want to exfiltrate large numbers of files in the least amount of time. 

ModePUSH claims to have noticed ransomware attackers employing numerous instances of Azure Storage Explorer to upload data to a blob container, hence speeding up the process. 

Uncovering ransomware exfiltration

The researchers discovered that the threat actors set the default 'Info' level logging while using Storage Explorer and AzCopy, which generates a log file at%USERPROFILE%\.azcopy. 

This log file is especially useful for incident responders since it contains information on file actions, allowing investigators to rapidly determine which data was stolen (UPLOADSUCCESSFUL) and which payloads were potentially injected (DOWNLOADSUCCESSFUL). 

Defence strategies include establishing alarms for odd patterns in file copying or access on crucial systems, monitoring for AzCopy execution, and tracking outbound network traffic to Azure Blob Storage endpoints at ".blob.core.windows.net" or Azure IP ranges. 

If an organisation already uses Azure, it is advised to use the 'Logout on Exit' feature, which will log users out automatically when they close the program, to stop hackers from stealing files with an ongoing session.
Read more »
Safety
$7.8 million settlement Armenia Cyber Security BetterHelp data security health data sharing Safety

BetterHelp Agrees to $7.8 Million Settlement for Health Data Sharing with 800,000 Users

 

The LockBit ransomware group has resurfaced, targeting Hooker Furniture, a significant player in the U.S. furniture industry. Alleging the theft of customer and business data, LockBit has set a deadline of May 08, 2024, for its publication.

Meanwhile, BetterHelp, a mental health platform offering online counseling since 2013, has reached a $7.8 million settlement with the U.S. Federal Trade Commission (FTC). The settlement addresses accusations of mishandling and sharing consumer health data for advertising purposes.

BetterHelp, known for its accessibility and range of therapy options including text, live chat, phone, and video sessions, serves individuals grappling with various mental health issues. An FTC investigation revealed the platform's unauthorized collection of user data, which was subsequently shared with third-party platforms for targeted advertising.

As part of the settlement, BetterHelp is obligated to refund $7.8 million to consumers who utilized its services between August 1, 2017, and December 31, 2020. This refund program extends to users of affiliated platforms such as MyTherapist and Teen Counseling, encompassing approximately 800,000 individuals.

Overseeing the refund process, Ankura Consulting will offer payment options including checks, Zelle, and PayPal. Consumers have until June 10, 2024, to select their preferred payment method.
Read more »
Hackers News
Armenia Armenia Cyber Security Azerbaijani Hackers Cyber Attacks Hackers News

Azerbaijani hackers obtained information from the Armenian Ministry of Defense


Passport data of several hundred Armenian citizens, including military personnel, as well as documents related to the Republic's military units, were leaked to the network by Azerbaijani hackers over the past three days. This was stated by media expert and information security specialist Samvel Martirosyan on July 8.

The expert noted that over the past month personal information of Armenian citizens infected with the coronavirus was leaked to the network six times. According to him, the criminals may have much more information than they published.

This is an extremely dangerous situation because among the documents there is such information as the number of vehicles in the military unit, and passport data can be used by fraudsters to issue loans.
Martirosyan believes that Azerbaijani hackers get access to official information mainly through email, taking advantage of the low level of computer literacy of the Armenian population. A significant amount of this information is sent via personal emails, which hackers can easily hack. To solve the problem, the expert suggests developing clear instructions on how to use the information and train people.

The National Security Service (NSS) of the Republic noted that they do not have information on the last data leakage but confirmed the fact of the previous two.

Earlier it became known that Azerbaijani hackers once again posted the data of Armenian citizens infected with Covid-19. On June 24, two files with names, addresses and mobile phones were published, but without passport data. Two weeks earlier, Azerbaijani hackers distributed the data of about 3,500 Armenian citizens with confirmed coronavirus infection, as well as residents of the Republic who were in contact with patients. "The e-mail of one of the outpatient regional medical centers was hacked and there was an attempt to extract information," said the NSS.

Read more »
Subscribe to: Posts (Atom)