Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Extortion. Show all posts
ransomware tactics
Cyber Extortion Cyber Threats Cybersecurity data exfiltration. logistics industry LukaLocker ransomware Malware attacks manufacturing sector phone call intimidation Ransomware group ransomware tactics

This New Ransomware Group Uses Phone Calls to Pressure Victims

 



Researchers have identified a new ransomware group called Volcano Demon, responsible for at least two successful attacks in the past two weeks. Tim West, an analyst at cybersecurity firm Halcyon, revealed that the group targeted companies in the manufacturing and logistics industries. However, further details about the targets were not disclosed.

Unlike typical ransomware groups, Volcano Demon does not have a public leaks website. Instead, they use phone calls to intimidate and negotiate payments with leadership at the victim organizations. These calls, often threatening, originate from unidentified numbers.

Before making the calls, the hackers encrypt files on the victims' systems using previously unknown LukaLocker ransomware and leave a ransom note. The note threatens to inform clients and partners about the attack and sell data to scammers if the ransom is not paid.

Volcano Demon uses a double extortion technique, exfiltrating data to command-and-control (C2) services before encrypting it. They successfully locked Windows workstations and servers by exploiting common administrative credentials from the network. Tracking Volcano Demon has proven difficult due to their practice of clearing log files on targeted machines, which hampers comprehensive forensic evaluation.

West mentioned that the hackers, who spoke with a heavy accent, call very frequently, almost daily in some cases. However, the origin of the callers remains unclear as no recordings are available.

It is uncertain whether Volcano Demon operates independently or as an affiliate of a known ransomware group. Halcyon has not yet identified any such links.

Ransomware operators continue to evolve, with new threat actors emerging and targeting various industries. In May 2024, researchers identified a criminal gang named Arcus Media, operating a ransomware-as-a-service model and targeting victims in the U.S., U.K., India, and Brazil. Another group, Space Bears, appeared in April, quickly gaining notoriety for their corporate-themed data leak site and affiliations with the Phobos ransomware-as-a-service group. Researchers suggest that these groups may be more organized and funded than previously anticipated.
Read more »
Threat Landscape
Credential Theft Cyber Crime Cyber Extortion Cyber Gang SaaS Apps Threat Landscape

Notorious Cyber Gang UNC3944 Shifts Focus to SaaS Apps vSphere and Azure

 

The notorious cyber gang UNC3944, which is suspected of involvement in the recent attacks on Snowflake and MGM Entertainment, among other things, has modified its methods and is now targeting SaaS apps. 

According to Google Cloud's Mandiant threat intelligence team, UNC3944's operations coincide significantly with those of the assault groups known as "0ktapus," "Octo Tempest," "Scatter Swine," and "Scattered Spider." The group's operations began with credential harvesting and SIM swapping attacks, progressed to ransomware and data theft extortion, and has now transitioned to "primarily data theft extortion, without the use of ransomware.” 

Mandiant claimed to have heard recordings of UNC3944's calls to corporate help desks, in which it attempted social engineering attacks. 

"The threat actors spoke with clear English and targeted accounts with high privilege potential,” Mandiant's researchers noted last week. In some cases, callers already possessed victims' personally identifiable information – allowing the attackers to bypass identity verification checks. 

Scammers posing as callers from UNC3944 would frequently say they were getting a new phone, requiring an MFA reset. Help desk employees would enable the attackers to reset passwords and get around MFA protections if they allowed such reset. 

"UNC3944 has occasionally resorted to fearmongering tactics to gain access to victim credentials," Mandiant added. "These tactics include threats of doxxing personal information, physical harm to victims and their families, and the distribution of compromising material.” 

When the hackers infiltrated an organization's infrastructure, they would immediately hunt for information on tools such as VPNs, virtual desktops, and remote telework programmes that would provide persistent access. Access to Okta was another target; tampering with the vendor's single sign-on tools (SSO) allowed attackers to create accounts that could be used to log into other systems. 

VMware's vSphere hybrid cloud management tool was one of the targets of attacks resulting from compromised SSO tools. Microsoft Azure was another option. Both were intended to allow UC3944 operatives to design virtual machines within an organisation and use them for malicious purposes. This makes sense because most of an organization's resources will use IP addresses within a safe range.
Read more »
Money Scam
Cyber Crime Cyber Extortion Cyberfraud Digital Arrest Money Scam

Digital Arrest Scam: Woman Doctor Duped for 40 Lakhs, Loses Her Entire Savings

Digital Arrest Scam

In today’s digital world, our lives are interconnected through the internet. From shopping on the web and managing finances to connecting with our loved ones, everything is done online these days. 

But the comfort also comes with some risks. 

Professor scammed with Rs 40 Lakhs 

In a recent online scam, a government medical university professor fell victim to a “digital arrest” scam and was tricked into paying a heavy amount of Rs 40 lakhs. The scam technique is called “digital arrest” where a scammer fools the victim under the disguise of law enforcement agencies. 

“An arrest warrant has been issued in your name. All your financial accounts will be frozen and they will be investigated. Till then you are put under ‘digital arrest’. After that they called me on Skype and showed me many documents which included my phone number, Aadhaar number, and which also included my arrest warrant,” she said.

The Attack: What happened?

On March 11, the professor received a call purportedly from Maharashtra. The caller alleged that a phone number issued under her ID in July 2023 was involved in illegal activities, including text message scams, phishing, and money laundering.

The call was then transferred to another individual claiming to be from the Maharashtra police headquarters. This person accused her of opening a fraudulent account in Canara Bank, Mumbai, leading to money laundering activities. The caller even spoke about an arrest warrant issued in her name.

The scammer threatened her, stating that all her financial cards, PAN, and Aadhaar had been blocked. They claimed she was under ‘digital arrest’.

To add to her distress, the scammers showed her documents via Skype, including her phone number, Aadhaar number, and the alleged arrest warrant.

The professor was coerced into transferring a staggering amount of Rs 31.31 lakh on March 11, followed by Rs 9 lakh from another account the next day.

The scammers instructed her to maintain constant communication, provide personal information, and refrain from contacting anyone else, citing national security concerns and the purported involvement of police and bank officials in the scam.

Realizing she had fallen victim to cyber fraud, she promptly reported the incident to the cybercrime police station and filed a formal complaint.

Impact of the attack

According to police, “A staggering amount of Rs 31.31 lakh was transferred by her on March 11, followed by Rs 9 lakh from another account the next day.” 

The stolen money was the professor’s entire savings, which she had kept for her kids’ studies and her future.

Triveni Singh, a former SP in the Cyber Cell and a cyber expert said that no reputable agency will request a Skype chat for reasons of investigation or arrest. There's nothing like a 'digital arrest'.


Read more »
Ransomware
AI Cyber Crime Cyber Extortion FBI Ransomware

Cyber Extortion Stoops Lowest: Fake Attacks, Whistleblowing, Cyber Extortion

Cyber Extortion

Recently, a car rental company in Europe fell victim to a fake cyberattack, the hacker used ChatGPT to make it look like the stolen data was legit. It makes us think why would threat actors claim a fabricated attack? We must know the workings of the cyber extortion business to understand why threat actors do what they do.

Mapping the Evolution of Cyber Extortion

Threats have been improving their ransomware attacks for years now. Traditional forms of ransomware attacks used encryption of stolen data. After successful encryption, attackers demanded ransom in exchange for a decryption key. This technique started to fail as businesses could retrieve data from backups.

To counter this, attackers made malware that compromised backups. Victims started paying, but FBI recommendations suggested they not pay.

The attackers soon realized they would need something foolproof to blackmail victims. They made ransomware that stole data without encryption. Even if victims had backups, attackers could still extort using stolen data, threatening to leak confidential data if the ransom wasn't paid.

Making matters even worse, attackers started "milking" the victims and further profiting from the stolen data. They started selling the stolen data to other threat actors who would launch repeated attacks (double and triple extortion attacks). Even if the victims' families and customers weren't safe, attackers would even go to the extent of blackmailing plastic surgery patients in clinics.

Extortion: Poking and Pressure Tactics

Regulators and law enforcement organizations cannot ignore this when billions of dollars are on the line. The State Department is offering a $10 million prize for the head of a Hive ransomware group, like to a scenario from a Wild West film. 

Businesses are required by regulatory bodies to disclose “all material” connected to cyber attacks. Certain regulations must be followed to avoid civil lawsuits, criminal prosecution, hefty fines and penalties, cease-and-desist orders, and the cancellation of securities registration.

Cyber-swatting is another strategy used by ransomware perpetrators to exert pressure. Extortionists have used swatting attacks to threaten hospitals, schools, members of the C-suite, and board members. Artificial intelligence (AI) systems are used to mimic voices and alert law enforcement to fictitious reports of a hostage crisis, bomb threat, or other grave accusation. EMS, fire, and police are called to the victim's house with heavy weapons.

What Businesses Can Do To Reduce The Risk Of Cyberattacks And Ransomware

What was once a straightforward phishing email has developed into a highly skilled cybercrime where extortionists use social engineering to steal data and conduct fraud, espionage, and infiltration. These are some recommended strategies that businesses can use to reduce risks.

1. Educate Staff: It's critical to have a continuous cybersecurity awareness program that informs staff members on the most recent attacks and extortion schemes used by criminals.

2. Pay Attention To The Causes Rather Than The Symptoms: Ransomware is a symptom, not the cause. Examine the methods by which ransomware infiltrated the system. Phishing, social engineering, unpatched software, and compromised credentials can all lead to ransomware.

3. Implement Security Training: Technology and cybersecurity tools by themselves are unable to combat social engineering, which modifies human nature. Employees can develop a security intuition by participating in hands-on training exercises and using phishing simulation platforms.

4. Use Phishing-Resistant MFA and a Password Manager: Require staff members to create lengthy, intricate passwords. To prevent password reuse, sign up for a paid password manager (not one built into your browser). Use MFA that is resistant to phishing attempts to lower the risk of corporate account takeovers and identity theft.

5. Ensure Employee Preparedness: Employees should be aware of the procedures to follow in the case of a cyberattack, as well as the roles and duties assigned to incident responders and other key players.


Read more »
Ransomware
cyber attack Cyber Extortion Encryption Enterprise security Ransomware

Ransomware Attack on Pro Bono California Law Firm Affects More Than 42,000


Recently, a ransomware attack on the Law Foundation of Silicon Valley, a California law firm that provides free services to those in need, resulted in the exposure of information of more than 42,000 people.


Hackers use ransomware to make money by encrypting files on a victim's computer and demanding payment for the decryption key. The attackers usually request payment via Western Union or a special text message.

Some attackers require payment through gift cards like Amazon or iTunes Gift Cards. Ransomware requests can be as low as a few hundred dollars to $50,000. Cyber extortion is one of the most lucrative ways of generating money for hackers. Is there anything else you would like to know?


The Impact of Ransomware Attacks


Ransomware attacks have become increasingly common in recent years, with attackers targeting organizations and individuals alike. These attacks can have devastating consequences, often resulting in the loss or theft of sensitive information. 


In this case, the knowledge of more than 42,000 people was exposed, potentially putting them at risk for identity theft and other forms of fraud.


This incident highlights the importance of cybersecurity for organizations of all sizes. Organizations need strong security measures to protect against ransomware and other cyber attacks. It includes:

  • Regularly updating software and systems.
  • Training employees on cybersecurity best practices.
  • Having a plan to respond to a cyber attack.

Staying Safe from Ransomware


There are several steps that individuals can take to protect themselves from ransomware attacks. These include being cautious when opening emails from unknown senders, avoiding clicking suspicious links or downloading attachments, and regularly backing up important data. It is also important to keep software and systems up to date with the latest security patches.


The ransomware attack on the Law Foundation of Silicon Valley serves as a reminder of the importance of cybersecurity for both organizations and individuals. By taking steps to protect against ransomware and other types of cyber attacks, we can help to reduce the risk of falling victim to these threats.

Read more »
Subscribe to: Posts (Atom)