Search This Blog

Showing posts with label Datatheft. Show all posts

Hive Ransomware Operators Extort $100m from Over 1,300 Firms Worldwide


The operators behind the Hive ransomware-as-a-service (RaaS) model have launched assaults against over 1,300 firms across the globe and received approximately $100 million in ransom payments as of November 2022, US government agencies stated in an alert. 

Active since June 2021, the malicious ransomware model has been employed in assaults against enterprises and critical infrastructure entities, including healthcare, government, communications, IT, and manufacturing organizations. 

"Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and — especially — Healthcare and Public Health (HPH)," read the joint advisory by the FBI, the US Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services.

Modus Operandi 

Hive's RaaS campaign involves a mix of operators, who design and manage the malware, and affiliates, who are responsible for launching the assaults on victim networks by often purchasing initial access from initial access brokers (IABs). 

In most scenarios, securing a foothold involves the exploitation of ProxyShell vulnerabilities in Microsoft Exchange Server, followed by the detection and termination of processes linked to antimalware, backups, file copying, and deleting Windows event logs. 

Subsequently, the ransomware designs a file with the .key extension in the root directory – this file, which is unique to the system it was created on, is required for decryption. A ransom note is dropped into each exploited directory, warning targets not to tamper with the .key file, as that would restrict them from data recovery, and also asks victims to contact the hackers via live chat on a website accessible via the Tor browser. 

The ransomware actor also threatens victims that, if a ransom is not paid, data would be leaked publicly on the Tor site ‘HiveLeaks’. Threat analysts also detected crooks employing anonymous file-sharing sites to publish siphoned data. 

"Hive actors have been known to reinfect — with either Hive ransomware or another ransomware variant — the networks of victim organizations who have restored their network without making a ransom payment," the advisory further reads. 

According to the recent report published by cybersecurity firm Malwarebytes, the ransomware targeted seven victims in August 2022, 14 in September, and two other organizations in October, marking a fall in the operations from July, when the gang targeted 26 victims.

Cyber-Attack on New York Ethics Watchdog

Databases maintained by New York’s public watchdog agency have to shut down their systems after state information technology researchers discovered a malicious cyber-attack on its web servers. 

The ethics watchdog, which regulates lobbying at the State Capitol reported last Friday evening that an investigation has been launched to determine the scope of the attack and the perpetrators behind the attack after it received an alert regarding suspicious activity on JCOPE’s network.

Following the attack, the Commission has shut down the systems as a precaution, including its lobbying application and financial disclosure statement online filing system.

JCOPE reported that the systems will remain shut down until the agency resume normal operations safely. As of the present, the Agency officials did not report anything regarding who was responsible for the attack. However, the agency said that they are planning to work with state law enforcement officials to investigate the attack.

“Our first and highest priority is the safety and integrity of the data entrusted to the Commission by the regulated community,” said JCOPE Executive Director Sanford Berland in a statement.

Following the attack, the public was not able to access the data about lobbyist expenditures. Lobbyists were kept from submitting their required records. JCOPE said that it will grant automatic extensions to the people who missed a deadline because of the outage. 

Walter McClure, a JCOPE spokesperson added that "the outage also affects searches using the agency’s legacy lobbyist filing system, which was in use until 2019".

Swedish Camera Giant Axis Still Recovering From Cyberattack


Recently Camera maker Axis has reported to the public that the company is still struggling with a cyberattack that severely disrupted its IT systems on February 20th. 

The Swedish camera giant has released a statement on its official website and said that the organization was notified from its cybersecurity and intrusion detection system on Sunday before it shut down all its public-facing facilities globally in the wake of the cyberattack. 

Following the incident, the organization has reported that in their ongoing investigation they did not witness any information regarding an attack on their customer and partner data. 

"Our ongoing investigation of the attack has come a long way but is not entirely finalized. So far, we have no indication that any customer and partner data whatsoever has been affected. As far as the investigation currently shows, we were able to stop the attack before it was completed, limiting the potential damage," Axis said on Thursday. 

Furthermore, the company added that the external services of the company have been successfully recovered from the attack, and they are working towards restoring the remaining services.

“Most prioritized external services have now been restored. Restoring the remaining services is our highest priority, together with doing it in a way that does not jeopardize security. The time of disconnected services and limited possibilities to communicate with Axis has been an unfortunate but necessary consequence. Our gradual entry into a post-attack normal is based on changes that help us avoid similar future situations,” the company added. 

The company declared the outages on Twitter handle however it did not entertain requests for further comments. On its status site Friday afternoon, the company said its Case Insight tool in the US and the Camera Station License System were dealing with partial outages.