Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ramsomware. Show all posts
Threats of Technology
Black Basta Ransomware gang cyber attack Ramsomware Threats of Technology

Learn How to Decrypt Black Basta Ransomware Attack Without Paying Ransom

Researchers have created a tool designed to exploit a vulnerability in the Black Basta ransomware, allowing victims to recover their files without succumbing to ransom demands. This decryption tool potentially provides a remedy for individuals who fell victim to Black Basta ransomware attacks between November 2022 and the current month. 

Regrettably, recent intel suggests that the developers of Black Basta identified a flaw in their encryption process about a week ago and swiftly rectified it. As a result, the fix has nullified the effectiveness of the decryption technique against more recent Black Basta attacks. 

Let’s Understand Black Basta Buster Decryptor 

Security Research Labs (SRLabs) successfully leveraged a weakness in the Black Basta ransomware to create a decryptor tool, offering affected companies the ability to retrieve their encrypted files without being compelled to make a ransom payment. The vulnerability identified in the Black Basta ransomware pertained to the XChaCha20 encryption algorithm. 

This particular algorithm encrypts files within targeted systems using an XOR method. "Our analysis suggests that files can be recovered if the plaintext of 64 encrypted bytes is known. Whether a file is fully or partially recoverable depends on the size of the file,"  SRLabs reported.  

Furthermore, it says that "Files below the size of 5000 bytes cannot be recovered. For files between 5000 bytes and 1GB in size, full recovery is possible. For files larger than 1GB, the first 5000 bytes will be lost but the remainder can be recovered." 

What is the Process of Decrypting? 

To unlock files hit by Black Basta ransomware, you need to know a bit of the original content. If your file is small (under 5000 bytes), it is probably gone. But if it is between 5000 bytes and 1GB, you can get it all back. Larger than 1GB? You lose the first bit, but the rest can be saved. 

Black Basta scrambles files using a special code, and there's a hiccup. They reuse part of the code, making certain chunks turn into a key that can unlock the whole file. Good news for big files, like those on virtual machines – even if the ransomware messes with the main stuff, there are tools to fix it. For small files, it might be tough, but if you have an older version without the code mess, there is still hope.

Who is BB Gang?

The Black Basta ransomware gang started its cybercrime activities in April 2022, focusing on double-extortion attacks against businesses. By June of the same year, they teamed up with the QBot malware operation to infiltrate corporate networks using Cobalt Strike for remote access. 

The gang, associated with the FIN7 hacking group, has targeted various organizations, including Capita, the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada. In a recent incident, they attacked the Toronto Public Library, Canada's largest public library system.
Read more »
Ramsomware
Colorado Data Breach Data Theft Educational Institutes malware Ramsomware

Colorado Department of Higher Education Attacked by Ransomware

 

The Colorado state government has issued a cautionary message to both students and educators regarding a potential security breach. The incident involves unauthorized access to personal information dating back to 2004. As stated on the official website of the Colorado Department of Higher Education (CDHE), the organization fell victim to a ransomware attack. 

During the period of June 11 to June 19, hackers managed to infiltrate the CDHE's systems, from which they extracted and duplicated data. The compromised data encompasses a range of details, including the names of students and teachers, addresses, Social Security numbers, student ID numbers, as well as various unspecified educational records, as confirmed by the CDHE. 

Ransomware refers to a type of malicious software that infiltrates computer systems. It has the ability to either extract sensitive data or restrict the system owner/user's access to their own information. Typically, the individual or group responsible for the malware then demands a ransom in order to reinstate access to the compromised data or system. 

As per the report, individuals could potentially be affected by the attack: 

• Individuals who were enrolled in a Colorado public higher education institution from 2007 to 2020. 

• Those who attended a Colorado public high school from 2004 to 2020. 

• Individuals possessing a Colorado K-12 public school educator license between 2010 and 2014. 

• Participants in the Dependent Tuition Assistance Program during the period of 2009 to 2013. 

• Those involved in Colorado Department of Education's Adult Education Initiatives programs spanning from 2013 to 2017. 

• Individuals who obtained a GED between the years 2007 and 2011. 

Megan McDermott, who holds the position of Senior Director of Communications and Community Engagement at CDHE said that the CDHE is aware of the entity behind the ransomware. However, she declined to disclose the specific ransom amount due to ongoing criminal and internal inquiries. Further, she confirmed that the CDHE did not comply with the demands of the ransom. 

In the past few weeks, there has been a surge in ransom attacks in Colorado. In the previous month, Colorado State University (CSU) acknowledged an incident where the Clop ransomware group accessed the sensitive personal data of both present and past students and staff. 

This breach occurred alongside the MOVEit mass hacking. The identical group of hackers also directed their efforts towards Colorado's Department of Health Care Policy and Financing. This department revealed that the personally identifiable information of individuals enrolled in Colorado's Medicaid program or child health plan might have been exposed.
Read more »
Subscribe to: Posts (Atom)