A newly identified ransomware group named Volcano Demon is using aggressive tactics to compel victims to pay ransoms. Halycon, an anti-ransomware firm, recently reported that this group has targeted several organisations in the past weeks with a new encryption tool called LukaLocker.
Attack Strategy
Volcano Demon’s attack method is both simple and effective. Initially, the hackers infiltrate the target’s network, mapping it out and stealing as many sensitive files as they can. Following this, they deploy LukaLocker to encrypt files and entire systems. The victims are then instructed to pay a ransom in cryptocurrency to receive the decryption key and prevent the stolen data from being leaked.
Technical Details of LukaLocker
LukaLocker works by adding a .nba extension to encrypted files and is capable of operating on both Windows and Linux systems. The encryptor is proficient at hiding its tracks by erasing logs before exploitation, making it difficult for cybersecurity experts to perform a full forensic analysis. Furthermore, LukaLocker can disable processes linked to most major antivirus and anti-malware solutions, making recovery efforts even more challenging.
Unlike typical ransomware groups that maintain dedicated data leak sites, Volcano Demon employs a more direct and intimidating approach. They contact the leadership of the victimised companies via phone calls from unidentified numbers to negotiate ransom payments. These calls are often threatening in nature, adding psychological pressure to the already stressful situation of a ransomware attack.
Impact on Businesses
The harassment tactic used by Volcano Demon increases the urgency and stress for affected businesses. The inability to conduct thorough forensic investigations due to LukaLocker’s log-clearing capabilities leaves victims vulnerable and with limited recovery options.
Businesses must enhance their cybersecurity measures to reduce the risk of such attacks. Implementing comprehensive logging and monitoring solutions, maintaining regular backups, and educating employees about common infiltration methods like phishing are critical steps. Additionally, organisations should ensure their antivirus and anti-malware solutions are robust and regularly updated to counteract disabling mechanisms like those employed by LukaLocker.
Volcano Demon’s innovative approach to ransomware, characterised by harassing phone calls and sophisticated encryption methods, underscores the developing nature of cyber threats. As cybercriminals develop new strategies to exploit vulnerabilities, it is essential for businesses to remain vigilant and proactive in their cybersecurity efforts to protect sensitive data and ensure operational continuity.
Zero-knowledge proofs (ZKPs) are emerging as a vital component in blockchain technology, offering a way to maintain transactional privacy and integrity. These cryptographic methods enable verification without revealing the actual data, paving the way for more secure and private blockchain environments.
At its core, a zero-knowledge proof allows one party (the prover) to prove to another party (the verifier) that they know certain information without disclosing the information itself. This is particularly valuable in the blockchain realm, where transparency is key but privacy is also crucial. For example, smart contracts often contain sensitive financial or personal data that must be protected from unauthorised access.
How ZKPs Operate
A ZKP involves the prover performing actions that confirm they know the hidden data. If an unauthorised party attempts to guess these actions, the verifier's procedures will expose the falsity of their claim. ZKPs can be interactive, requiring repeated verifications, or non-interactive, where a single proof suffices for multiple verifiers.
The concept of ZKPs was introduced in a 1985 MIT paper by Shafi Goldwasser and Silvio Micali, which demonstrated the feasibility of proving statements about data without revealing the data itself. Key characteristics of ZKPs include:
Types of Zero-Knowledge Proofs
Zero-knowledge proofs come in various forms, each offering unique benefits in terms of proof times, verification times, and proof sizes:
Advantages for Blockchain Privacy
ZKPs are instrumental in preserving privacy on public blockchains, which are typically transparent by design. They enable the execution of smart contracts—self-executing programs that perform agreed-upon actions—without revealing sensitive data. This is particularly important for institutions like banks, which need to protect personal data while complying with regulatory requirements.
For instance, financial institutions can use ZKPs to interact with public blockchain networks, keeping their data private while benefiting from the broader user base. The London Stock Exchange is exploring ZKPs to enhance security and handle large volumes of financial data efficiently.
Practical Applications
Zero-knowledge proofs have a wide array of applications across various sectors, enhancing privacy and security:
1. Private Transactions: Cryptocurrencies like Zcash utilise ZKPs to keep transaction details confidential. By employing ZKPs, Zcash ensures that the sender, receiver, and transaction amount remain private, providing users with enhanced security and anonymity.
2. Decentralised Identity and Authentication: ZKPs can secure identity management systems, allowing users to verify their identity without revealing personal details. This is crucial for protecting sensitive information in digital interactions and can be applied in various fields, from online banking to voting systems.
3. Verifiable Computations: Decentralised oracle networks can leverage ZKPs to access and verify off-chain data without exposing it. For example, a smart contract can obtain weather data from an external source and prove its authenticity using ZKPs, ensuring the data's integrity without compromising privacy.
4. Supply Chain Management: ZKPs can enhance transparency and security in supply chains by verifying the authenticity and origin of products without disclosing sensitive business information. This can prevent fraud and ensure the integrity of goods as they move through the supply chain.
5. Healthcare: In the healthcare sector, ZKPs can protect patient data while allowing healthcare providers to verify medical records and credentials. This ensures that sensitive medical information is kept confidential while enabling secure data sharing between authorised parties.
Challenges and Future Prospects
Despite their promise, ZKPs face challenges, particularly regarding the hardware needed for efficient proof generation. Advanced GPUs are required for parallel processing to speed up the process. Technologies like PLONK are addressing these issues with improved algorithms, but further developments are needed to simplify and broaden ZKP adoption.
Businesses are increasingly integrating blockchain technologies, including ZKPs, to enhance security and efficiency. With ongoing investment in cryptocurrency infrastructure, ZKPs are expected to play a crucial role in creating a decentralized, privacy-focused internet.
Zero-knowledge proofs are revolutionising blockchain privacy, enabling secure and confidential transactions. While challenges remain, the rapid development and significant investment in this technology suggest a bright future for ZKPs, making them a cornerstone of modern blockchain applications.
While malware attacks on Windows and Android systems are more frequent, macOS is not immune to such dangers. Cybersecurity experts at Moonlock Lab have identified a new type of macOS malware that adeptly avoids detection and poses a serious threat to user data and cryptocurrency.
How the Malware Spreads
The infection starts when users visit websites that offer pirated software. On these sites, they might download a file called CleanMyMacCrack.dmg, thinking it’s a cracked version of the CleanMyMac utility. However, launching this DMG file triggers a Mach-O executable, which then downloads an AppleScript. This script is specifically designed to steal sensitive information from the infected Mac.
Malware Capabilities
Once the malware infiltrates a macOS system, it can carry out a range of malicious activities:
Link to a Known Hacker
Moonlock Lab has traced this macOS malware back to a notorious Russian-speaking hacker known as Rodrigo4. This individual has been seen on the XSS underground forum, where he is actively seeking collaborators to help spread his malware through search engine optimization (SEO) manipulation and online advertisements.
Rodrigo4's method involves manipulating search engine results and placing ads to lure unsuspecting users into downloading the malicious software. By making the malware appear as a popular utility, he increases the chances of users downloading and installing it, unknowingly compromising their systems.
How to Protect Yourself
To prevent this malware from infecting your Mac, Moonlock Lab recommends several precautions:
1. Only download software from reputable and trusted sources.
2. Regularly update your operating system and all installed applications.
3. Use reliable security software to detect and block malware.
The crucial point is users should be cautious about downloading software from unverified websites and avoid using pirated software, as these are common vectors for malware distribution. Staying informed about the latest cybersecurity threats and adopting good digital hygiene practices can also drastically reduce the risk of infection.
In a security breach, Japanese cryptocurrency exchange DMM Bitcoin announced the theft of approximately 4,502.9 Bitcoin, valued at around 48.2 billion yen (approximately $304 million). The incident marks one of the largest cryptocurrency heists in recent history.
The breach was detected on May 31, 2024, at approximately 1:26 p.m. when DMM Bitcoin identified an unauthorised leak of Bitcoin from its wallets. The exchange immediately took steps to mitigate the leak and implement additional security measures to prevent further unauthorised access. The company is still investigating the full extent of the damage.
DMM Bitcoin has reassured its customers that their Bitcoin deposits will be fully guaranteed despite the breach. However, the exchange has implemented several temporary restrictions on its services to enhance security. These measures include the suspension of new account openings, the processing of cryptocurrency withdrawals, and the placing of new buy orders for spot trading. Only sell orders will be accepted for spot trading, and new open positions for leveraged trading are also suspended, with only settlement orders being processed.
Impact on Customers
The company has informed customers that existing limit orders for both spot and leveraged trading will remain unaffected. However, withdrawals of Japanese yen may experience delays. DMM Bitcoin has apologised for the inconvenience caused and assured customers that their assets are secure.
Response and Analysis
Cryptocurrency security firm Elliptic has reported that this heist ranks as the eighth-largest crypto theft of all time. It is the most significant since the $477 million hack suffered by FTX in November 2022. Elliptic has also confirmed the identification of the wallets involved in the DMM Bitcoin attack.
Ongoing Investigation
DMM Bitcoin continues to work on understanding the details of the attack and has not yet provided specific information about how the breach occurred. The company remains focused on ensuring the security of its platform and protecting customer assets.
The broader cryptocurrency community will be closely monitoring the developments of this case and the measures taken by DMM Bitcoin to prevent future incidents.
The cryptocurrency sector is on the brink of a paradigm shift in cybersecurity as it gears up to launch Crypto ISAC (Information Sharing and Analysis Center), under the adept leadership of cybersecurity expert Justine Bone. Bone, acclaimed for her crucial role in instigating recalls of vulnerable medical devices, brings over two decades of expertise to the forefront, promising a formidable defence against cyber threats within the existing institution of digital assets.
Set to make its debut at CoinDesk's prestigious Consensus 2024 event in Austin, Texas, Crypto ISAC is backed by a consortium of founding members, including major exchanges, stablecoin issuers, and custody firms. This collaborative effort marks an essential moment in the industry's journey towards fortifying security measures in light of persistent hacking incidents and unlawful activities.
The inception of Crypto ISAC stems from a collective acknowledgment within the cybersecurity community of the urgent need for a centralised platform to facilitate seamless information sharing and in-depth analysis. Bone, in an exclusive interview with CoinDesk, stressed upon the turning role of ISACs as trusted intermediaries in establishing collaboration and rapid responses to emerging security threats.
Drawing inspiration from the community-driven principles of neighbourhood watch programs, ISACs serve as vital means bridging the gap between public and private sector entities. By aligning itself with established sectors such as healthcare and finance, Crypto ISAC aims to elevate the credibility of the crypto industry while shoring up defences in order to combat cyber threats.
With a diverse membership comprising crypto-native companies, investors, and cybersecurity solution providers, Crypto ISAC endeavours to engineer a robust ecosystem for active threat mitigation. They are leveraging a rigorously vetted information-sharing protocol, the platform ensures the timely dissemination of threat intelligence to empower members to preemptively address evolving cyber threats.
Bone's illustrious career trajectory, spanning notable roles at Dow Jones and Bloomberg, accentuates her leadership prowess in steering Crypto ISAC towards effective cybersecurity governance. The organisation's pursuit of FedRAMP readiness further underscores its commitment to delivering top-tier services.
As the launch date for Consensus approaches, members eagerly anticipate gaining access to a comprehensive collection of information on potential threats. With a focus on working together, being transparent, and staying strong, Crypto ISAC promises to bring a new level of security and trust to the cryptocurrency world.
On the financial front, traditional powerhouses like Grayscale, BlackRock, and Fidelity are diving into Bitcoin, earning them the moniker 'Bitcoin whales.' These heavyweights are injecting billions into the digital currency, holding a sizable chunk of the finite 21 million bitcoins available.
Out of the 19 million bitcoins currently in circulation, an estimated 3.5 million are lost, either due to forgotten digital wallet details or lingering criminal proceeds. Concerns arise over the 2.3 million bitcoins held by cryptocurrency exchanges, acting as crypto-banks, sparking debates about reliance on centralised systems.
Adding to the mystery are 'unknown whales,' individuals or entities owning over 10,000 bitcoins, accounting for roughly 8% of the total. The remaining 7% of bitcoins are yet to be mined, with the last one expected in 2140. Meanwhile, Satoshi Nakamoto, Bitcoin's enigmatic creator, sits on an estimated 1.1 million bitcoins, securing a spot among the world's wealthiest.
Regulated investment firms, given the green light by US financial authorities, are now in the game. Grayscale, BlackRock, and Fidelity collectively hold about 4.5% of all bitcoins, signalling a significant shift.
Law enforcement's involvement introduces another layer, with nearly 200,000 bitcoins awaiting auction from cyber-crime seizures. MicroStrategy and Tether emerge as noteworthy Bitcoin holders, with MicroStrategy leading as the single largest organisation owner, holding around 193,000 Bitcoins. Tether, recognized for its stablecoin, claims an estimated 67,000 bitcoins.
Publicly listed Bitcoin miners, including Marathon and Hut8, contribute significantly, holding around 40,000 bitcoins collectively. Well-known investors like the Winklevoss Twins, Tim Draper, and companies like Tesla and Block add further diversity to the landscape.
Approximately 10.5 million bitcoins are believed to be held by the general public, constituting roughly 50% of the existing supply. However, the actual number of individual Bitcoin owners remains a mystery.
Interestingly, the recent surge in Bitcoin's value is credited not to individual retail investors but to Bitcoin whales, including major banks. Analysts suggest that these influential entities are steering both the price and demand, reshaping the once peer-to-peer digital cash dynamics.
As big financial players gather more and more bitcoins, it's making us rethink what Bitcoin was supposed to be. Originally, it was all about being decentralised and not controlled by big institutions. Now, with these financial giants holding a lot of bitcoins, we're wondering where Bitcoin is headed and if it's staying true to its roots. The world of cryptocurrency is changing, and it's not just affecting digital money – it's making waves in a much bigger way.
The New York State Department of Financial Services claims that Gemini, which the twins started following their well-known argument with Mark Zuckerberg over who developed Facebook, neglected to "fully vet or sufficiently monitor" Genesis, Gemini Earn's now-bankrupt lending partner.
The Earn program, which promised users up to 8% income on their cryptocurrency deposits, was canceled in November 2022 when Genesis was unable to pay withdrawals due to the fall of infamous scammer Sam Bankman-Fried's FTX enterprise.
Since then, almost 30,000 residents of New York and over 200,000 other Earn users have lost access to their money.
Gemini "engaged in unsafe and unsound practices that ultimately threatened the financial health of the company," according to the state regulator.
NYSDFS Superintendent Adrienne Harris claimed in a statement that "Gemini failed to conduct due diligence on an unregulated third party, later accused of massive fraud, harming Earn customers who were suddenly unable to access their assets after Genesis Global Capital experienced a financial meltdown."
Customers of Earn, who are entitled to the assets they committed to Gemini, have won with today's settlement.
“Collecting hundreds of millions of dollars in fees from Gemini customers that otherwise could have gone to Gemini, substantially weakening Gemini’s financial condition,” was the unregulated affiliate that dubbed Gemini Liquidity during the crisis.
Although it did not provide any details, the regulator added that it "further identified various management and compliance deficiencies."
Gemini also consented to pay $40 million to Genesis' bankruptcy proceedings as part of the settlement, for the benefit of Earn customers.
"If the company does not fulfill its obligation to return at least $1.1 billion to Earn customers after the resolution of the [Genesis] bankruptcy," the NYSDFS stated that it "has the right to bring further action against Gemini."
Gemini announced that the settlement would "result in all Earn users receiving 100% of their digital assets back in kind" during the following 12 months in a long statement that was posted on X.
The business further stated that final documentation is required for the settlement and that it may take up to two months for the bankruptcy court to approve it.
The New York Department of Financial Services (DFS) was credited by Gemini with helping to reach a settlement that gives Earn users a coin-for-coin recovery.
Attorney General Letitia James of New York filed a lawsuit against Genesis and Gemini in October, accusing them of defrauding Earn consumers out of their money and labeling them as "bad actors."
James tripled the purported scope of the lawsuit earlier this month. The complaint was submitted a few weeks after The Post revealed that, on August 9, 2022, well in advance of Genesis's bankruptcy, Gemini had surreptitiously taken $282 million in cryptocurrency from the company.
Subsequently, the twins stated that the change was made to the advantage of the patrons.
The brothers' actions, however, infuriated Earn customers, with one disgruntled investor telling The Post that "there's no good way that Gemini can spin this."
In a different lawsuit, the SEC is suing Gemini and Genesis because the Earn program was an unregistered security.
The collapse of Earn was a significant blow to the Winklevoss twins' hopes of becoming a dominant force in the industry.
Gemini had built its brand on the idea that it was a reliable player in the wild, mostly uncontrolled cryptocurrency market.
The activity was attributed by the BlackBerry Research and Intelligence Team to an unidentified financially motivated threat actor operating in Latin America. The campaign has been active since 2021, at least.
"Lures use Mexican Social Security Institute (IMSS) naming schemas and links to legitimate, benign documents during the installation process," the Canadian company said in an analysis published earlier this week. "The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud."
The attacks are specifically intended to target big businesses with annual sales of more than $100 million. Retail, agriculture, the public sector, manufacturing, transportation, commercial services, capital goods, and banking are among the industries targeted.
The attack begins with a ZIP file that is either distributed through phishing emails or a drive-by compromise. This file contains an MSI installer file that launches a.NET downloader, which verifies the victim's geolocation in Mexico and retrieves the modified AllaKore RAT, a Delphi-based RAT that was first discovered in 2015.
"AllaKore RAT, although somewhat basic, has the potent capability to keylog, screen capture, upload/download files, and even take remote control of the victim's machine," BlackBerry said.
An additional feature added to the malware comprises support for commands from the threat actors regarding banking frauds, targeting banks and crypto trading platforms, launching a reverse shell, extracting clipboard content, and fetching and executing additional payloads.
The campaign's use of Mexico Starlink IPs and the insertion of Spanish-language instructions to the modified RAT payload provide the threat actor with ties to Latin America. Moreover, the lures used are only effective for businesses big enough to submit reports directly to the Department of the Mexican Social Security Institute (IMSS).
"This threat actor has been persistently targeting Mexican entities for the purposes of financial gain[…]This activity has continued for over two years, and shows no signs of stopping," the company stated.
This research comes with a report by IOActive, revealing it has discovered three vulnerabilities (CVE-2024-0175, CVE-2024-0176, and CVE-2024-0177) in the Lamassu Douro bitcoin ATMs that might provide physical access to an attacker the ability to take complete control of the machines and steal user data.
Based on dozens of cyberattacks and thefts this year, hackers stole over $2 billion in cryptocurrency, according to De.FI, the web3 security company that manages the REKT database.
The site ranks the worst-ever crypto hacks, ranging from the Ronin network breach in 2022—the largest event in history—where hackers took over $600 million in cryptocurrency—to this year's hack against Mixin Network, which brought in almost $200 million for the criminals.
DeFi, in its report, wrote, “This amount, though dispersed across various incidents, underscores the persistent vulnerabilities and challenges within the DeFi ecosystem[…]2023 stood as a testament to both the ongoing vulnerabilities and the strides made in addressing them, even as interest in the space was relatively muted by the ongoing bear market in the first half of the year.”
In an estimate, published by blockchain intelligence firm TRM, the total amount of cryptocurrency that hackers have stolen this year was also made public earlier in December. As of mid-December, the business reported that the total amounted to around $1.7 billion.
Among the other crypto thefts conducted this year, one of the worst ones was a hack against Euler Fianance, where threat actors stole $200 million. Other notable hacks include those against Multichain ($126 million), BonqDAO ($120 million), Poloniex ($114 million), and Atomic Wallet ($100 million), among hundreds of other targets.
Last year, blockchain monitoring firm Chainalysis reported that cybercriminals purloined a record-breaking $3.8 billion in cryptocurrency. Of those, the Lazarus Group, a group of North Korean government hackers who are among the most active in the cryptocurrency space, took $1.7 billion in an attempt to finance the regime's authorized nuclear weapons program.
In 2021, Chainalysis reported hacks that compromised crypto worth $3.3 billion.
It is rather not possible to predict what the figures will be in 2024, but given the failures witnessed in cyber security by several crypto and web3 initiatives, as well as the significant financial potential of both sectors—discussed at TechCrunch Disrupt earlier this year—we should anticipate that hackers will continue to target this expanding market.