• chevron_right

      Ransomware associated with LockBit still spreading 2 days after server takedown

      news.movim.eu / ArsTechnica · 3 days ago - 22:28

    A stylized skull and crossbones made out of ones and zeroes.

    Enlarge (credit: Getty Images )

    Two days after an international team of authorities struck a major blow at LockBit , one of the Internet’s most prolific ransomware syndicates, researchers have detected a new round of attacks that are installing malware associated with the group.

    The attacks, detected in the past 24 hours, are exploiting two critical vulnerabilities in ScreenConnect , a remote desktop application sold by Connectwise. According to researchers at two security firms—SophosXOps and Huntress—attackers who successfully exploit the vulnerabilities go on to install LockBit ransomware and other post-exploit malware. It wasn’t immediately clear if the ransomware was the official LockBit version.

    “We can't publicly name the customers at this time but can confirm the malware being deployed is associated with LockBit, which is particularly interesting against the backdrop of the recent LockBit takedown,” John Hammond, principal security researcher at Huntress, wrote in an email. “While we can't attribute this directly to the larger LockBit group, it is clear that LockBit has a large reach that spans tooling, various affiliate groups, and offshoots that have not been completely erased even with the major takedown by law enforcement.”

    Read 9 remaining paragraphs | Comments

    • chevron_right

      After years of losing, it’s finally feds’ turn to troll ransomware group

      news.movim.eu / ArsTechnica · 5 days ago - 21:29 · 1 minute

    After years of losing, it’s finally feds’ turn to troll ransomware group

    Enlarge (credit: Getty Images)

    After years of being outmaneuvered by snarky ransomware criminals who tease and brag about each new victim they claim, international authorities finally got their chance to turn the tables, and they aren't squandering it.

    The top-notch trolling came after authorities from the US, UK, and Europol took down most of the infrastructure belonging to Lockbit, a ransomware syndicate that has extorted more than $120 million from thousands of victims around the world. On Tuesday, most of the sites Lockbit uses to shame its victims for being hacked, pressure them into paying, and brag of their hacking prowess began displaying content announcing the takedown. The seized infrastructure also hosted decryptors victims could use to recover their data.


    Authorities didn’t use the seized name-and-shame site solely for informational purposes. One section that appeared prominently gloated over the extraordinary extent of the system access investigators gained. Several images indicated they had control of /etc/shadow , a Linux file that stores cryptographically hashed passwords. This file, among the most security-sensitive ones in Linux, can be accessed only by a user with root, the highest level of system privileges.

    Read 9 remaining paragraphs | Comments

    • chevron_right

      LockBit ransomware group taken down in multinational operation

      news.movim.eu / ArsTechnica · 5 days ago - 14:30

    A ransom message on a monochrome computer screen.

    Enlarge (credit: Rob Engelaar | Getty Images )

    Law enforcement agencies including the FBI and the UK’s National Crime Agency have dealt a crippling blow to LockBit , one of the world’s most prolific cybercrime gangs, whose victims include Royal Mail and Boeing.

    The 11 international agencies behind “Operation Cronos” said on Tuesday that the ransomware group—many of whose members are based in Russia—had been “locked out” of its own systems. Several of the group’s key members have been arrested, indicted, or identified and its core technology seized, including hacking tools and its “dark web” homepage.

    Graeme Biggar, NCA director-general, said law enforcement officers had “successfully infiltrated and fundamentally disrupted LockBit.”

    Read 16 remaining paragraphs | Comments

    • chevron_right

      Les polices de 11 pays, dont la France, abattent le site de Lockbit, le plus important gang de hackers

      news.movim.eu / Numerama · 5 days ago - 04:00

    Le site des hackers russophones de Lockbit a été mise hors-ligne par les forces de l'ordre de plusieurs pays, dont la Gendarmerie nationale. Ces pirates sont responsables de plusieurs cyberattaques, dont celles contre l'hôpital de Corbeil-Essonnes, la Poste mobile et le département du Loiret.

    • chevron_right

      « Vos données ont été volées », le gang de hackers Lockbit fait savoir à tout le monde qu’il vous a piraté

      news.movim.eu / Numerama · Thursday, 8 February - 16:33

    Le collectif de cybercriminels Lockbit a affiché un message sur le site de ses victimes pour créer la panique. Ces cybercriminels réutilisent une technique mobilisée depuis longtemps par les pirates.

    • chevron_right

      Le chef d’un gang de hackers russes offre une récompense à celui qui dévoile l’identité d’un autre pirate

      news.movim.eu / Numerama · Saturday, 27 January - 07:33

    Le responsable du collectif de cybercriminel Lockbit a posté une annonce sur un forum de hackers. Il cherche des informations sur le membre d'un autre gang, sur fond de cyberattaque contre une entreprise russe.

    • chevron_right

      Un important groupe de hackers revendique une cyberattaque contre Subway

      news.movim.eu / Numerama · Monday, 22 January - 09:52

    Le groupe de hackers Lockbit, responsable de milliers de piratages, a revendiqué une attaque contre le géant du sandwich Subway. Les cybercriminels donnent moins de 2 semaines au groupe pour payer une rançon.

    • chevron_right

      Pirater un hôpital sans nuire aux patients… la fausse promesse des hackers

      news.movim.eu / Numerama · Tuesday, 9 January - 16:10

    Après avoir piraté deux hôpitaux américains, un groupe de hackers a déclaré qu'il ne comptait pas à nuire à la santé des patients, « seulement » à leur vie privée. Cette règle commune chez les pirates est en réalité peu respectée.

    • chevron_right

      « On négocie avec les hackers comme avec des kidnappeurs » : rencontre avec un négociateur de rançon

      news.movim.eu / Numerama · Friday, 29 December - 07:04

    L'arrêt de la production après une cyberattaque peut provoquer des pertes quotidiennes de plusieurs millions d'euros. Pour les grands groupes qui se retrouvent dans l'impasse, des négociateurs sont appelés en urgence pour trouver une « solution » avec les cybercriminels.