• chevron_right

      « On débarque dans cet état de panique », au cœur d’une cyberattaque contre une administration

      news.movim.eu / Numerama · Saturday, 9 March - 19:02

    Les cyberattaques par ransomware sont particulièrement redoutées compte tenu de leur effet destructeur dans une organisation. Une entreprise de cybersécurité nous raconte de l'intérieur l'attaque contre une collectivité territoriale.

    • chevron_right

      Un gang de pirates fait croire qu’il a été arrêté pour ne pas partager le magot avec les autres hackers

      news.movim.eu / Numerama · Friday, 8 March - 08:36

    Des hackers du groupe BlackCat ont reçu une rançon d'environ 20 millions d'euros provenant d'une société d'assurance, puis ont disparu avec l'argent pour ne pas avoir à partager les gains avec les autres malfrats.

    • chevron_right

      After collecting $22 million, AlphV ransomware group stages FBI takedown

      news.movim.eu / ArsTechnica · Tuesday, 5 March - 22:28

    A ransom note is plastered across a laptop monitor.

    Enlarge (credit: Getty Images )

    The ransomware group responsible for hamstringing the prescription drug market for two weeks has suddenly gone dark, just days after receiving a $22 million payment and standing accused of scamming an affiliate out of its share of the loot.

    The events involve AlphV, a ransomware group also known as BlackCat. Two weeks ago, it took down Change Healthcare , the biggest US health care payment processor, leaving pharmacies, health care providers, and patients scrambling to fill prescriptions for medicines. On Friday, the bitcoin ledger shows , the group received nearly $22 million in cryptocurrency, stoking suspicions the deposit was payment by Change Healthcare in exchange for AlphV decrypting its data and promising to delete it.

    Representatives of Optum, the parent company, declined to say if the company has paid AlphV.

    Read 12 remaining paragraphs | Comments

    • chevron_right

      US prescription market hamstrung for 9 days (so far) by ransomware attack

      news.movim.eu / ArsTechnica · Friday, 1 March - 21:59

    US prescription market hamstrung for 9 days (so far) by ransomware attack

    Enlarge (credit: Getty Images)

    Nine days after a Russian-speaking ransomware syndicate took down the biggest US health care payment processor, pharmacies, health care providers, and patients were still scrambling to fill prescriptions for medicines, many of which are lifesaving.

    On Thursday, UnitedHealth Group accused a notorious ransomware gang known both as AlphV and Black Cat of hacking its subsidiary Optum. Optum provides a nationwide network called Change Healthcare, which allows health care providers to manage customer payments and insurance claims. With no easy way for pharmacies to calculate what costs were covered by insurance companies, many had to turn to alternative services or offline methods.

    The most serious incident of its kind

    Optum first disclosed on February 21 that its services were down as a result of a “cyber security issue.” Its service has been hamstrung ever since. Shortly before this post went live on Ars, Optum said it had restored Change Healthcare services.

    Read 8 remaining paragraphs | Comments

    • chevron_right

      Ransomware associated with LockBit still spreading 2 days after server takedown

      news.movim.eu / ArsTechnica · Thursday, 22 February - 22:28

    A stylized skull and crossbones made out of ones and zeroes.

    Enlarge (credit: Getty Images )

    Two days after an international team of authorities struck a major blow at LockBit , one of the Internet’s most prolific ransomware syndicates, researchers have detected a new round of attacks that are installing malware associated with the group.

    The attacks, detected in the past 24 hours, are exploiting two critical vulnerabilities in ScreenConnect , a remote desktop application sold by Connectwise. According to researchers at two security firms—SophosXOps and Huntress—attackers who successfully exploit the vulnerabilities go on to install LockBit ransomware and other post-exploit malware. It wasn’t immediately clear if the ransomware was the official LockBit version.

    “We can't publicly name the customers at this time but can confirm the malware being deployed is associated with LockBit, which is particularly interesting against the backdrop of the recent LockBit takedown,” John Hammond, principal security researcher at Huntress, wrote in an email. “While we can't attribute this directly to the larger LockBit group, it is clear that LockBit has a large reach that spans tooling, various affiliate groups, and offshoots that have not been completely erased even with the major takedown by law enforcement.”

    Read 9 remaining paragraphs | Comments

    • chevron_right

      After years of losing, it’s finally feds’ turn to troll ransomware group

      news.movim.eu / ArsTechnica · Tuesday, 20 February - 21:29 · 1 minute

    After years of losing, it’s finally feds’ turn to troll ransomware group

    Enlarge (credit: Getty Images)

    After years of being outmaneuvered by snarky ransomware criminals who tease and brag about each new victim they claim, international authorities finally got their chance to turn the tables, and they aren't squandering it.

    The top-notch trolling came after authorities from the US, UK, and Europol took down most of the infrastructure belonging to Lockbit, a ransomware syndicate that has extorted more than $120 million from thousands of victims around the world. On Tuesday, most of the sites Lockbit uses to shame its victims for being hacked, pressure them into paying, and brag of their hacking prowess began displaying content announcing the takedown. The seized infrastructure also hosted decryptors victims could use to recover their data.

    The dark web site Lockbit once used to name and shame victims, displaying entries such as "press releases," "LB Backend Leaks," and "LockbitSupp You've been banned from Lockbit 3.0."

    The dark web site Lockbit once used to name and shame victims, displaying entries such as "press releases," "LB Backend Leaks," and "LockbitSupp You've been banned from Lockbit 3.0."

    this_is_really_bad

    Authorities didn’t use the seized name-and-shame site solely for informational purposes. One section that appeared prominently gloated over the extraordinary extent of the system access investigators gained. Several images indicated they had control of /etc/shadow , a Linux file that stores cryptographically hashed passwords. This file, among the most security-sensitive ones in Linux, can be accessed only by a user with root, the highest level of system privileges.

    Read 9 remaining paragraphs | Comments

    • chevron_right

      Les polices de 11 pays, dont la France, abattent le site de Lockbit, le plus important gang de hackers

      news.movim.eu / Numerama · Tuesday, 20 February - 04:00

    Le site des hackers russophones de Lockbit a été mise hors-ligne par les forces de l'ordre de plusieurs pays, dont la Gendarmerie nationale. Ces pirates sont responsables de plusieurs cyberattaques, dont celles contre l'hôpital de Corbeil-Essonnes, la Poste mobile et le département du Loiret.

    • chevron_right

      « Vos données ont été volées », le gang de hackers Lockbit fait savoir à tout le monde qu’il vous a piraté

      news.movim.eu / Numerama · Thursday, 8 February - 16:33

    Le collectif de cybercriminels Lockbit a affiché un message sur le site de ses victimes pour créer la panique. Ces cybercriminels réutilisent une technique mobilisée depuis longtemps par les pirates.

    • chevron_right

      Quelles entreprises sont susceptibles de payer une rançon aux hackers

      news.movim.eu / Numerama · Saturday, 27 January - 17:19

    Qui paie en cas de ransomware ? Une étude a déterminé plusieurs critères pour distinguer les entreprises susceptibles de verser une rançon exigée par des pirates, après une cyberattaque ou une séquestration des données.