Tag • #ransomware

chevron_right

US prescription market hamstrung for 9 days (so far) by ransomware attack

news.movim.eu / ArsTechnica · Friday, 1 March - 21:59

US prescription market hamstrung for 9 days (so far) by ransomware attack

Enlarge (credit: Getty Images)

Nine days after a Russian-speaking ransomware syndicate took down the biggest US health care payment processor, pharmacies, health care providers, and patients were still scrambling to fill prescriptions for medicines, many of which are lifesaving.

On Thursday, UnitedHealth Group accused a notorious ransomware gang known both as AlphV and Black Cat of hacking its subsidiary Optum. Optum provides a nationwide network called Change Healthcare, which allows health care providers to manage customer payments and insurance claims. With no easy way for pharmacies to calculate what costs were covered by insurance companies, many had to turn to alternative services or offline methods.

The most serious incident of its kind

Optum first disclosed on February 21 that its services were down as a result of a “cyber security issue.” Its service has been hamstrung ever since. Shortly before this post went live on Ars, Optum said it had restored Change Healthcare services.

Read 8 remaining paragraphs | Comments

chevron_right

Ransomware associated with LockBit still spreading 2 days after server takedown

news.movim.eu / ArsTechnica · Thursday, 22 February - 22:28

A stylized skull and crossbones made out of ones and zeroes.

Enlarge (credit: Getty Images )

Two days after an international team of authorities struck a major blow at LockBit , one of the Internet’s most prolific ransomware syndicates, researchers have detected a new round of attacks that are installing malware associated with the group.

The attacks, detected in the past 24 hours, are exploiting two critical vulnerabilities in ScreenConnect , a remote desktop application sold by Connectwise. According to researchers at two security firms—SophosXOps and Huntress—attackers who successfully exploit the vulnerabilities go on to install LockBit ransomware and other post-exploit malware. It wasn’t immediately clear if the ransomware was the official LockBit version.

“We can't publicly name the customers at this time but can confirm the malware being deployed is associated with LockBit, which is particularly interesting against the backdrop of the recent LockBit takedown,” John Hammond, principal security researcher at Huntress, wrote in an email. “While we can't attribute this directly to the larger LockBit group, it is clear that LockBit has a large reach that spans tooling, various affiliate groups, and offshoots that have not been completely erased even with the major takedown by law enforcement.”

Read 9 remaining paragraphs | Comments

chevron_right

After years of losing, it’s finally feds’ turn to troll ransomware group

news.movim.eu / ArsTechnica · Tuesday, 20 February - 21:29 · 1 minute

After years of losing, it’s finally feds’ turn to troll ransomware group

Enlarge (credit: Getty Images)

After years of being outmaneuvered by snarky ransomware criminals who tease and brag about each new victim they claim, international authorities finally got their chance to turn the tables, and they aren't squandering it.

The top-notch trolling came after authorities from the US, UK, and Europol took down most of the infrastructure belonging to Lockbit, a ransomware syndicate that has extorted more than $120 million from thousands of victims around the world. On Tuesday, most of the sites Lockbit uses to shame its victims for being hacked, pressure them into paying, and brag of their hacking prowess began displaying content announcing the takedown. The seized infrastructure also hosted decryptors victims could use to recover their data.

The dark web site Lockbit once used to name and shame victims, displaying entries such as "press releases," "LB Backend Leaks," and "LockbitSupp You've been banned from Lockbit 3.0."

this_is_really_bad

Authorities didn’t use the seized name-and-shame site solely for informational purposes. One section that appeared prominently gloated over the extraordinary extent of the system access investigators gained. Several images indicated they had control of /etc/shadow , a Linux file that stores cryptographically hashed passwords. This file, among the most security-sensitive ones in Linux, can be accessed only by a user with root, the highest level of system privileges.

Read 9 remaining paragraphs | Comments

chevron_right

Les polices de 11 pays, dont la France, abattent le site de Lockbit, le plus important gang de hackers

news.movim.eu / Numerama · Tuesday, 20 February - 04:00

Le site des hackers russophones de Lockbit a été mise hors-ligne par les forces de l'ordre de plusieurs pays, dont la Gendarmerie nationale. Ces pirates sont responsables de plusieurs cyberattaques, dont celles contre l'hôpital de Corbeil-Essonnes, la Poste mobile et le département du Loiret.

chevron_right

« Vos données ont été volées », le gang de hackers Lockbit fait savoir à tout le monde qu’il vous a piraté

news.movim.eu / Numerama · Thursday, 8 February - 16:33

Le collectif de cybercriminels Lockbit a affiché un message sur le site de ses victimes pour créer la panique. Ces cybercriminels réutilisent une technique mobilisée depuis longtemps par les pirates.

chevron_right

Quelles entreprises sont susceptibles de payer une rançon aux hackers

news.movim.eu / Numerama · Saturday, 27 January - 17:19

Qui paie en cas de ransomware ? Une étude a déterminé plusieurs critères pour distinguer les entreprises susceptibles de verser une rançon exigée par des pirates, après une cyberattaque ou une séquestration des données.

chevron_right

Le chef d’un gang de hackers russes offre une récompense à celui qui dévoile l’identité d’un autre pirate

news.movim.eu / Numerama · Saturday, 27 January - 07:33

Le responsable du collectif de cybercriminel Lockbit a posté une annonce sur un forum de hackers. Il cherche des informations sur le membre d'un autre gang, sur fond de cyberattaque contre une entreprise russe.

chevron_right

AI will increase the number and impact of cyber attacks, intel officers say

news.movim.eu / ArsTechnica · Thursday, 25 January - 13:44

AI will increase the number and impact of cyber attacks, intel officers say

Enlarge (credit: Getty Images)

Threats from malicious cyber activity are likely to increase as nation-states, financially motivated criminals, and novices increasingly incorporate artificial intelligence into their routines, the UK’s top intelligence agency said.

The assessment, from the UK’s Government Communications Headquarters, predicted ransomware will be the biggest threat to get a boost from AI over the next two years. AI will lower barriers to entry, a change that will bring a surge of new entrants into the criminal enterprise. More experienced threat actors—such as nation-states, the commercial firms that serve them, and financially motivated crime groups—will likely also benefit, as AI allows them to identify vulnerabilities and bypass security defenses more efficiently.

“The emergent use of AI in cyber attacks is evolutionary not revolutionary, meaning that it enhances existing threats like ransomware but does not transform the risk landscape in the near term,” Lindly Cameron, CEO of the GCHQ’s National Cyber Security Centre, said . Cameron and other UK intelligence officials said that their country must ramp up defenses to counter the growing threat.

Read 11 remaining paragraphs | Comments

chevron_right

Deux nouvelles cyberattaques depuis TeamViewer, « changez vos mots de passe »

news.movim.eu / Numerama · Tuesday, 23 January - 17:29

ordinateur souris femme

Deux infiltrations dans des réseaux d'entreprises depuis TeamViewer ont été détectées par une entreprise de cybersécurité. Les attaques de ce genre sont communes depuis plusieurs années.