(WASHINGTON) Justice Dept Court Report: Ukrainian Arrested and Charged with Ransomware Attack on Kaseya against multiple victims #AceNewsDesk report

#AceNewsReport – Nov.09: An indictment unsealed today charges Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, a multi-national information technology software company.

#AceDailyNews Court Report: Justice Department Seizes $6.1 million Related to Alleged Ransomware Extortionists: And they announced today recent actions taken against two foreign nationals charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States….

The department also announced today the seizure of $6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas on or about Aug. 16, 2019.

According to the indictments, Vasinskyi and Polyanin accessed the internal computer networks of several victim companies and deployed Sodinokibi/REvil ransomware to encrypt the data on the computers of victim companies.

“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security,” said Attorney General Garland. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”

“Our message to ransomware criminals is clear: If you target victims here, we will target you,” said Deputy Attorney General Monaco. “The Sodinokibi/REvil ransomware group attacks companies and critical infrastructures around the world, and today’s announcements showed how we will fight back.  In another success for the department’s recently launched Ransomware and Digital Extortion Task Force, criminals now know we will take away your profits, your ability to travel, and – ultimately – your freedom. Together with our partners at home and abroad, the Department will continue to dismantle ransomware groups and disrupt the cybercriminal ecosystem that allows ransomware to exist and to threaten all of us.”

“The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, U.S. government and especially our private sector partners,” said FBI Director Christopher Wray. “The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil. Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being. We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be.”

“Ransomware can cripple a business in a matter of minutes. These two defendants deployed some of the internet’s most virulent code, authored by REvil, to hijack victim computers,” said Acting U.S. Attorney Chad E. Meacham for the Northern District of Texas. “In a matter of months, the Justice Department identified the perpetrators, effected an arrest, and seized a significant sum of money. The Department will delve into the darkest corners of the internet and the furthest reaches of the globe to track down cyber criminals.”

According to court documents, Vasinskyi was allegedly responsible for the July 2 ransomware attack against Kaseya. In the alleged attack against Kaseya, Vasinskyi caused the deployment of malicious Sodinokibi/REvil code throughout a Kaseya product that caused the Kaseya production functionality to deploy REvil ransomware to “endpoints” on Kaseya customer networks. After the remote access to Kaseya endpoints was established, the ransomware was executed on those computers, which resulted in the encryption of data on computers of organizations around the world that used Kaseya software.

Through the deployment of Sodinokibi/REvil ransomware, the defendants allegedly left electronic notes in the form of a text file on the victims’ computers. The notes included a web address leading to an open-source privacy network known as Tor, as well as the link to a publicly accessible website address the victims could visit to recover their files. Upon visiting either website, victims were given a ransom demand and provided a virtual currency address to use to pay the ransom. If a victim paid the ransom amount, the defendants provided the decryption key, and the victims then were able to access their files. If a victim did not pay the ransom, the defendants typically posted the victims’ stolen data or claimed they sold the stolen data to third parties, and victims were unable to access their files. 

Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering. If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.

The $6.1 million seized from Polyanin is alleged to be traceable to ransomware attacks and money laundering committed by Polyanin through his use of Sodinokibi/REvil ransomware. The seizure warrant was issued out of the Northern District of Texas. Polyanin is believed to be abroad.

On Oct. 8, Vasinskyi was taken into custody in Poland where he remains held by authorities pending proceedings in connection with his requested extradition to the United States, pursuant to the extradition treaty between the United States and the Republic of Poland. In parallel with the arrest, interviews and searches were carried out in multiple countries, and would not have been possible without the rapid response of the National Police of Ukraine and the Prosecutor General’s Office of Ukraine.

The FBI’s Dallas and Jackson Field Offices are leading the investigation. Substantial assistance was provided by the Justice Department’s Office of International Affairs and the National Security Division’s Counterintelligence and Export Control Section.

Assistant U.S. Attorney Tiffany H. Eggers of the U.S. Attorney’s Office for the Northern District of Texas and Senior Counsel Byron M. Jones from the Justice Department’s Computer Crime and Intellectual Property Section are prosecuting the case.

The U.S. Attorney’s Office for the Northern District of Texas, the FBI’s Dallas and Jackson Field Offices, and the Criminal Division’s Computer Crime and Intellectual Property Section conducted the operation in close cooperation with Europol and Eurojust, who were an integral part of coordination. Investigators and prosecutors from several jurisdictions, including: Romania’s National Police and the Directorate for Investigating Organised Crime and Terrorism; Canada’s Royal Canadian Mounted Police; France’s Court of Paris and BL2C (anti-cybercrime unit police); Dutch National Police; Poland’s National Prosecutor’s Office, Border Guard, Internal Security Agency, and Ministry of Justice; and the governments of Norway and Australia provided valuable assistance.

The U.S. Department of the Treasury Financial Crimes Enforcement Network (FinCEN), Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), Germany’s Public Prosecutor’s Office Stuttgart and State Office of Criminal Investigation of Baden-Wuerttemberg; Switzerland’s Public Prosecutor’s Office II of the Canton of Zürich and Cantonal Police Zürich; United Kingdom’s National Crime Agency; U.S. Secret Service; Texas Department of Information Resources; BitDefender; McAfee; and Microsoft also provided significant assistance.

This case is part of the Department of Justice’s Ransomware and Digital Extortion Task Force, which was created to combat the growing number of ransomware and digital extortion attacks. As part of the task force, the Criminal Division, working with the U.S. Attorneys’ Offices, prioritizes the disruption, investigation, and prosecution of ransomware and digital extortion activity by tracking and dismantling the development and deployment of malware, identifying the cybercriminals responsible, and holding those individuals accountable for their crimes. The department, through the task force, also strategically targets the ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies as well as private sector partners to combat this significant criminal threat.

For more information about the Ransomware and Digital Extortion Task Force, read the Deputy Attorney General’s recent guidance memo on related investigations and cases. For more resources on ransomware prevention and response, visit StopRansomware.gov.

An indictment is merely an allegation, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

#AceNewsDesk report ………….Published: Nov.09: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#doj, #ransomeware, #ukrainian, #washington

(LONDON) Ransomeware Cyber Attack Report: A group of cybercriminals broke into the servers of luxury jewel-maker Graff, stealing client information on Donald Trump, Hollywood stars, and other celebrities, a UK newspaper said #AceNewsDesk report

#AceNewsReport – Nov.01: Hackers from the Conti group leaked 69,000 documents they stole from Graff, a London-based jewelry giant, to the dark web, the Mail on Sunday reported.

#AceDailyNews says according to RT News on Sunday as reported in Mail Online Ransomware hackers, presumably Russian-linked, steal personal data on Trump, Oprah & others in online jewelry firm heist – media

31 Oct, 2021 11:40  / Updated 21 hours ago

Ransomware hackers, presumably Russian-linked, steal personal data on Trump, Oprah & others in online jewelry firm heist – media

The group, described by various Western media outlets as a Russian-speaking gang based near St. Petersburg, was said to have threatened more leaks unless they are paid tens of millions of pounds in ransom money. The hackers reportedly claimed they got their hands on the personal data of around 11,000 wealthy clients of Graff.

The Mail on Sunday cited cyber experts as saying the hackers most likely sent a fake email, tricking Graff employees into opening a file with a ransomware virus. This method would have allowed the criminals to bypass the company’s security and download a large amount of data.

According to the paper, the stolen documents include client lists, invoices, receipts, and credit notes. Among the 600 or so UK customers are football star David Beckham and his wife Victoria, football manager and former player Frank Lampard, and socialite Tamara Ecclestone, the daughter of former Formula One boss Bernie Ecclestone.

The US celebrities mentioned in the leak are Hollywood A-listers Tom Hanks, Samuel L. Jackson, and Alec Baldwin. The documents contain seven addresses for former US President Donald Trump and his wife Melania, and two for talk show host Oprah Winfrey, the paper said. Bahrain’s crown prince and prime minister, Salman bin Hamad Al Khalifa, was also said to have been mentioned.Hackers leak ‘IDF soldiers’ private info & Israeli defense minister’s PHOTOS,’ claim to have more classified docs

The documents reportedly include the personal information of socialite Ghislaine Maxwell, who is awaiting trial in the US on charges of trafficking underage girls to the late financier Jeffrey Epstein. 

In a statement cited by the paper, Graff admitted to falling victim to a “sophisticated” but “limited” attack. “We were alerted to their intrusive activity by our security systems, allowing us to react swiftly and shut down our network,” the company’s spokesperson said, adding that Graff has alerted the clients whose data was compromised.

A spokesperson for the UK’s Information Commissioner’s Office (ICO) told the paper that Graff notified it about the crime. The ICO plans to request further information from the company for an investigation.

Ransomware attacks on large companies are becoming increasingly prevalent, with teams of hackers using advanced software to disrupt their victims’ work and to steal large troves of data.

This year, the Colonial Pipeline Company, the operator of the largest oil pipeline system in the US, was forced to pay nearly $5 million in ransom to hackers who paralyzed the company’s operations. Most of the ransom was later recovered.

#AceNewsDesk report ………….Published: Nov.01: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#cyberattack, #hackers, #london, #ransomeware

(CAPE TOWN) Department of Justice & Constitutional Development Report: Said it has made progress in recovering from a ransomware attack that occurred in September this year #AceNewsDesk report

#AceNewsReport – Oct.11: Over the past few weeks, a team of departmental officials, industry specialists and advisors have contained the spread of the malware.

#AceDailyNews says according to Eyewitness News the justice department is ‘making progress’ in recovery from ransomware attack in September and still recovering from ransomware attack

Over the past few weeks, a team of departmental officials, industry specialists and advisors from organs of state have successfully contained the spread of the malware.

Several services have been reactivated in a safe and secure manner. 

The team also focused on ensuring that the payment of child maintenance money to beneficiaries was disrupted as little as possible.

The department’s Steve Mahlangu explained, “Another critical area that has been given high priority is the electronic recording of court proceedings to ensure courts are able to operate as normal. Most of the recordings are intact and able to be sent back to the central repository where courts are still experiencing challenges, including capacity.”

#AceNewsDesk report ……………………..Published: Oct.11: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#cape-town, #ransomeware

(NETHERLANDS) Europol Report: FBI & Interpol together with Ukrainian National Police have recently arrested two prolific ‘Ransomeware’ operators #AceNewsDesk report

#AceNewsReport – Oct.06: On 28: September, a coordinated strike between the French National Gendarmerie (Gendarmerie Nationale), the Ukrainian National Police (Національна поліція України) and the United States Federal Bureau of Investigation (FBI), with the coordination of Europol and INTERPOL, has led to the arrest in Ukraine of two prolific ransomware operators known for their extortionate ransom demands (between €5 to €70 million).

#AceDailyNews reports that a ‘Ransomware Gang’ was arrested in Ukraine with Europol’s support together with other ‘law enforcement agencies’ the organised crime group is suspected of having committed a string of targeted attacks against very large industrial groups in Europe and North America from April 2020 onwards. The criminals would deploy malware and steal sensitive data from these companies, before encrypting their files.

Europol

Results of the action day:

  • 2 arrests and 7 property searches
  • Seizure of US$ 375 000 in cash
  • Seizure of two luxury vehicles worth €217 000
  • Asset freezing of $1.3 million in cryptocurrencies

They would then proceed to offer a decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the dark web should their demands not be met.

Close cooperation between the involved law enforcement authorities, supported by Europol’s Joint Cybercrime Action Taskforce (J-CAT), led to the identification in Ukraine of these two individuals.

Six investigators from the French Gendarmerie, four from the US FBI, a prosecutor from the French Prosecution Office of Paris, two specialists from Europol’s European Cybercrime Centre (EC3) and one INTERPOL officer were deployed to Ukraine to jointly conduct investigative measures with the National Police.

Europol supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy. Its cybercrime specialists organised 12 coordination meetings to prepare for the action day, alongside providing analytical, malware, forensic and crypto-tracing support. A virtual command post was set up by Europol to ensure seamless coordination between all the authorities involved.

The following law enforcement authorities took part in this investigation:

  • France: National Cybercrime Centre of the National Gendarmerie (C3N)
  • Ukraine: Cyber Police Department of the National Police of Ukraine
  • United States: Atlanta Field Office of the Federal Bureau of Investigation
  • Europol: European Cybercrime Centre (EC3)
  • INTERPOL : Cyber Fusion Centre

This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

EMPACT

In 2017 the Council of the EU decided to continue the EU Policy Cycle for the 2018 – 2021 period. It aims to tackle the most significant threats posed by organised and serious international crime to the EU. This is achieved by improving and strengthening cooperation between the relevant services of EU Member States, institutions and agencies, as well as non-EU countries and organisations, including the private sector where relevant. Cybercrime is among the priorities for the Policy Cycle. From 2022, the mechanism becomes permanent under the name EMPACT 2022+.

#AceNewsDesk report ………..Published: Oct.06: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#europol, #fbi, #interpol, #netherlands, #ransomeware, #unp

(WASHINGTON) Justice Dept Report: Today, as part of the ongoing response, agencies across the U.S. government announced new resources and initiatives to protect American businesses and communities from ransomware attack #AceNewsDesk report

#AceNewsReport – July.17: The Department of Justice is committed to protecting Americans from the rise in ransomware attacks that we have seen in recent years,” said Attorney General Merrick B. Garland of the Justice Department.

#AceDailyNews reports that the U.S. Government has Launched the First One-Stop Ransomware Resource at StopRansomware.gov/

New Website Provides Cybersecurity Resources from Across the Federal Government

StopRansomware.gov establishes a one-stop hub for ransomware resources for individuals, businesses and other organizations. The new StopRansomware.gov is a collaborative effort across the federal government and is the first joint website created to help private and public organizations mitigate their ransomware risk.

“ Along with our partners in and outside of government, and through our Ransomware and Digital Extortion Task Force, the Department is working to bring all our tools to bear against these threats. But we cannot do it alone. It is critical for business leaders across industries to recognize the threat, prioritize efforts to harden their systems and work with law enforcement by reporting these attacks promptly.”

“As ransomware attacks continue to rise around the world, businesses and other organizations must prioritize their cybersecurity,” said Secretary Alejandro Mayorkas for the Department of Homeland Security. “Cyber criminals have targeted critical infrastructure, small businesses, hospitals, police departments, schools and more.  These attacks directly impact Americans’ daily lives and the security of our nation. I urge every organization across our country to use this new resource to learn how to protect themselves from ransomware and reduce their cybersecurity risk.”

StopRansomware.gov is the first central hub consolidating ransomware resources from all federal government agencies. Before today, individuals and organizations had to visit a variety of websites to find guidance, latest alerts, updates and resources, increasing the likelihood of missing important information. StopRansomware.gov reduces the fragmentation of resources, which is especially detrimental for those who have become victims of an attack, by integrating federal ransomware resources into a single platform that includes clear guidance on how to report attacks, and the latest ransomware-related alerts and threats from all participating agencies. StopRansomware.gov includes resources and content from DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service, the DOJ’s FBI, the Department of Commerce’s National Institute of Standards and Technology (NIST), and the Departments of the Treasury and Health and Human Services.

Ransomware is a long-standing problem and a growing national security threat. Tackling this challenge requires collaboration across every level of government, the private sector and our communities. Roughly $350 million in ransom was paid to malicious cyber actors in 2020, a more than 300% increase from the previous year. Further, there have already been multiple notable ransomware attacks in 2021, and despite making up roughly 75% of all ransomware cases, attacks on small businesses often go unnoticed. Like most cyber attacks, ransomware exploits the weakest link. Many small businesses have yet to adequately protect their networks, and StopRansomware.gov will help these organizations and many more to take simple steps to protect their networks and respond to ransomware incidents, while providing enterprise-level information technology (IT) teams the technical resources to reduce their ransomware risk. 

DHS, DOJ, the White House and our federal partners encourage all individuals and organizations to take the first step in protecting their cybersecurity by visiting StopRansomware.gov.

#AceNewsDesk report ………..Published: July.17: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#ransomeware, #washington

(MOSCOW/WASHINGTON) Websites for a Russian-linked ransomware gang blamed for attacks on hundreds of businesses worldwide have gone offline after discussions took place between Biden & Putin #AceNewsDesk report

#AceNewsReport – July.14: US President Joe Biden said he raised the issue with Vladimir Putin during a phone call on Friday, after discussing the subject during a summit with the Russian president in Geneva last month.

LATEST: REvil: Ransomware gang websites disappear from internet that monitors say a payment website and a blog run by the REvil group became suddenly unreachable on Tuesday and the reason behind the disappearance is unknown, but has sparked speculation that the group may have been targeted deliberately by authorities.

A smartphone with the words "Ransomware attack" and binary code is seen in front of the Kaseya logo in this illustration taken
The group recently demanded a huge bitcoin ransom for an attack targeting IT firm Kaseya

It comes amid growing pressure between the US and Russia over cyber-crime: Mr Biden told reporters that he had “made it very clear to him…we expect them to act” on information and also hinted the US could take direct digital retaliation on servers used for intrusions. ..

The timing of Tuesday’s outage has sparked speculation that either the US or Russian officials may have taken action against REvil – though officials have so far declined to comment and cyber experts say sudden disappearances of groups are not necessarily uncommon.

The development comes after a series of high-profile ransomware attacks which have hit major US businesses this year.

The FBI accused REvil – also known as Sodinokibi – of being behind a ransomware attack on the world’s largest meat processing company JBS last month. 

The group is considered prolific and last week demanded a huge bitcoin ransom for an attack which targeted IT firm Kaseya and hundreds more businesses worldwide. 

A huge scalp claimedREvil is one of the most prolific and feared of all ransomware gangs and if this really is the end, it’s extremely significant: The rumour mill is in hyperdrive about what’s behind this sudden shutdown but one hacker who claims to be an affiliate of the gang gave me some insights. I’m yet to confirm his identity but other researchers say his claims are highly plausible.He claims that the US “Feds took down” elements of their websites and so they pulled the plug on the rest of their operation. He also said there was pressure from the Kremlin too saying: “Russia is tired of the US and other countries crying to them.” Like all hacker claims we have to take them with a large dollop of salt but if this scenario proves to be accurate, it shows a dramatic shift in policy from Russia which has so far been happy to sit back and let gangs like REvil operate without fear of intervention. However another comment from my contact also hints at the bigger picture. He says he has no plans to retire and is already planning another unknown venture. “Make one go away, more will rise,” he warned. Technology explained: what is ransomware?

#AceNewsDesk report ……Published: July.14: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#moscow, #ransomeware, #revil, #washington

(WASHINGTON) JUST IN: The US Cybersecurity & Infrastructure Agency Report: That it was taking action after 200 US businesses have been hit by a “colossal” ransomware attack, according to a cyber-security firm #AceNewsDesk report

#AceNewsReport – July.03: Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.

#AceSecurityDesk says that acording to the BBC a number of US companies have been hit by a ‘colossal’ cyber-attack and according to the US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was taking action to address the attack and its source ….

1 hour ago

Hands typing on a keyboard

FBI accuses Russia-linked hackers of attack on JBSThe ransomware surge ruining livesShould paying hacker ransoms be banned?The group sometimes threatens to post stolen documents on its website – known as the “Happy Blog” – if victims don’t comply with its demands.REvil was also linked to a co-ordinated attack on nearly two dozen local governments in Texas in 2019.

Kaseya said in a statement on its own website that it was investigating a “potential attack”.

Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible.

The cyber-breach emerged on Friday afternoon as companies across the US were clocking off for the long Independence Day weekend.

Another supply-chain attack nightmareThe two big things that are keeping cyber-security professionals up at night lately are ransomware attacks and supply chain attacks. This latest incident combines both nightmares into one big Independence Holiday weekend-ruining event for hundreds of US IT teams.

Ransomware is the scourge of the internet. Multiple organised criminal gangs are constantly attempting to gain access to computer networks to hold them hostage. The rate of attack is relentless but it can take a lot of time and effort on the criminals part to successfully hijack one victim’s computer system.In this latest incident the hackers showed that by going after the software supplier of multiple organisations they can pop dozens, perhaps hundreds of victims in one go. We’ve seen horrendous supply chain attacks in the past but this one has the potential to be the biggest incident involving ransomware yet.It shows that ransomware gangs are thinking creatively about how to have the most impact possible and command the biggest ransom possible.Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised in the attack.The company said it was urging customers that use its VSA tool to immediately shut down their servers.

Kaseya said in its statement that a “small number” of companies had been affected, though Huntress Labs said the number was greater than 200.It is not clear what specific companies have been affected and a Kaseya representative contacted by the BBC declined to give details.Kaseya’s website says it has a presence in over 10 countries and more than 10,000 customers.Technology explained: what is ransomware?”This is a colossal and devastating supply chain attack,” Huntress Labs’ senior security researcher John Hammond said in an email to Reuters news agency.At a summit in Geneva last month, US President Joe Biden said he told Russian President Vladimir Putin he had a responsibility to rein in such cyber-attacks.Mr Biden said he gave Mr Putin a list of 16 critical infrastructure sectors, from energy to water, that should not be subject to hacking.REvil – also known as Sodinokibi – is one of the most prolific and profitable cyber-criminal groups in the world.The gang was blamed by the FBI for a hack in May that paralysed operations at JBS – the world’s largest meat supplier.

#AceNewsDesk report …Published: July.03: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#cybersecurity-2, #ransomeware, #washington

(CONNECTICUT) Federal Court Report: Convicts a Russian national on Tuesday for operating a “crypting” service used to conceal “Kelihos” malware from antivirus software, including Ransomeware #AceNewsDesk report

#AceNewsReport – June.17: According to court documents and evidence introduced at trial, Oleg Koshkin, 41, formerly of Estonia, operated the websites “Crypt4U.com,” “fud.bz” and others.

The FBI’s New Haven Division investigated the case through its Connecticut Cyber Task Force: Russian National Convicted of Charges Relating to Kelihos Botnet: The websites promised to render malicious software fully undetectable by nearly every major provider of antivirus software. Koshkin and his co-conspirators claimed that their services could be used for malware such as botnets, remote-access trojans, keyloggers, credential stealers and cryptocurrency miners.

“The defendant designed and operated a service that was an essential tool for some of the world’s most destructive cybercriminals, including ransomware attackers,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “The verdict should serve as a warning to those who provide infrastructure to cybercriminals: the Criminal Division and our law enforcement partners consider you to be just as culpable as the hackers whose crimes you enable — and we will work tirelessly to bring you to justice.”

In particular, Koshkin worked with Peter Levashov, the operator of the Kelihos botnet, to develop a system that would allow Levashov to crypt the Kelihos malware multiple times each day. Koshkin provided Levashov with a custom, high-volume crypting service that enabled Levashov to distribute Kelihos through multiple criminal affiliates. Levashov used the Kelihos botnet to send spam, harvest account credentials, conduct denial of service attacks, and distribute ransomware and other malicious software. At the time it was dismantled by the FBI, the Kelihos botnet was known to include at least 50,000 compromised computers around the world.

“By operating a website that was intended to hide malware from antivirus programs, Koshkin provided a critical service that enabled other cyber criminals to infect thousands of computers around the world,” said Acting U.S. Attorney Leonard C. Boyle for the District of Connecticut. “We will investigate and prosecute the individuals who aid and abet cyber criminals as vigorously as we do the ones who actually hit the ‘send’ button on viruses and other malicious software.”

“Koshkin and his associates knowingly provided crypting services designed to help malicious software bypass anti-virus software,” said Special Agent in Charge David Sundberg of the FBI’s New Haven Division. “The criminal nature of the Crypt4U service was a clear threat to the confidentiality, integrity, and availability of computer systems everywhere. We at the FBI will never stop pursuing those like Koshkin for perpetrating cyber crimes and threats to the public at large.”

Koshkin was arrested in California in September 2019 and has been detained since his arrest. He faces a maximum penalty of 15 years in prison and is scheduled to be sentenced on Sept. 20.

Koshkin’s co-defendant, Pavel Tsurkan, is charged with conspiring to cause damage to 10 or more protected computers, and aiding and abetting Levashov in causing damage to 10 or more protected computers.

Levashov was arrested by the Spanish National Police in April 2017 and extradited to the United States. In September 2018, he pleaded guilty to one count of causing intentional damage to a protected computer, one count of conspiracy, one count of wire fraud, and one count of aggravated identity theft.

Assistant U.S. Attorney Edward Chang of District of Connecticut, and Senior Counsel Ryan K.J. Dickey of the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case with assistance from the Criminal Division’s Office of International Affairs. The Estonian Police and Border Guard Board also provided significant assistance.

This case is part of the Department of Justice’s Ransomware and Digital Extortion Task Force, which was created to combat the growing number of ransomware and digital extortion attacks. As part of the Task Force, the Criminal Division, working with the U.S. Attorneys’ Offices, prioritizes the disruption, investigation, and prosecution of ransomware and digital extortion activity by tracking and dismantling the development and deployment of malware, identifying the cybercriminals responsible, and holding those individuals accountable for their crimes. The department, through the Task Force, also strategically targets the ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies as well as private sector partners to combat this significant criminal threat.

#AceNewsDesk report ……Published: Jun.17: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#connecticut, #botnet, #cyber, #malware, #ransomeware, #russian

(NEW YORK) #Cyberattack Report: A major US fuel pipeline has reportedly paid cyber-criminal gang DarkSide nearly $5m (£3.6m) in ransom, following a cyber-attack #AceNewsDesk report

#AceNewsReport – May.15: Colonial said on Thursday that it would not comment on the issue: On Friday, Japanese consumer tech giant Toshiba said its European division in France had been hit by the same cyber-criminal gang:

US fuel pipeline ‘paid hackers $5m in ransom’ Colonial Pipeline suffered a ransomware cyber-attack over the weekendand took its service down for five days, causing supplies to tighten across the US: CNN, the New York Times, Bloomberg and the Wall Street Journal all reported a ransom was paid, citing sources.

22 hours ago

The Colonial Pipeline in Georgia
Colonial Pipeline

Price impact

Following the cyber-attack, Colonial announced it would resume operations on Wednesday evening, but warned that it could take several days for the delivery supply chain to return to normal.

The 5,500-mile (8,900km) pipeline usually carries 2.5 million barrels a day on the East Coast.

The closure saw supplies of diesel, petrol and jet fuel tighten across the US, with prices rising, an emergency waiver passed on Monday and a number of states declaring an emergency.

The average price per gallon hit $3.008 (£2.14) – the highest level seen since October 2014, according to the Automobile Association of America.

US President Joe Biden reassured motorists on Thursday that fuel supplies should start returning to normal this weekend, even as more filling stations ran out of gasoline across the Southeast.

According to reports, Colonial had said initially it would not be paying the ransom demanded by the hackers.

Toshiba cyber-attack

Toshiba Tec France Imaging System, which is part of Toshiba, said it was hit by a similar cyber-attack by DarkSide on 4 May.

However, the firm emphasised that no leaks of data had been detected and that only a minimal amount of work data was lost during the event.

It said it had put protective measures in place immediately after the attack.

In light of a sharp increase in ransomware cyber-attacks during the pandemic, on Thursday President Biden signed an executive order to improve US cyber-defences.

Earlier in the week, he said that although there was no evidence that the Kremlin was involved, there was evidence to suggest that the DarkSide gang of hackers was based in Russia. 

The news that Colonial Pipeline paid these criminals is a major blow to President Biden.

Only this week he signed a long-awaited executive order to beef up federal cyber-security and, in turn, make the US more secure from future attacks.

These efforts have, in the view of some in the cyber-security world, been completely undermined.

How can the Biden administration encourage corporations to spend millions securing their computer networks from attack when they’ve just witnessed Colonial, under the glare of the public eye, cave in to criminal demands and pay their way out of trouble?

The news will swell the ranks of those in the security world who want ransomware payments banned.

But with companies, jobs and sometimes lives put at risk when ransomware hits, it is a tough call for policymakers.

The potential silver-lining in this case comes from reports that even after Colonial paid the hackers, the criminals were so slow to help the company that pipeline staff got to work on recovery themselves.

The DarkSide hacker crew can no longer claim that they can restore victims services quickly and this may make others question whether or not to give in to their demands.

‘Our goal is to make money’

Cyber-security firms told the BBC that DarkSide operates by infiltrating an organisation’s computer network and stealing sensitive data.

Typically, a day later the hackers will make themselves known, announcing that they have encrypted all the data in the network and are prepared to leak it onto the internet and delete it, if they are not paid a ransom by a certain deadline.

DarkSide operates by making the software used to execute this attack and then training affiliates to use it, who then give the gang a cut of the ransoms they take. 

Following concerns the Colonial cyber-attack was caused by nation-state hackers with a political motive, DarkSide posted on its website: “Our goal is to make money and not creating problems for society.”

The group also indicated it had not been aware that Colonial was being targeted by one of its affiliates and intended to “introduce moderation and check each company” its partners want to encrypt, “to avoid social consequences in the future”.

On Friday, Reuters reported that DarkSide’s website on the dark web was no longer accessible.

Colonial Pipeline’s website also continues to be offline. 

#AceNewsDesk report ……..Published: May.15: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#cyberattack, #new-york, #ransomeware

(WASHINGTON) US Cybersecurity Infrastructure & Security Agency & FBI Report: In a joint security alert published this week, warned about increased cyber-attacks targeting the US K-12 educational sector, often leading to ransomware attacks, the theft of data, and the disruption of distance learning services #AceNewsDesk report

#AceNewsReport – Dec.11: As of December 2020, the FBI, CISA, and MS-ISAC continue to receive reports from K-12 educational institutions about the disruption of distance learning efforts by cyber actors,” the alert reads. “Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” it added: But of all the attacks plaguing the K-12 sector (kindergarten through twelfth-grade schools), ransomware has been a particularly aggressive threat this year, CISA and the FBI said:

Ransomware Attacks on the Increase

CISA has observed continuing ransomware attacks across the country and around the world: See CISA’s Awareness Briefings on Combating RansomwareJoint Ransomware Statement, and CISA Insights – Ransomware Outbreak. Below, please find resources on CISA’s newly redesigned ransomware information page to better connect you with helpful resources and tools you and your organization need to guard against the ransomware threat. 

Looking to learn more about this growing cyber threat? With industry best practices and individualized checklists, the NEW Ransomware Guide is a great place to start. The guide, released in September 2020, represents a joint effort between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The joint Ransomware Guide is a customer-centered, one-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack. 

Ransomware Guide
Ransomware Outbreak

Ransomware GuideCISA Insights – Ransomware Outbreak

In addition to reviewing the Ransomware Guide, we invite you to click on resources below to find additional Ransomware-related information. These resources are designed to help individuals and organizations prevent attacks that can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services.

According to MS-ISAC data, the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year,” the two agencies said. “In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July,” they said:

#AceNewsDesk report …………Published: Dec.11: 2020:

#ans2020, #cybersecurity-2, #fbi, #ransomeware, #united-states