Tag • #ransomware

chevron_right

Pipeline attacker Darkside suddenly goes dark—here’s what we know

Dan Goodin · news.movim.eu / ArsTechnica · Friday, 14 May, 2021 - 21:25

Pipeline attacker Darkside suddenly goes dark—here’s what we know

Darkside—the ransomware group that disrupted gasoline distribution across a wide swath of the US this week—has gone dark, leaving it unclear if the group is ceasing, suspending, or altering its operations or is simply orchestrating an exit scam.

On Thursday, all eight of the dark web sites Darkside used to communicate with the public went down , and they remain down as of publication time. Overnight, a post attributed to Darkside claimed, without providing any evidence, that the group’s website and content distribution infrastructure had been seized by law enforcement, along with the cryptocurrency it had received from victims.

The dog ate our funds

“At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked,” the post stated, according to a translation of the Russian-language post published Friday by security firm Intel471. “The hosting support service doesn't provide any information except ‘at the request of law enforcement authorities.’ In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account.”

Read 17 remaining paragraphs | Comments

index?i=6YpXlRdG56U:efbIqwr7pNQ:V_sGLiPBpWU

index?i=6YpXlRdG56U:efbIqwr7pNQ:F7zBnMyn0Lo

chevron_right

Ireland’s healthcare system taken down after ransomware attack

Eric Bangeman · news.movim.eu / ArsTechnica · Friday, 14 May, 2021 - 16:17

Enlarge / St. Vincent's University Hospital in Dublin, Ireland. (credit: Bloomberg | Getty Images)

Ireland has shut down most of the major IT systems running its national healthcare service, leaving doctors unable to access patient records and people unsure of whether they should show up for appointments, following a “very sophisticated” ransomware attack.

Paul Reid, chief executive of Ireland’s Health Service Executive, told a morning radio show that the decision to shut down the systems was a “precautionary” measure after a cyber attack that impacted national and local systems “involved in all of our core services.”

Some elements of the Irish health service remain operational, such as clinical systems and its Covid-19 vaccination program, which is powered by separate infrastructure. Covid tests already booked are also going ahead.

Read 12 remaining paragraphs | Comments

index?i=kIW2dHc6flo:W07g3r73udU:V_sGLiPBpWU

index?i=kIW2dHc6flo:W07g3r73udU:F7zBnMyn0Lo

chevron_right

Colonial Pipeline resumes operations after ransomware prompted closure

Dan Goodin · news.movim.eu / ArsTechnica · Thursday, 13 May, 2021 - 00:21

A paper sign reading no gas in both English and Spanish has been taped to a gasoline pump.

Enlarge (credit: Getty Images )

Colonial Pipeline said it restarted operations on Wednesday afternoon after a five-day outage brought on by a ransomware attack caused gasoline shortages and panic buying in East Coast states.

“Following this restart, it will take several days for the product delivery supply chain to return to normal,” the operator of the 5,500-mile pipeline said on its website. “Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal.”

Colonial temporarily halted operations on Saturday, after determining that it was the victim of a ransomware attack. The pipeline runs through 11 states, from New Jersey to Texas.

Read 5 remaining paragraphs | Comments

index?i=GQ-GchMavXk:rMMhCD_ltyI:V_sGLiPBpWU

index?i=GQ-GchMavXk:rMMhCD_ltyI:F7zBnMyn0Lo

chevron_right

Ransomware crooks post cops’ psych evaluations after talks with DC police stall

Dan Goodin · news.movim.eu / ArsTechnica · Tuesday, 11 May, 2021 - 21:07

Ransomware crooks post cops’ psych evaluations after talks with DC police stall

Enlarge (credit: carlballou / Getty Images )

A ransomware gang that hacked the District of Columbia’s Metropolitan Police Department (MPD) in April posted personnel records on Tuesday that revealed highly sensitive details for almost two dozen officers, including the results of psychological assessments and polygraph tests; driver's license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories.

The data, included in a 161GB download from a website on the dark web, was made available after negotiations broke down between members of the Babuk ransomware group and MDP officials, according to screenshots purporting to be chat transcripts between the two organizations. After earlier threatening to leak the names of confidential informants to crime gangs, the operators agreed to remove the data while they carried out the now-aborted negotiations, the transcripts showed.

“This is unacceptable”

The operators demanded $4 million in exchange for a promise not to publish any more information and provide a decryption key that would restore the data.

Read 8 remaining paragraphs | Comments

index?i=DQqhyCztCgo:8WZiRe8JZ1w:V_sGLiPBpWU

index?i=DQqhyCztCgo:8WZiRe8JZ1w:F7zBnMyn0Lo

chevron_right

Major ransomware attack cripples gas pipeline on US East Coast

Jim Salter · news.movim.eu / ArsTechnica · Monday, 10 May, 2021 - 16:56

Enlarge / Problems with Colonial Pipeline's distribution system tend to lead to gasoline runs and price increases across the US Southeast and Eastern seaboard. In this September 2016 photo, a man prepared to refuel his vehicle after a Colonial leak in Alabama. (credit: Luke Sharrett via Getty Images )

On Friday, Colonial Pipeline took many of its systems offline in the wake of a ransomware attack. With systems offline to contain the threat, the company's pipeline system is inoperative. The system delivers approximately 45% of the East Coast's petroleum products, including gasoline, diesel fuel, and jet fuel.

Colonial Pipeline issued a statement Sunday saying that the US Department of Energy is leading the US federal government response to the attack. "[L]eading, third-party cybersecurity experts" engaged by Colonial Pipeline itself are also on the case. The company's four main pipelines are still down, but it has begun restoring service to smaller lateral lines between terminals and delivery points as it determines how to safely restart its systems and restore full functionality.

Colonial Pipeline has not publicly said what was demanded of it or how the demand was made.

Read 10 remaining paragraphs | Comments

index?i=NLal65JYMbY:bPaSK7n0y70:V_sGLiPBpWU

index?i=NLal65JYMbY:bPaSK7n0y70:F7zBnMyn0Lo

chevron_right

Quelles sont les priorités de la CNIL en 2021 ?

Julien Lausson · news.movim.eu / Numerama · Wednesday, 3 March, 2021 - 11:26

Sécurité ordinateur mot de passe code

La cybersécurité du web français fait partie des priorités de la CNIL cette année, tout comme la sécurisation des données de santé et l'usage des cookies par les sites web. [Lire la suite]

Abonnez-vous à notre chaîne YouTube pour ne manquer aucune vidéo !

L'article Quelles sont les priorités de la CNIL en 2021 ? est apparu en premier sur Numerama .

chevron_right

CD Projekt Red source code reportedly sells for millions in dark Web auction

Kyle Orland · news.movim.eu / ArsTechnica · Friday, 12 February, 2021 - 17:04

Enlarge / This bird has been hacked!

Earlier this week, CD Projekt Red announced that it had been hit with a ransomware attack that allegedly exposed the source code for games including Cyberpunk 2077 , Gwent , and The Witcher 3 . Now, security experts are reporting that the source code has been auctioned off on a dark Web forum, seemingly for millions of dollars.

VX Underground , which tracks ransomware and other malware attacks, noted on Wednesday that the ransomed source code had been posted on a dark Web forum known as EXPLOIT. The starting bid was reportedly $1 million, with a $500,000 bidding increment and $7 million "buy it now" price.

Cyber intelligence firm KELA confirmed the authenticity of that auction, telling The Verge that forum users needed to put up 0.1 BTC (roughly $4,700 as of this writing) to participate in the bidding as a sign that offers were legitimate. The sellers also reportedly provided file listings for Gwent and the Red Engine that underlies CDPR's games as proof that the data was authentic.

Read 7 remaining paragraphs | Comments

index?i=2tch9ApzYsA:No7zVBBO2vk:V_sGLiPBpWU

index?i=2tch9ApzYsA:No7zVBBO2vk:F7zBnMyn0Lo

chevron_right

Comment ce hacker exploite la peur du RGPD pour extorquer plus d'argent

Nelly Lesage · news.movim.eu / Numerama · Friday, 5 February, 2021 - 14:29

L'équipe Talos de Cisco a échangé avec un cybercriminel, partenaire du gang LockBit. Habitué à déployer des rançongiciels et à faire chanter des victimes, le hacker révèle quelques clés de son activité. [Lire la suite]

Abonnez-vous à notre chaîne YouTube pour ne manquer aucune vidéo !

L'article Comment ce hacker exploite la peur du RGPD pour extorquer plus d’argent est apparu en premier sur Numerama .

chevron_right

Homophobe et raciste, un gang de cybercriminels présente ses engagements « éthiques »

Nelly Lesage · news.movim.eu / Numerama · Thursday, 4 February, 2021 - 08:27

Babyk s'engage à ne pas attaquer les œuvres de charité, sauf si elles soutiennent la cause LGBT ou le mouvement Black Lives Matter. C'est la première fois qu'un gang affiche aussi clairement ses opinions politiques dans son choix de cibles. [Lire la suite]

Abonnez-vous à notre chaîne YouTube pour ne manquer aucune vidéo !

L'article Homophobe et raciste, un gang de cybercriminels présente ses engagements « éthiques » est apparu en premier sur Numerama .