Cheap, independently produced ‘Junk Gun’ ransomware infiltrates dark web: Sophos

/in


Sophos, a global leader of innovative security solutions that defeat cyberattacks, recently released a new report titled, “‘Junk Gun’ Ransomware: Peashooters Can Still Pack a Punch,” which offers new insights into an emergent threat in the ransomware landscape.

Since June 2023, Sophos X-Ops has discovered 19 ‘junk gun’ ransomware variants—cheap, independently produced and crudely constructed ransomware variants—on the dark web, reads a press release.

The developers of these junk gun variants are attempting to disrupt the traditional affiliate-based ransomware-as-a-service (RaaS) model that has dominated the ransomware racket for nearly a decade.


The Business Standard Google News
Keep updated, follow The Business Standard’s Google news channel

Instead of selling or buying ransomware to or as an affiliate, attackers are creating and selling unsophisticated ransomware variants for a one-time cost—which other attackers sometimes see as an opportunity to target small and medium-sized businesses (SMBs), and even individuals.

As noted in the Sophos report, the median price for these junk-gun ransomware variants on the dark web was $375, significantly cheaper than some kits for RaaS affiliates, which can cost more than $1,000. The report indicates that cyber attackers have deployed four of these variants in attacks. While the capabilities of junk-gun ransomware vary widely, their biggest selling points are that the ransomware requires little or no supporting infrastructure to operate, and the users aren’t obligated to share their profits with the creators.

Junk gun ransomware discussions are taking place primarily on English-speaking dark web forums aimed at lower-tier criminals, rather than well-established Russian-speaking forums frequented by prominent attacker groups. These new variants offer an attractive way for newer cybercriminals to get started in the ransomware world, and, alongside the advertisements for these cheap ransomware variants, are numerous posts requesting advice and tutorials on how to get started.

To learn more about junk gun ransomware and the latest change in the ransomware ecosystem, read “Junk Gun Ransomware: Peashooters Can Still Pack a Punch” on Sophos.com.

Source…

Russia behind cyber attacks on Western utilities, security firm says | Yle News

/in


“It’s kind of an escalation in that we’re seeing more than just data collection, surveillance and intelligence gathering,” Mikko Hyppönen says.

Portrait of a man with glasses, a mustache and dark hair combed back into a ponytail, wearing a blue blazer.

Withsecure’s research director Mikko Hyppönen Image: Jari Kovalainen / Yle

Russia has used malware in cyber attacks on targets in Eastern European countries since at least mid-2022, according to Finnish cyber security firm Withsecure.

More specifically, the company has reported that a Russian military intelligence effort led to the breach of databases belonging to an Estonian logistics company.

Finland’s eastern neighbour also appears to have tampered with water utility data systems in the US, France and Poland, according to Mandiant, a data security firm and subsidiary of Google.

So far, the cyberattacks do not appear to have caused significant disruptions. For example, the attack in the US caused a water tank at a facility in Texas to overflow until the system was brought under control, according to CNN.

But according to Withsecure’s research director, Mikko Hyppönen, it is a serious matter if Russia has started carrying out cyber attacks on Nato countries’ utilities.

“It’s kind of an escalation in that we’re seeing more than just data collection, surveillance and intelligence gathering,” Hyppönen told Yle.

Hyppönen: Russia attacked Estonian firm

At the end of 2022 malicious code dubbed “Kapeka” helped hackers to breach a database belonging to an Estonian logistics firm. A recent study at Withsecure revealed who was behind the attack, according to Hyppönen.

“Our research linked the Kapeka malware directly to Russia’s Sandworm group, the country’s military cyber intelligence unit,” he explained.

The Sandworm group is known for having carried out several destructive attacks in Ukraine, including temporarily knocking out the war-torn country’s electricity grid.

“Kapeka’s development and deployment likely follow the ongoing Russia-Ukraine conflict, with Kapeka being likely used in targeted attacks of firms across Central and Eastern Europe since the illegal invasion of Ukraine in 2022,” a Withsecure brief on the matter explained.

According to Hyppönen, the Sandworm-delivered malware in Estonia caused disruptions at the…

Source…

Groundbreaking cybersecurity network takes root – Sentinel and Enterprise

/in


The list of organizations that the ransomware group Play has hacked as found on the dark web. Play allegedly hacked Lowell’s municipal network on April 24, and released 5GB of data on May 11. (Courtesy Brett Callow)

Sophisticated cyberattacks targeting the state’s municipalities and health-care systems have demonstrated the need for a coordinated approach to mitigate the damage caused by these incapacitating hacks.

It was just a year ago that Lowell’s municipal computer network was compromised.

The online ransomware group Play claimed responsibility for the massive cyberattack, boasting that it had released 5 gigabytes of data from that theft and posted it to the dark web.

Five months later, Lowell still hadn’t fully recovered from this network breach, which had left city government without phone service, email, access to financial, human resources, asset management and revenue systems, as well as other ancillary services like dog, business and marriage licenses.

In the interim, city departments faced the daunting prospect of rebuilding servers and networks, installing new equipment, creating secure user access portals and training employees in cybersecurity.

Even by September, Lowell police reported that critical functions could not be conducted from patrol car computers, forcing officers to log on at neighborhood precincts or police headquarters to complete their shift work — a tedious, time-consuming process.

And more recently, a far-reaching hack of a health-care payment service continues to inflict serious financial pain on the state’s health providers.

As reported by the State House News Service, the debilitating February cyberattack on Change Healthcare has cost the Massachusetts health-care system about $24 million a day, forcing care providers to seek financial relief from health insurers.

The Massachusetts Health and Hospital Association pegged the average daily costs stemming from the attack at $24,154,000, based on a survey that reflects responses from 12 hospitals and health systems.

“Depending on how long it lasts, it’s just like a snowball effect,” Karen Granoff, MHA’s senior director of managed care, told the…

Source…

CISA, Partners Warn Organizations of Akira Ransomware Attacks

/in


The Cybersecurity and Infrastructure Security Agency and its U.S. and international partners have released a joint cybersecurity advisory, or CSA, warning organizations against the Akira ransomware that has targeted critical infrastructure entities in North America, Europe and Australia.

The CSA outlines known tactics, techniques and procedures used by Akira ransomware operators and indicators of compromise to help organizations respond to ransomware attacks, CISA said Thursday.

According to the advisory, Akira threat actors have deployed a Linux variant targeting VMware ESXi virtual machines after initially focusing on Windows systems.

As of January, the ransomware group has targeted more than 250 organizations and gained approximately $42 million in ransomware proceeds.

In August 2023, Akira attacks started using Megazord, using Rust-based code, and Akira ransomware written in C++ and encrypted files.

CISA and its partners encourage organizations to implement the mitigations outlined in the CSA to reduce the impact of Akira ransomware attacks.

Source…