Tag Archive for: extortion

Zoomer Hackers Shut Down the Biggest Extortion Ring of All


Linda Witzal runs a small independent pharmacy that caters exclusively to about 1,200 residents of New Jersey senior living facilities. Virtually all the revenue she takes in comes, ultimately, from the government. In a simpler time, she billed New Jersey Medicaid directly for most of her patients. “When I started in this business, I was 28 years old, and New Jersey was actually very easy to get on the phone back then,” Witzal, now in her early sixties, recalls.

Three and a half decades later, there’s a whole legalized extortion ring that small pharmacies like Witzal’s need to pay off to access Medicare and Medicaid funds, a symptom of the middleman creep in the pharmaceutical transaction chain. Standing between pharmacies and reimbursement checks for the drugs they dispense include the administrators of managed care programs, the tyrannical triumvirate of dominant pharmacy benefit managers that represent about 85 percent of all health plans, and Change Healthcare, the electronic data clearinghouse—or “switch,” as pharmacists call them—she uses to access the computer ecosystems of these middlemen. Until last week, Witzal viewed Change as one of the least-bad gatekeepers in the pharmacy business, though that was starting to change in the aftermath of its 2022 acquisition by UnitedHealth Group, the $372 billion Minnesota health care leviathan, which axed hundreds of tech and call center employees immediately after closing the deal. “It was getting harder and harder to get someone on the phone,” she says.

Then just over a week ago, Change abruptly shut down for Witzal and 67,000 other pharmacies it services. The company, it turned out, had been attacked by an extortion ring of its own, a hacker UnitedHealth initially identified in a Securities and Exchange Commission filing as a “suspected nation-state-associated cyber security threat actor” but has since emerged as the ransomware gang BlackCat/ALPHV, whose affiliates cybersecurity experts have previously described as native English speakers from predominantly “Western countries” between the ages of 17 and 22.

More from Maureen Tkacik

Ransomware gangs, which brought in a record $1.1 billion in…

Source…

Fileless, Double Extortion, AI and More — Virtualization Review


News

Ransomware in 2024: Fileless, Double Extortion, AI and More

Ransomware in 2024 will be much like ransomware in 2023 except for a few new twists that organizations should be aware of.

Along with “traditional” ransomware attacks, the threat actors are continually upgrading their game with new approaches, technology and techniques.

To help organizations get a handle on the primary security threat of our times, experts Dave Kawula and John O’Neill Sr. recently presented an online summit titled “2024 Ransomware Outlook,” which is now available for on-demand replay.

Relatively new ransomware techniques such as double extortion, Ransomware-as-a-Service (RaaS), fileless ransomware, Living-off-the-Land (LotL) attacks and more were discussed by Kawula, managing principal consultant at TriCon Elite Consulting, and O’Neill Sr., chief technologist at AWS Solutions. Both are on the front lines of the cybersecurity wars, continually helping organizations protect themselves or recover from attacks.

Here’s a summary of their thoughts on a couple ransomware concerns in 2024.

Double Extortion
This technique is a more complex and aggressive form of cyberattack compared to traditional ransomware. In a double extortion attack, cybercriminals not only encrypt the victim’s data, rendering it inaccessible, but also steal sensitive information before encrypting it.


Double Extortion </figcaption>
</figure></div>
[Click on image for larger view.] Double Extortion

Key aspects of this technique include:

  • Data Encryption and Theft: The first step involves infiltrating a victim’s network and encrypting crucial data. Simultaneously, the attackers exfiltrate, or steal, sensitive data from the victim.
  • Dual Threat: Victims face two threats — the encryption of their data and the potential leak of their stolen information. This double threat significantly increases the pressure on the victim to pay the ransom.
  • Ransom Demands: The attackers demand a ransom payment to decrypt the stolen data….

Source…

Strategies for Businesses in the Phase of Growing Cyber Extortion Threats


In the rapidlyadvancing digital age, businesses find themselves in an ongoing struggle against an invisible adversary called ransomware attacks. As cyber threats become more sophisticated and frequent, organizations are under increasing pressure to fortify their defenses and develop robust strategies to counter the growing menace of cyber extortion.

Ransomware, malicious software designed to block access to a computer system or files until a ransom is paid, has evolved into a pervasive and lucrative method for cybercriminals to exploit vulnerabilities in organizational networks. The consequences of falling victim to such attacks go beyond financial losses, encompassing severe operational disruptions, reputational damage, and compromised sensitive data. In fact, human error stands out as a primary entry point for ransomware attacks.

Therefore, in order to mitigate the risk, organizations are investing in comprehensive cybersecurity awareness training for employees. They are educating staff about the dangers of phishing emails and suspicious links, as well as the importance of robust password practices to reduce the risk of falling victim to ransomware.

Mr. Pallav Agarwal, Founder and CEO, HTS Solutions Pvt. Ltd., believes that ransomware resilience has become a significant concern as businesses navigate an era marked by escalating cyber threats. The growing sophistication of cybercriminals demands a proactive approach to safeguarding sensitive data and critical systems. As a result, in order to combat the menace of ransomware, businesses must adopt multi-faceted strategies. This is where updating and patching software, operating systems, and security applications regularly surfaced as significant ways to close the potential entry point for ransomware attackers.

Automated patch management systems streamline this process, ensuring timely updates and a more secure digital infrastructure. Furthermore, putting strong endpoint security in place—including cutting-edge antivirus and anti-malware software—offers a crucial line of defense against constantly changing cyber threats. Having current, safe backups is crucial in case of a ransomware attack. Thus, by regularly backing up important…

Source…

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks


Rhysida Ransomware Double Extortion Attacks

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors.

The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).

“Observed as a ransomware-as-a-service (RaaS) model, Rhysida actors have compromised organizations in education, manufacturing, information technology, and government sectors and any ransom paid is split between the group and affiliates,” the agencies said.

“Rhysida actors leverage external-facing remote services, such as virtual private networks (VPNs), Zerologon vulnerability (CVE-2020-1472), and phishing campaigns to gain initial access and persistence within a network.”

First detected in May 2023, Rhysida makes use of the time-tested tactic of double extortion, demanding a ransom payment to decrypt victim data and threatening to publish the exfiltrated data unless the ransom is paid.

It’s also said to share overlaps with another ransomware crew known as Vice Society (aka Storm-0832 or Vanilla Tempest), owing to similar targeting patterns and the use of NTDSUtil as well as PortStarter, which has been exclusively employed by the latter.

Cybersecurity

According to statistics compiled by Malwarebytes, Rhysida has claimed five victims for the month of October 2023, putting it far behind LockBit (64), NoEscape (40), PLAY (36), ALPHV/BlackCat (29), and 8BASE (21).

The agencies described the group as engaging in opportunistic attacks to breach targets and taking advantage of living-off-the-land (LotL) techniques to facilitate lateral movement and establish VPN access.

In doing so, the idea is to evade detection by blending in with legitimate Windows systems and network activities.

Vice Society’s pivot to Rhysida has been bolstered in the wake of new research published by Sophos earlier last week, which said it observed the same threat actor using Vice Society up until June 2023, when it switched to deploying Rhysida.

The cybersecurity company is tracking the cluster under the name TAC5279.

“Notably, according to the ransomware group’s data leak site,…

Source…