Tag Archive for: shut
Zoomer Hackers Shut Down the Biggest Extortion Ring of All
/in Computer Security
Linda Witzal runs a small independent pharmacy that caters exclusively to about 1,200 residents of New Jersey senior living facilities. Virtually all the revenue she takes in comes, ultimately, from the government. In a simpler time, she billed New Jersey Medicaid directly for most of her patients. “When I started in this business, I was 28 years old, and New Jersey was actually very easy to get on the phone back then,” Witzal, now in her early sixties, recalls.
Three and a half decades later, there’s a whole legalized extortion ring that small pharmacies like Witzal’s need to pay off to access Medicare and Medicaid funds, a symptom of the middleman creep in the pharmaceutical transaction chain. Standing between pharmacies and reimbursement checks for the drugs they dispense include the administrators of managed care programs, the tyrannical triumvirate of dominant pharmacy benefit managers that represent about 85 percent of all health plans, and Change Healthcare, the electronic data clearinghouse—or “switch,” as pharmacists call them—she uses to access the computer ecosystems of these middlemen. Until last week, Witzal viewed Change as one of the least-bad gatekeepers in the pharmacy business, though that was starting to change in the aftermath of its 2022 acquisition by UnitedHealth Group, the $372 billion Minnesota health care leviathan, which axed hundreds of tech and call center employees immediately after closing the deal. “It was getting harder and harder to get someone on the phone,” she says.
Then just over a week ago, Change abruptly shut down for Witzal and 67,000 other pharmacies it services. The company, it turned out, had been attacked by an extortion ring of its own, a hacker UnitedHealth initially identified in a Securities and Exchange Commission filing as a “suspected nation-state-associated cyber security threat actor” but has since emerged as the ransomware gang BlackCat/ALPHV, whose affiliates cybersecurity experts have previously described as native English speakers from predominantly “Western countries” between the ages of 17 and 22.
Ransomware gangs, which brought in a record $1.1 billion in…
A Russian-controlled botnet of hundreds of routers has now been shut down by the US DOJ
/in Internet Security
Hundreds of routers used in homes and small offices were unknowingly used to spread malware via a Russian-made botnet. This week, the US Department of Justice announced that this botnet has now been shut down in an operation that took place in January 2024 but has now been revealed publicly.
In its press release, the Justice Department stated the botnet itself was created by a known cybercriminal group that infected routers that still used “publicly known default administrator passwords” with the Moobot malware. After that, the Russian GRU agency installed its own scripts by using the Moobot malware.
The press release described how the GRU used the botnet to committee various cybercrimes:
These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations.
However, after the botnet was discovered, the Justice Department turned around and used the Moobot malware to copy the stolen files, and then delete them from those routers. It also changed the firewalls of those routers to make sure they could block any attempts at remote entry.
The Justice Department will inform the owners of those routers about what happened to them and request that those devices get a full reset. They will also be asked to install the latest version of their router”s firmware, and of course, they will highly recommend that the routers get new passwords.
This is actually the second time in 2024 that the Justice Department has disrupted a criminal botnet. In a statement, US Attorney General Merrick B. Garland said:
In this case, Russian intelligence services turned to criminal groups to help them target home and office routers, but the Justice Department disabled their scheme. We will continue to disrupt and dismantle the Russian government’s malicious cyber tools that endanger the security of the United States and our allies.
There”s no specific information on the information that was gathered by the…
CALS shut down its Internet network after being hit with possible cyberattack | The Arkansas Democrat-Gazette
/in Internet Security
February 15, 2024 at 5:07 p.m.