Search the Community

Article by: Umar Shakir - TheVerge contributor The Department of Justice announced this week that FBI agents successfully disrupted Hive, a notorious ransomware group, and prevented $130 million worth of ransom campaigns that targets no longer need to consider paying. While claiming the Hive group has been responsible for targeting over 1,500 victims in over 80 countries worldwide, the department now reveals it had infiltrated the group’s network for months before working with German and Netherlands officials to shut down Hive servers and websites this week. “Simply put, using lawful means, we hacked the hackers,” Deputy Attorney General Lisa Monaco remarked during a press conference. The FBI claims that by covertly hacking into Hive servers, it was able to quietly snatch up over 300 decryption keys and pass them back to victims whose data was locked up by the group. US Attorney General Merrick Garland said in his statement that in the last few months, the FBI used those decryption keys to unlock a Texas school district facing a $5 million ransom, a Louisiana hospital that had been asked for $3 million, and an unnamed food services company that faced a $10 million ransom. “We turned the tables on Hive and busted their business model,” Monaco said. Hive had been considered a top-five ransomware threat by the FBI. According to the Justice Department, Hive has received over $100 million in ransom payments from its victims since June 2021. Hive’s “ransomware-as-a-service (RaaS)” model is to make and sell ransomware, then recruit “affiliates” to go out and deploy it, with Hive administrators taking a 20 percent cut of any proceeds and publishing stolen data on a “HiveLeaks” site if someone refused to pay. The affiliates, according to the US Cybersecurity and Infrastructure Security Agency (CISA), use methods like email phishing, exploiting FortiToken authentication vulnerabilities, and gaining access to company VPNs and remote desktops (using RDP) that are only protected with single-factor logins. A CISA alert from November explains how the attacks target businesses and organizations running their own Microsoft Exchange servers. The code provided to their affiliates takes advantage of known exploits like CVE-2021-31207, which, despite being patched since 2021, often remain vulnerable if the appropriate mitigations haven’t been applied. Once they’re in, their pattern is to use the organization’s own network management protocols to shut down any security software, delete logs, encrypt the data, and, of course, leave behind a HOW_TO_DECRYPT.txt ransom note in encrypted directories that connects victims to a live chat panel to negotiate over ransom demands. Hive is the biggest ransomware group the feds have taken down since REvil in 2021 — which was responsible for leaking MacBook schematics from an Apple supplier as well as the world’s largest meat supplier. And earlier that year, groups like DarkSide successfully walked away with a $4.4 million payout after penetrating Colonial Pipeline’s systems in an incident that caused national gas prices to skyrocket. The most expensive ransomware attack to be publicized, however, is insurance company CNA Financial, which ended up paying hackers $40 million. The FBI, during its stakeout of Hive, found more than 1,000 encryption keys tied to previous victims of the group, and FBI Director Christopher Wray noted that only 20 percent of detected victims reached out to the FBI for help. Many victims of ransomware attacks refrain from contacting the FBI for fear of repercussions from the hackers and scrutiny in their industries for failing to secure themselves. Since hackers are getting their paydays, however, it’s giving the ransomware industry fuel to keep going at it. The FBI hopes it can convince more victims to come forward and work with them instead of buckling to the demands. “When a victim steps forward, it can make all the difference in recovering stolen funds or obtaining decryptor keys,” Monaco said. Here is a related YouTube video from the U.S. Dept. of Justice: https://youtu.be/aKzCR1Xj05c

Article by Ben Russell - NBCUniversal Inc. Federal investigators put out a warning late Tuesday to the nation’s school systems after a series of high-profile ransomware attacks on their computer networks. The most recent publicized incident involved the country’s second-largest school system – the Los Angeles Unified School District. Over the weekend, the district’s IT team recognized an attempted hack on the system and had to quite literally pull the plug to prevent any further data compromise. “It’s undeniable that, if we had not number one detected this anomaly, and responded by alerting our law enforcement partners, and brought in all the extra police that we have brought on board so quickly, it could have been a catastrophic set of circumstances that we would be facing today,” said Alberto Carvalho, the Superintendent of Los Angeles’ schools. In a ransomware attack, the perpetrator gains control of data, or even an entire system, and demands a ransom to relinquish control. The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency issued a joint alert on Tuesday about an increase in ransomware threats. “School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable,” the CISA noted in a news release. The Mansfield Independent School District was recently targeted in a ransomware attack. Late last month, hackers were able to get control of the district’s system, which forced a shutdown. It is not clear if the Mansfield ISD paid the hackers to regain control of its system. My view: I think "it's appalling" that these ransomware cyber criminals are attempting to target school districts across the country! They have targeted schools, universities and even hospitals & medical research centers in the past. So it doesn't really surprise me that this sort of thing is happening right now when kids are returning back to school. For some, "making a quick buck & greed has no limitations as to who they hurt in the process!" Regards, Ritchie...