Ransom note for a REvil - aka Sodinokibi - ransomware infection (Source: Cisco Talos)

Ransomware to Riches Story: JBS Pays Criminals $11 Million

Mathew J. Schwartz • June 10, 2021

Is it any wonder that criminals keep flocking to ransomware when their individual haul from a well-executed digital heist can be worth $11 million? That's the amount paid to the REvil ransomware gang by meatpacker JBS USA, after its systems were crypto-locked on May 30.

Cybercrime

Colonial Attackers Used Compromised VPN Credentials

Latest

Critical Infrastructure Security

U.K. Plans for Enhanced Cybersecurity Role

Akshaya Asokan • June 13, 2021

The U.K. says it plans to turn the country into a global leader in cybersecurity, in partnership with the U.S, to counter threats ranging from ransomware to critical infrastructure attacks, according to a report by U.K. newspaper the Telegraph.

Breach Notification

Al-Jazeera News Service Says It Foiled Hacking Attempts

Prajeet Nair • June 12, 2021

The Qatar-based Al-Jazeera news service has said that it was subjected to a series of cyber-hacking attempts to penetrate some of its platforms and websites this week. It did not explain if this was a DDoS attack or something more sophisticated.

3rd Party Risk Management

Security Firm COO Charged in Attack on Medical Center

Marianne Kolbasuk McGee • June 11, 2021

The chief operating officer of a network security firm serving the healthcare sector has been charged by federal prosecutors with crimes stemming from an alleged cyberattack on an Atlanta, Georgia-area medical center in 2018. Some legal experts say the unusual case offers forewarnings to others.

Critical Infrastructure Security

House Oversight Committee Probing JBS Ransomware Payment

Scott Ferguson • June 11, 2021

The House Oversight and Reform Committee is now probing the $11 million payment that meat-producer JBS paid to a cybercriminal gang following a ransomware attack in May. Committee Chairwoman Carolyn Maloney also asked for documents related to ransom payments made by Colonial Pipeline and CNA.

Blockchain & Cryptocurrency

How Did FBI Recover Colonial Pipeline's DarkSide Bitcoins?

Mathew J. Schwartz • June 11, 2021

Cryptocurrency has a reputation for being tough to trace - no wonder anonymity-craving criminals favor using it. In reality, cryptocurrencies don't make users anonymous. But just how did the FBI recover most of the bitcoins paid by Colonial Pipeline to the DarkSide ransomware operation?

Cybercrime

DOJ Shut Down Slilpp Marketplace for Stolen Credentials

Akshaya Asokan • June 11, 2021

The U.S. Justice Department has shut down the Slilpp cybercrime marketplace, which sold stolen credentials related to bank accounts and other payment mechanisms, in a multinational operation.

Breach Notification

EA Acknowledges Breach; Says Game Source Code Stolen

Doug Olenick • June 11, 2021

Electronic Arts has acknowledged that a threat actor has breached the gaming giant and has posted a huge swath of gaming and corporate data for sale on the publicly accessible leak site RaidForums. The ad claims to have 780GB of data.

3rd Party Risk Management

ISMG Editors' Panel: The FBI's Global Cryptophone Sting

Anna Delaney • June 11, 2021

Criminals tricked into using an FBI-run encrypted messaging app, Verizon's 2021 Breach Investigations Report and overcoming the challenges of recruiting cybersecurity professionals are among the latest cybersecurity topics to be featured for analysis by a panel of Information Security Media Group editors.

Cybercrime

Fake Lazarus DDoS Gang Launches New 'Attacks'

Doug Olenick • June 11, 2021

Traditional ransomware attacks may have taken over the news, but Proofpoint researchers say the malicious actors who presents themselves as the North Korean-backed Lazarus advanced persistent threat group have revamped their distributed denial-of-service ransom extortion strategy and rebranded.

Application Security

TeamTNT Reportedly Eyes Credentials of AWS, Google Cloud

Rashmi Ramesh • June 11, 2021

Cryptojacking group TeamTNT is leveraging compromised Amazon Web Services credentials to attack its cloud environments through the platform’s API, according to researchers from Unit 42 at Palo Alto Networks.

3rd Party Risk Management

Colonial Pipeline Ransomware Fallout: Congress Grills CEO

Anna Delaney • June 11, 2021

The latest edition of the ISMG Security Report features an analysis of lawmakers' grilling of Colonial Pipeline CEO Joseph Blount over his handling of the DarkSide ransomware attack. Also featured: How the FBI helped trick criminals into using an encrypted communications service that it was able to monitor.

Breach Notification

Ransomware Gang Goes Nuclear, Hitting US Weapons Contractor

Mathew J. Schwartz • June 11, 2021

A small U.S. nuclear weapons contractor has confirmed that it suffered a ransomware attack, resulting in the theft of data. Credit for the attack has been taken by the ransomware-as-a-service operation known as REvil, aka Sodinokibi, which the FBI recently tied to the attack against meatpacking giant JBS.