Cloudflare CEO Concerned about Growth of Ransomware Attacks in the Crypto Space

Cloudflare CEO Concerned about Growth of Ransomware Attacks in the Crypto Space

In an interview on CNBC’s ‘Mad Money,’ hosted by Jim Cramer, Cloudflare CEO Matthew Prince called out crypto exchanges stating these firms “are becoming a popular target for cybercriminals.” According to Prince, cryptocurrency exchanges need to focus more on securing customers’ funds to prevent the rising cases of hacks and ransomware attacks.

Explaining the rising number of hacks on cryptocurrency exchanges, Prince said that money is the primary motivation, similar to bank robbers choosing banks.

“The old adage is, Why do bank robbers rob banks? It’s because it’s where the money is.”

“One of the biggest places that cyber attackers are going after right now is the various cryptocurrency exchanges and other cryptocurrency parts of the universe.”

Over the course of the year, the cryptocurrency ecosystem attracted attention to the rising number of ransomware attacks. Chainanalysis reported over $81 million in ransom was paid by victims by May 2021. Notably, the Colonial Pipeline hack in May raised concerns in the industry. The hackers disrupted fuel supply to some parts of the US East Coast, demanding a $5 million ransom – payable in BTC.

In June, Russian ransomware group REvil infiltrated over 200 companies across the globe via software supplier Kaseya, using its technology management software to spread the ransomware via the cloud. The hackers encrypted one of Kaseya’s tools with infected files, paralyzing hundreds of companies. The hackers then demanded a $70 million ransom, paid in BTC, to negotiate about decrypting the files.

These ransomware attacks have caused considerable debate in the crypto security space and the role that blockchain-based digital currencies play in the rising ransomware attacks. Despite the increasing ransom attacks, some crypto analysts believe blockchains actually help authorities track and arrest hackers easier due to the public nature of Bitcoin’s transactions, which are broadcasted on the network.

San Francisco-based Cloudflare is a web security infrastructure provider that protects companies from online attacks. Its key proposition service provides security to companies to prevent distributed denial of service (DDoS) attacks, which are common on crypto exchanges.

O0n the question if Prince would hold his cryptocurrencies on an exchange protected by Cloudflare, he said, “the company is giving a front-row seat to [its consumers] to prevent the evolving cyber threats they face. The company stays ahead of the curve through innovations that prevent any new forms of ransomware and hack attacks from affecting them.

“We’re proud of the fact that we’ve kept the cryptocurrency customers that are ours secure and safe and helped augment the additional protections that they have in place.”

“I’d feel safe using any of the cryptocurrency exchanges that use Cloudflare today.”

Apart from technically dealing with hackers, the US government is also fighting the rising cases of ransomware attacks. In June, the U.S. President’s national security advisor called on the G7 countries to unite and fight against the consistent ransomware attacks on national sites.

In a briefing from the White House press, Jake Sullivan, selected as Joe Biden’s national security advisor, called on the regulation of the cryptocurrency ecosystem as it represents “the core of how these ransomware attacks are carried out.”

Read Original/a>
Author: Lujan Odera

Russian Ransomware Group, REvil, Attacks 200 Firms, Demands $70 Million in Bitcoin

Russian Ransomware Group, REvil, Attacks 200 Firms, Demands $70 Million in Bitcoin

Russian-based ransomware group REvil has again attacked no less than 200 firms in its latest operation. The group is demanding a ransom of $70 million in Bitcoin as ransom to release the stolen data.

Firms Hacked Through Software Supplier Kaseya

According to Reuters, REvil targeted software supplier Kaseya and used its technology management software to spread the ransomware via the cloud.

One of Kaseya’s tools, VSA, used by several firms, was encrypted with infected files, paralyzing hundreds of firms.

“More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is $70 million in Bitcoin,” the ransomware group said as reported in a dark website, Happy Blog.

Updating firms on the incident, Kaseya said it was working on a patch that would increase the security of its VSA server. It also advised its customers to continue to remain offline until it is safe to restore operations.

Ransomware attacks by REvil have been constant these past few months. In May, the Russian group attacked a major pipeline firm, Colonial Pipeline, and received a $5 million ransom after spurring a gas crisis in the US.

That same month, JBS Holdings, the world’s largest meat company, was also attacked by the same group, which led to an $11 million ransom payment.

CNA Financial. CNA, one of the largest insurance companies in the US, reportedly paid $40 million in Bitcoin to restore access to its network after a ransomware attack.

Biden Taking Ransomware Attacks Seriously

Over the past few months, US president Joe Biden and his administration have taken a more serious stance on ransomware attacks.

The US Department of Justice (DoJ) had previously said that it would start treating these attacks with the same urgency it treats terrorism.

US Officials have spent the past few months scrutinizing these crimes while also tracing payments. Last month, the officials disclosed that they had recovered most of the $4.4m ransom paid to the hackers responsible for the Colonial Pipeline attack.

In a bid to curtail these attacks, last month, President Biden also met with Russian President Vladimir Putin to discuss and proffer solutions. Biden had told Putin that if ransomware attacks continued and were found to be from Russia, there would be consequences.

During a recent public appearance, Biden said that he had directed the US intelligence agencies to investigate the ransomware matter.

Biden’s statements come after the US Department of State’s official Victoria Nuland spoke about the Colonial Pipeline hack. In a meeting with Salvadoran president Nayib Bukele, Nuland said the US State Department was taking a tough look at bitcoin due to the Colonial Pipeline ransomware hack.

Read Original/a>
Author: Jimmy Aki

Ransomware Attacks: US Rep Asks Colonial Pipeline, CNA Financial for Payment Details

Ransomware Attacks: US Rep Asks Colonial Pipeline, CNA Financial for Payment Details

Two US companies and ransomware victims, Colonial Pipeline and CNA Financial, have been asked to reveal details of the payments made to hackers before they recovered their data.

US Rep. Carolyn Maloney sent letters to the firm on Thursday requesting that they release payment documents relating to the communications made with the ransomware attackers.

Maloney Fixes June 12 Deadline For Documents

Colonial Pipeline and CNA have been given until June 12, approximately two weeks to gather the materials and send them to the House Oversight Committee.

In the letters, Maloney requested all documents that detail how the attack was discovered, whether the companies sought external consultation about paying the ransoms, and documents detailing the decryption tools provided by the attackers.

According to Maloney, detailed information about the ransom payments made to cybercriminals is required to legislate effective laws on cybersecurity and ransomware in the country.

“I am extremely concerned that the decision to pay international criminal actors sets a dangerous precedent that will put an even bigger target on the back of critical infrastructure going forward,” she said in a press release.

Colonial Pipeline was hacked in May by hackers believed to be from Russia. The company was forced to shut down due to the ransomware attack, which created fuel shortages in the Southeastern states. The company reportedly paid $4.4 million in ransom.

Another ransomware attack happened later in the same month against CNA Financial. CNA, one of the country’s largest insurance companies, reportedly paid $40 million in Bitcoin to restore access to its network.

Apart from these two companies mentioned above, other companies have also been attacked as ransomware hackers continue to terrorize US companies.

A few days ago, JBS SA, the largest meat producer globally, was forced to shut down its US beef plants after a ransomware attack. Details are, however, unknown as to whether a ransom has been paid or not.

Ransomware Attackers to Face Growing Scrutiny In The US

The constant rate at which ransomware hackers attack firms and the cryptocurrency payments the hackers often induce has heightened the US government’s concern.

The US Department of Justice (DoJ) disclosed yesterday that it would start treating these attacks with the same urgency it treats terrorism.

The DoJ also sent a memo to the state US attorney offices and branches, asking US attorneys to file urgent reports if they hear of a significant ransomware attack.

These actions by the Justice Department to push ransomware into this special process show just how much the government is prioritizing the issue.

Read Original/a>
Author: Jimmy Aki

Colonial Pipeline Capitulates to $5 Million Ransomware Demand: Report

Colonial Pipeline Capitulates to $5 Million Ransomware Demand: Report

Emerging reports have revealed that the cybercriminals that attacked the US fuel pipeline, Colonial Pipeline Co, were paid $5 million in cryptocurrency.

According to Bloomberg, sources familiar with the situation confirmed the extortion fee was paid to enable them to resume fuel shipments.

Colonial Pipeline Attack Associated With DarkSide

The hefty ransom fee was reportedly paid within hours of the attack due to the mounting pressure on the pipeline operator to get gasoline and jet fuel flowing again across cities.

This is contrary to earlier reports asserting that Colonial Pipeline was refusing to negotiate with the attackers.

The FBI had earlier confirmed that the hackers were part of a Russia-linked DarkSide group specializing in digital extortion.

The Georgia-based Colonial ransomware attack crippled gas delivery systems in Southeastern states. Half of the gas stations in North Carolina, Virginia, Georgia, and South Carolina were reported empty.

The cybergang had reportedly demanded that the ransom be paid with a privacy coin like Monero (XMR).

However, the ransom payment goes against the advice of the Federal Bureau of Investigation (FBI). The government agency has repeatedly discouraged American ransomware victims from paying hackers. According to them, payment isn’t guaranteed to work and could incentivize cyber crimes.

Crypto Surge Propelling Ransomware Attacks

Ransomware refers to a category of malicious computer programs that force users into paying a ransom fee before they can access their data. The hackers involved in this type of cybercrime lock up victim’s files and demand ransom or payment for them to unlock it.

According to data from the blockchain analytics firm Chainalysis, crypto payments via ransomware attacks rose in 2020.

In its annual Crypto Crime Report released in January, Chainalysis said the amount paid by victims increased by 311% in 2020, reaching about $350 million in cryptocurrency. The average ransom paid by organizations in 2020 was $312,493, as stated in the report.

The vast majority of criminal crypto payments included in the report had to do with darknet markets and the general category of scams. A major reason for the increase in ransomware-connected payments during 2020 was coronavirus work-from-home measures, which opened up new vulnerabilities for many organizations.

Read Original/a>
Author: Jimmy Aki

Experts Call for Crypto Regulation as Ransomware Attacks Are On the Rise

Experts Call for Crypto Regulation as Ransomware Attacks Are On the Rise

A panel of experts calls for aggressive tracking of Bitcoin and other cryptos in the light of growing ransomware attacks. Ransomware gangs collected about $350 million last year, more than 3x of 2019.

“There’s a lot more that can be done to constrain the abuse of these pretty amazing technologies,” said Philip Reiner, chief executive of the Institute for Security and Technology, who led the Ransomware Task Force.

The new rules proposed are aimed at the anonymity of crypto transactions, Reuters reported a source as saying. It will recommend steps like extending KYC regulations to crypto exchanges, money laundering rules to facilities converting currency, and tougher licensing requirements for those processing cryptocurrencies.

“That would be huge,” said an anonymous senior Homeland Security Official.

“This is a world that was created exactly to be anonymous, but at some point, you have to give up something to make sure everyone’s safe.”

Last year, the U.S. Marshals Service seized over $150 million in crypto-assets and offered them to the public at auction.

Amidst this, the House has passed a bill that will provide clarity to crypto asset regulation in the country.

The bill passed by the US House of Representatives last week is H.R. 1602, “Eliminate Barriers to Innovation Act of 2021,” which has now been sent to the Senate. If passed and signed into law, this will provide much-needed clarification to the industry. It would commission a working group to evaluate how the US currently treats crypto assets.

Read Original/a>
Author: AnTy

Acer Technologies Targeted In ‘Largest Ever’ Ransomware Attack; Hackers Demand Monero (XMR)

Acer Technologies Targeted In ‘Largest Ever’ Ransomware Attack; Hackers Demand Monero (XMR)

The global computer manufacturer is yet to confirm any attacks.

In what has been dubbed as the ‘largest ransom ever asked for,’ the notorious REvil ransomware gang is reportedly asking for $50 million from the Taiwanese computer manufacturer, Acer. First reported by Tech Radar, the hacking group is asking the amount to be paid in privacy-enabled Monero (XMR) cryptocurrency to decrypt their computers.

According to cybersecurity specialist company Malwarebytes, this is the largest ransom any operator has ever faced. Ransomware attacks involve hackers infiltrating your systems, encrypting valuable/confidential information, and asking for a fee to decrypt the systems.

If the reports are true, the hackers seem to have attacked the company’s back-office systems and not the production line. As of the time of writing, no spokesperson has released any comments from Acer. We will update you on this story as it develops.

The REvil group usually records and keeps the demand letters sent to their victims, especially those that do not cooperate. While the Acer documents are yet to be put up, the hackers blasted the Acer representative who was in touch with them as an “incompetent negotiator.” They asked to be linked with the management or a supervisor in their negotiation.

Monero is gradually becoming the coin of choice for hackers, given its highly private nature. Days before the 2020 U.S. Presidential elections, Donald Trump’s campaign website was hacked with the hackers asking for XRM payments to release the information.

In February this year, KIA Motors hackers asked for $32 million in Bitcoin or Monero in order to decrypt their systems.

Read Original/a>
Author: Lujan Odera

Hackers Demand Up to 600 Bitcoins ($32 Million) in Kia Motors Ransomware Attack

Hackers Demand Up to 600 Bitcoins ($32 Million) in Kia Motors Ransomware Attack

  • Kia Motors America suffered a ransomware attack on Thursday.
  • Hackers demand a $22 million payout to decrypt the data.
  • Ransom could shoot up to $32.7 million in the coming week if not paid on time.

Kia Motors America is the latest company to face a ransomware attack from the notorious DoppelPaymer gang of hackers. The hackers are demanding the payment in Bitcoin (BTC), 404 Bitcoins (~$22 million, as of writing), to decrypt the data and not leak the data to the public. The ransom is set to increase by 50% to 600 Bitcoins if not paid by 28th February 2021.

A ransomware attack is a malware attack in which a hacker encrypts files and data of the victim and asks for a ‘ransom’ to decrypt the data. According to a report by BleepingComputer, the attack on Kia Motors America witnessed “a nationwide IT outage” affecting the company’s mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by over 800 dealerships in the U.S.

In a note first revealed by BleepingComputer, the DoppelPaymer gang alleges they orchestrated the attack on Hyundai Motors America, Kia’s parent company. No hack attempts have been reported on Hyundai Motors. The Tor ‘victim page’ reads that the hackers made away with large volumes of data threatening to release them to the public if no negotiation or payment is held in the next 2 weeks.

To prevent any leak of the data and get the data decrypted, Kia Motors should pay 404 BTC through a Tor website link, with instructions on how to do so. If not paid in the next nine or so days, the ransom is stated to grow by 50% to 600 BTC (~$31.7 million, at current prices).

Several services remain affected on the Kia Motors America website, but the hackers have released no information on the type of data stolen.

This is not a first-time hack attempt for the DoppelPaymer gang, who also launched a ransomware attack on Foxconn, one of the largest electronic firms in the world, in December. The hackers asked for 1,804 BTC, or $35 million at the time, to decrypt their files.

Read Original/a>
Author: Lujan Odera

Cryptocurrency Ransomware Attacks Surged Over 300% in 2020: Chainalysis’ Crime Report

Cryptocurrency Ransomware Attacks Surged Over 300% in 2020: Chainalysis’ Crime Report

Revenue from crypto-related crime was reduced by 53% last year. Illicit funds, scams, and proceeds of crime through crypto also dropped. However, The value of ransomware attacks tripled, generating over $350 million.

Chainalysis’ “Crypto Crime Report 2021” shows a significant decrease in cryptocurrency-related crime across 2020, revenue from these illicit activities dropping by $5 billion, or 53%, from the previous year. The total illicit activity compared to the total transactional volume also dipped to only 0.34% in 2020, or $10 billion – a sharp dip from the 2.1% ($21.4 billion) recorded in 2019.

Overall, cryptocurrency-related scams and illegal activities are falling. Only a small portion of illicit activity is left in the crypto ecosystem. The overall illicit value from crypto is falling compared to illicit funds in traditional finance, the Chainalysis report reads.

As was the case in 2019, scams made up the biggest chunk of crypto-related crime – reporting $2.7 billion, a sharp 71% drop from $9 billion the previous year. Interestingly, the number of individual scams made to scam wallets rose by 48% across 2020 to 7.3 million individual scams. The sharp drop in value in 2020 mainly arises from the fact that no scam is close enough to the magnanimous PlusToken Ponzi scam in 2019.

Across 2020, the total crime value from scams and other illicit acts raised nearly $10 billion, dropping from $20 billion in revenue collected by bad actors in 2019.

Despite the celebrations, the value from ransomware attacks tripled in the past year, representing 7% of all the illicit crypto-based transactions. At $350 million in value across 2020, crypto-ransomware attacks grew over 311% in a year – the largest growth amongst the report’s illicit categories. The spike is attributed to the global Covid-19 pandemic, which prompted the “work from home” culture, presenting new vulnerable opportunities.

Darknet markets and stolen funds witness a less dramatic increase than ransomware – a 29% increase and a 4% increase from 2019’s values, respectively.

Earlier in the year, Chainalysis reported that the total number of cryptocurrency crimes had fallen over 83% in 2020, as regulation and exchange compliance came alive during the year.

Read Original/a>
Author: Lujan Odera

DoJ & Chainalysis Partner to Hunt Down NetWalker Ransomware that Targeted Hospitals

DoJ & Chainalysis Partner to Hunt Down NetWalker Ransomware that Targeted Hospitals

The U.S Department of Justice (DoJ) said on Wednesday that it has managed to disrupt notorious ransomware dubbed Netwalker. This operation was done in collaboration with Bulgarian authorities and intelligence firm Chainalysis which provided the resources for tracking the malicious operations and players.

A Canadian national by the name of Sebastien Vachon-Desjardins has since been arrested and charged for using the Netwalker ransomware to acquire $27.6 million worth of crypto assets. The Netwalker hardware was tracked down in Bulgaria and DoJ said that they managed to seize $454,530.19 in cryptocurrencies. Notably, ransomware attacks in crypto increased by 311% to hit $350 million in 2020 according to Chainalysis.

The new developments by the DoJ in collaboration with Bulgaria’s authorities’ further reveal a growing trend in ransomware attacks, especially those that target nascent industries like crypto. Per the Chainalysis Netwalker breakdown, this sophisticated ransomware operates as a ransomware-as-a-service (Raas). Attackers assume the role of affiliates where they pay a commission to administrators, after successful attacks.

“Attackers known as affiliates ‘rent’ usage of a particular ransomware strain from its creators or administrators, who in exchange get a cut of the money from each successful attack affiliates carry out. RaaS has led to more attacks, making it even more difficult to quantify the full financial impact.”

The FBI discovered this ransomware mid-last year; at the time, main targets included hospitals with the pandemic presenting an opportunity to strike. Other institutions like companies, universities, and municipalities have also fallen victim to the Netwalker ransomware attacks.

Well, it seems like authorities have finally caught up with the sophisticated attackers. Acting Assistant AG Nicholas L McQuaid said that they are on top of the matter from all angles;

“We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims.”

Read Original/a>
Author: Edwin Munyui

Foxconn Ransomware Attackers Demanded $35M Payment In BTC to Decrypt Files

  • Taiwanese electronic multinational company, Foxconn, is reportedly facing a ransomware attack.
  • The hackers are asking for 1,804 Bitcoin payment, approximately $35 million.

According to reports from BleepingComputer, Foxconn, one of the largest electronic companies in the world, was faced with a ransomware attack by a popular hacking group, DopperPaymer. The report confirms the hack was first noticed on November 29th when the hackers gave the company 3 days to make a ransom payment to an unknown wallet address.

While the report stated that Foxxconn was negotiating with the hackers, DoppelPaymer released many documents, including generic business documents and reports, on Monday. No private information on employees or financial reports was published on the ransomware data leak site.

The attack is said to have happened at Foxconn CTBG MX facility located in Ciudad Juárez, Mexico, which controls America’s regional business. The hackers have since encrypted the data and asked the company to pay 1,804.095 BTC, roughly $35 million at current market prices, to decrypt the company’s information.

Foxconn’s North America website has since been down with an error on the visitors’ page.

Source: Bleepingcomputer

The hackers sent out a note on the ransom to be paid, directly on Foxconn’s servers –notifying them of the attack and how to make payment to their wallets. The note reads,

“Your account has been hacked. Your files, backups and shadow copies are unavailable until you pay for decryption tool. […] If no contact is made within 3 business days after the infection first portion of data will be shared to the public.”

The hackers further attached a Tor browser address that the company should use to complete the $35 million ransom.

According to BleepComputer’s statement, DoppelPaymer also carried out a series of attacks on over 1200-1400 servers, encrypted the North American regional data (not the whole company), and also were able to obtain about 75 TB of data backups – destroying approximately 20-30 TB of the data.

At this time, Foxconn confirmed with BleepingConmputer that the attack did happen, but they are slowly able to bring their systems back online.

Over the past year, ransomware attacks have increased substantially; the hackers prefer crypto payments such as masked BTC and Monero, a privacy coin, to fiat options. In September, BEG reported the Argentinian immigration office’s ransomware attack whereby the hackers asked for $4 million in BTC. More recently, Enel Group faced a second ransomware attack with a 1234 BTC payment set by the hackers.

(Update: According to a Reuters report, Foxconn North American site’s connection is back up running. The electronics firm further confirmed that the ransomware attack did not heavily disturb the company’s operations.)

Read Original/a>
Author: Lujan Odera