"Ransomware groups don't abide by the same rules, and in some ways we could see it have a larger impact." They're criminals, so in many ways they have fewer boundaries," he said. "The difference here is REvil is financially motivated. Like a number of other Russian-speaking ransomware gangs, REvil has made a fortune in recent years by hacking individual organizations, locking their computers, stealing their files and demanding a payment to fix things and not leak what they stole. REvil, likely best known for hacking JBS, one of the world's largest international meat suppliers, has been active since at least early 2019. "What we're seeing here is the tactics of more sophisticated adversaries, like nation-states, trickling down toward these less sophisticated, more financially motivated criminal ransomware groups," said Jack Cable, a researcher at the Krebs Stamos Group, a cybersecurity consultancy. This gave them access to potentially tens or hundreds of thousands of victims. Most concerning is that they even deployed a zero-day, a cybersecurity term for a vulnerability in a program that software developers aren't aware of and thus haven't had time to fix.Īnd they didn't target a single victim, but rather a company with a small but key role in the internet ecosystem. So far, Cable relies only on publicly available materials to expand its database, but the researcher told The Record that he is already exploring “the possibility of partnerships with analytical companies in the field of information security and blockchain to integrate the data they may have about the victims.The hackers behind the spree, the Russian-speaking ransomware gang REvil, adopted two new tactics previously not used by the ransomware gangs that continually hack targets around the world, but particularly in the U.S. The creator of the project hopes that the anonymous exchange of payment data through a third-party service, such as Ransomwhere, will remove some barriers in the information security community, such as nondisclosure agreements and business competition. The main idea is to create a centralized system that tracks payments sent by hackers, which will allow them assessing the scale of their profits and operations more accurately, about which very little is known. Then this address will be indexed in the public database. In general, the site is very simple: it allows victims of ransomware attacks and security specialists to transfer copies of their ransom notes to Ransomwhere, as well as report the amount of the ransom and the bitcoin address to which the victims transferred the payment. Unfortunately, such a database can be easily corrupted by fake material, but to counter this, Cable plans to study all submissions, and in the future plans to add a voting system for individuals so that reports can be flagged as fake. This database, devoid of any personal information, will be available to information security specialists and law enforcement officers for free download. Jack Cable, Stanford’s student and Krebs Stamos Group cybersecurity researcher created the Ransomwhere project that is free and open database of payments that have been transferred to various ransomware hack groups.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |