FBI Alert: This Ransomware Group Has Hit Over 100 Targets And Made Over $60 Million


Image: Getty

A prolific ransomware gang has attacked more than 100 organizations around the world and demanded more than $60 million in ransom, a security alert from CISA and the FBI has warned.

New release general advice on network security warns that there has been a sharp increase in both the number of targeted organizations Cuban ransomware group and the requested ransom amount.

According to the alert, Cuban ransomware attacks are targeting critical infrastructure, financial services, healthcare, information technology, government services, etc. The warning notes that despite Despite its name, the ransomware group does not have any connection to the country of Cuba.

As of August 2022 – the most recent date information was made available – the FBI warns that Ransomware The attackers compromised more than 100 victims around the world and demanded more than $145 million in ransom, receiving $60 million in extortion requests.

The group participates in double blackmail attack, not only encrypting data and demanding a ransom, but also threatens to reveal stolen data from the victim if the ransom – demanded in Bitcoin – is not paid.

The joint CISA and FBI advice follows an earlier warning about Cuban ransomware in December 2021. The new warning comes due to the increased number of attacks and as cybercriminals have expanded. their techniques to make attacks harder to detect and therefore harder to detect. effective.

Also: Cybersecurity: Here are the new things to worry about in 2023

These methods include mining a vulnerability in the Windows General Log File System (CLFS) (CVE-2022-24521) to steal system tokens and elevate privileges, along with using PowerShell scripts to define service accounts to gain additional access to controls. high level system control.

Cuban ransomware attacks have also been seen exploiting Not logged ina vulnerability in the Microsoft Windows Netlogon authentication protocol (CVE-2020-1472) to gain domain admin privileges. Zerologon was discovered in September 2020 and was considered an “unacceptable risk” at the time. – but more than two years on, attackers can still exploit it.

As detailed in the previous warning, the methods Cuban ransomware uses to gain initial access to victims include exploiting known vulnerabilities in commercial software, scam campaignmisuse stolen usernames and passwords, and exploit legitimate remote desktop protocol (RDP) applications.

After gaining access, cybercriminals deploy Hancitorone malware payload allows them to easily regain access and perform operations on compromised networks – and is ultimately used to remove and execute ransomware payloads.

The FBI and CISA make several recommendations to network defenders on cybersecurity mitigations that should be taken to prevent attackers from being able to use common techniques to infiltrate networks, and deploy ransomware.

Key among these recommendations is Update all operating systems, software and firmware with the latest security updates – especially if you know that cybercriminals are actively targeting vulnerabilities like CVE-2022-24521 and CVE-2020-1472.

“Timely patching is one of the most effective and cost-effective steps an organization can take to reduce its potential exposure to cybersecurity threats,” said the security consultant. .

Also: We still haven’t learned the most important lesson about cybersecurity. That needs to change, fast

Other recommendations include requiring all accounts to be secured with a strong, unique password and to ensure that, where possible, all accounts – especially those for cloud services – are secured with multi-factor authentication. This can be of great help in preventing cybercriminals from hacking accounts.

We also recommend that organizations have processes in place to identify, detect, and investigate anomalous network activity, something that could be an indication that the network has been compromised and an attack has occurred. ransomware attack may be in progress – and action should be taken to prevent it.

Organizations should also have a recovery plan in placeensure there are multiple copies of main systems and servers, updated and stored offline, so if the worst happens and a ransomware attack succeeds, the network can restored without paying a ransom.

This is because there is no guarantee that paying the ransom will restore the network – and making extortion requests will only further encourage cybercriminals, who could come back with further attacks and demand more ransom.

“The FBI and CISA discourage paying ransom because the payment does not guarantee the victim’s files will be recovered. Furthermore, the payment may also encourage adversaries to target other organisations, encouraging encourage other criminals to participate in the distribution of ransomware and/or fund illegal activities,” the warning said – urging victims of ransomware attacks to report incidents. .



News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button