cyberattack - Pwim.Net

Telecom Argentina Hit By Ransomware attack: Hackers Demand $7.5 Million Monero

A leading internet service provider, Telecom Argentina S.A, was hit with a ransomware attack on Saturday, July 18. The popular economist, trader, and cryptocurrency proponent, Alex Kruger, tweeted about the incident. The ransomware operators are now demanding for a 7.5 million ransom to be paid in order to unlock encrypted files.

Telecom was founded in 1990 and since then has become the largest telecommunication company in Argentina.

New Cyberattack Has Brought Another Shame

The internal network of the telecom company was infected and is regarded as one of the largest hacks in the country.

According to the local news outlet, the attackers have caused massive damage to the company’s network. They gained full control over the entire internal Domain Admin of the company’s network, where they installed and spread their ransoms payload to over18,000 workstations.

However, the attack has not affected users or telephone and internet services offered by Telecom Argentina. The internet, cell phones, and landlines remain unaffected.

The attackers have targeted and encrypted multiple company-owned Windows computers, which contain personal and sensible information. Several of Telecom Argentina’s official website went offline since Saturday.

The hackers are now demanding a ransom of 109,345.35 XMR (Monero cryptocurrency) of value $7.53 million. Telecom Argentina has until July 21st, 20:23 local time, to pay the amount. If the company fails to pay the funds required within the given timeframe, then the amount doubles to 218,690.7 XMR ($15 million).

The hackers have presented guidance on how Telecom employees can make payment using Monero cryptocurrency, screenshot reveals.

However, the company has not given its response to how it is managing the crisis or whether it is cooperating with the hackers or not.

Although, no hackers group has claimed to take the responsibility of the incident, several signs point towards one of the most popular organizations in the field – REvil (Sodinokibi) – to be behind the horrible attack. The group has become famous for executing similar ransomware attacks.

Data Locked Forever?

Ransomware is a digital form of extortion. It is just as simple as that. Hackers use old-age tactics to carry out a modern-day crime.

Ransomware is a destructive malware, which encrypts files on infected computers so that to make them inaccessible until a ransom is paid.

However, even if the victim makes the payment, there is no guarantee that the cyber attackers will unlock the files. This makes it especially difficult for a victim to make a decision for this matter.

Being anonymous, Monero cryptocurrency transactions lend themselves well for this type of malware that enables hackers to stay out of reach. In the case above, the attackers even explain to the company how to get Monero cryptocurrency and make payment.

The incident has elicited mixed reactions from the cryptocurrency community. Some members see it as the benefit of Monero as identities of the hackers’ transactions are protected. However, others see the incident as damaging to the overall reputation of cryptocurrencies.

Ransomware Attacks Target English Football League, Data Withheld for $3.8 Million Bitcoin

The UK National Cyber Security Centre (NCSC) has issued a warning saying that football teams are at increased risk of phishing campaigns and ransomware attacks. On July 23, the agency published a 28-page report titled (The Cyber Threat to Sports Organizations) stating that ransomware is a significant threat for sports organizations.

The National Cyber Security Centre is a UK government institution that offers support and advice for the private and public sectors on how to avoid computer security threats. The institution is based in London and started its operations in 2016.

Football Teams Have Become Perfect Targets

According to the NCSC’s report, the English Football League (EFL) club has recently become a victim of cyber-attack. The hackers encrypted all security and corporate systems of the club and demanded a ransom of 400 Bitcoins value of $3.8 million in order to release the decryption key.

Since the owners of the club refused to pay the stated amount, the hackers took revenge to further encrypt the club’s end-user devices.

It is not clear what kind of attack vector used. However, the NCSC said that the initial infection was a result of either a phishing email or accessing the club’s CCTV system remotely and installing ransomware on the system.

Since all systems at the stadium were connected to one network, the infection of the attack spread quickly. It is estimated that the club lost several hundred thousand British pounds. Many servers were also affected, thus leaving the club unable to use their corporate email.

The stadium’s turnstiles and CCTV were non-operational, an incident that nearly resulted in a cancellation and postponement of fixtures.

Paul Chichester, NCSC director of operations, stated that football clubs might not view cybercrimes as a significant threat. But it remains a serious issue for the UK’s broader cybersecurity goals.

As per the report, football clubs are on a target and, therefore, they have to take this issue seriously. The report further mentioned that hackers recently attacked a prominent Premier League club. The hackers used fake emails to steal over one million pounds before someone at the club, detecting suspicious transactions, and taking action.

Hackers are casting a wider net in hopes of infecting as many individual machines as possible. According to NCSC’s warning, over 70% of UK sports organizations have experienced cybersecurity breaches in 2020. The watchdog, therefore, recommends that football clubs must allocate resources, money, and part of their time towards protecting their data to prevent such hacks.

Fears of More Hostage Situations

Sports organizations are some of the major institutions known as financially profitable and thus are becoming valuable targets for ransomware attacks. Attacks begin with an innocent email. When someone clicks the link the email, hackers quickly take over. It works like that. Computers at organizations are locked, and the only way for workers to get back their system is to pay the attackers thousands of dollars’ worth of Bitcoin.

There is no guarantee that hackers won’t do it again. Besides hospitals, local government offices, and schools, many attacks have targeted sports organizations this year. To make the matter worse, several organizations choose not to report such incidents as they want to avoid news coverage and resorting to sending payouts to attackers.

Australian Female Hacker Sentenced to 2 Years of Prison for $400K Ripple (XRP) Crypto Heist

Australia recorded one of its first cases of cryptocurrency theft charges recently.

First Australian to Be Charged with Crypto Theft

Australian 25-year-old Kathryn Nguyen has been arrested and sentenced to a maximum of 2 years and 3 months in prison for stealing more than 100,000 Ripple (XRP) tokens in January 2018. Along with an accomplice, Nguyen hacked a 56-year-old man’s cryptocurrency account, managing to swap the two-factor authentication of the victim onto her phone.

To store the large sum of stolen crypto, she then proceeded to transfer the assets to an overseas Chinese exchange, and traded XRP for Bitcoin. The stolen cryptocurrency was also shuffled into different digital wallets to cover the act. Nguyen and her accomplice carried out the digital heist at a time where XRP crypto was booming, and Ripple coins were worth $4 each. This translated to $400,000 in XRP for the Australian native, a hefty cryptocurrency sum.

Judge Empathizes with Hacker’s Case

To carry out the arrest, Australian law enforcers raided Nguyen’s home and seized computers, phones and money. When overlooking the case, judge Chris Craigie found it difficult to condemn the female and send her to prison for cryptocurrency fraud. According to News Corp, Craigie said that it was “a difficult and troubling decision to send Nguyen in prison and that her references reflected a generous and hardworking personality,” adding that she appeared to have acted out of character while engaging in crypto theft. It may seem as if the judge empathizes with the crypto offender’s case.

Nguyen’s parole hearing is set for October 2021. Since the cryptocurrency theft in 2018, Ripple’s pricing on the market has dropped, making the value of stolen XRP worth approximately $30,000 at the time of writing.

Cybercrime Is Relatively New in Australia

When speaking about the case to Information Age, Detective Superintendent of NSW Cybercrime Matthew Craft addressed the issue and said:

“The problem we have nationally – not just in New South Wales – is that the reporting for cyber related crimes is very low.”

Officials have had a hard time categorizing and dealing with cybercrime cases with regulatory actions, as digital theft transcends borders. Detective Craft stated that when cyber hackers are located overseas, there is “not much law enforcement can do,” as it is out of their jurisdiction.

Though cybercrime is still relatively new in Australia, the country’s Federal Government has recently flagged ongoing cyber-attack cases affecting Australian institutions in June. Australia Federal Government officials believe that China may be the culprit behind these cyber-attacks.

In response to these allegations, Chinese government has vehemently denied all claims of being involved in cyberattacks worldwide.

Jack Daniel’s Parent Company Brown-Forman Targeted for Ransomware by Notorious REvil

Brown-Forman, Jack Daniel’s parent company and a giant powerhouse in the alcoholic industry, recently suffered a ransomware data breach originating from REvil.

REvil ransomware gang strikes again

One of the largest American-owned spirits and wine companies in the world and the official mother company of Jack Daniel’s whiskey, Brown-Forman disclosed that they had suffered from a cyber-attack in which some sensitive information, including but not restricted to employee data, had been stolen.

An anonymous message was sent to Bloomberg to confirm the privacy branch and the compromising of Brown-Forman’s internal servers. Speaking about the ransomware attack, Brown-Forman said that they had everything under control and that they were working with law enforcement to resolve the issue. The company also added, “There are no active negotiations.”

Who is REvil?

This is definitely not the first rodeo for REvil ransomware group. The cybercrime operation, also known under the pseudonym Sodinokibi, rose to fame in the digital world with their criminal activities. It first made its appearance in early 2019, and the file blocking virus, which was closely monitored by cybersecurity giant McAfee, released by the cybercriminals would enable REvil hackers to seize private information.

Often, they would demand payment from the targeted company. In exchange for unlocking the files and delivering the sensitive data safely back to its owner, REvil ransomware group would demand a hefty cryptocurrency sum. Should the victimized company fail to comply with their demands, REvil hackers would then threaten to release the stolen confidential files on websites and on the internet, for all to see and use to their own advantage.

Come and get it – REvil claims to have stolen data

Though Brown-Forman denied that there were any active negotiations currently set in motion, hackers have allegedly backed their ransom demands by stating that they possessed 1 terabyte of confidential data. Revil ransomware gang threatened to share the sensitive information and affirmed that the company-sensitive secrets would be available for all to see if ransom was not delivered.

Sodinokibi group also shared screenshots of sensitives file names to back their claims. The ransomware group has been notorious for previously hitting big names such as Mariah Carey, rap star Nicki Minaj, and NBA superstar Lebron James to attain their ransom objectives. Revil also possesses a dedicated website for leaks to post and auction off stolen data.

Blockchain against cybercrime

With cybercrime on the rise and hackers capitalizing on COVID-19 to conduct their illicit activities online, numerous Asian countries have been reported to have increased the adoption of blockchain for security purposes. Schools, companies, and traditional institutions have all been victims of hackers’ deviant behavior at some time or another. With blockchain adoption, Asian entities hope that their institutions would be better equipped to battle scams.

Advocating for blockchain technology for global digital advancement is the Senior Manager of PwC Consulting, Tomohiro Maruyama. The PwC manager said when speaking with Nikkei Asian Review:

“Internet piracy has posed a major challenge for companies as they look to digitize operations. Blockchain emerged as a solution for fighting digital counterfeits, pushing businesses to adopt the technology.”

Maruyama thinks that when COVID-19 finally passes, the world will change on a global scale, with more companies converting to blockchain technology and integrating it into their business for its numerous benefits.

US Files Lawsuit to Recover Cryptocurrency Accounts Linked to North Korean Hacking Operation

The US Department of Justice has filed a suit against North Korean state-sponsored cyber hackers for allegedly perpetrating two major cryptocurrency heists.

Crypto exchanges suffer North Korean cyber attack

The complaint, filed on Thursday, outlined two hacks that were allegedly conducted by state-sponsored North Korean cybercriminals, and that targeted two cryptocurrency exchanges hit last year. Proton Tokens (PTT), PlayGame tokens (PXG), and IHT Real Estate Protocol tokens were stolen from the first virtual exchange. In order to launder the digital assets, cyber hackers washed out the tokens through Chinese over-the-counter brokers.

The altcoin assets were converted into Bitcoin (BTC), Tether (USDT), and other cryptocurrencies to cover the North Korean cyber criminals’ tracks. The total amount of altcoins and tokens stolen were reported to be equivalent to $272,000.

A similar case was reported by US investigators a few months after the occurrence of the first crypto heist. This time, a US crypto exchange was hacked and $2.5 million in cryptocurrencies were stolen. Once again, US law enforcement said that North Korean operators laundered the virtual funds through Chinese traders that they had coordinated with for previous heists.

Despite the crypto laundering techniques that were employed by North Korean cyber hackers, law enforcement and cybersecurity were able to trace the funds, thanks to blockchain analysis. The stolen cryptocurrency assets were allegedly funneled into 280 cryptocurrency accounts.

In relation to the civil forfeiture complaint filed by US Justice Department, FBI Special Agent Emmerson Buie Jr. spoke up regarding cybersecurity and North Korea’s alleged involvement in cyberattacks. He said:

“Today’s complaint demonstrates that North Korean actors cannot hide their crimes within the anonymity of the internet. International cryptocurrency laundering schemes undermine the integrity of our financial systems at a global level, and we will use every tool in our arsenal to investigate and disrupt these crimes.”

US investigates North Korean cyber operations

In order to tighten cybersecurity and annihilate any national security threat, the US has been actively monitoring North Korean tactics. In a recent tactical report released in July, the US Army had revealed that North Korea currently had more than 6,000 hackers operating under their umbrella. These government-sponsored hackers were dispersed throughout the world and were rumored to be at the basis of illicit cyber hacks.

There is substantial evidence that indicates that the Democratic People’s Republic of Korea (DPRK) may be heavily involved in cybercriminal operations, and US officials have clearly expressed their desire to safeguard national security by tightening cybersecurity ropes.

In the past, two Chinese nationals, Tian YinYin and Li Jiadong, had been sanctioned by the US government for their involvement in laundering over $100 million worth of Bitcoin cryptocurrency funds from a 2018 cyberattack perpetrated by North Korean hackers against a crypto exchange. The two men were identified for their connection to the notorious North Korean state-sponsored cybercriminal ring, Lazarus Group.

Hackers Hungry for Bitcoin and Ether Target Indian Prime Minister Narendra Modi

Bitcoin and cryptocurrency hackers seized the social media account of Indian Prime Minister Narendra Modi today, in an effort to secure Bitcoin and Ether funds.

Hungry for BTC and ETH

According to a report by the local news outlet India Today, the Twitter account of Narendra Modi was compromised and Bitcoin hackers posted four consecutive messages on the verified platform, demanding cryptocurrency funds to whoever was willing to donate to the Prime Minister’s National Relief Fund. One Twitter message read:

“I appeal to you all to donate generously to PM National Relief Fund for Covid-19, Now India begins with crypto currency, Kindly Donate Bitcoin.”

In another message following that post, the hackers demanded Ether (ETH) and linked a Bitcoin (BTC) and an Ethereum wallet address.

The cryptocurrency scam messages have since then been taken down. After further investigations, it appears that the hack originated from hackers operating under the alias of “John Wick.” The cybercriminal group rectified that they had not hacked “Paytm Mall,” an e-commerce company that was hit last week by a ransomware group operating under the same alias.

Despite the security breach of Indian Prime Minister Modi’s social media account, no cryptocurrency was funneled into the digital hot wallets, and the situation seems to have been handled efficiently.

Bitcoin Heist Hosted by Minors

The Twitter hack is not unlike the infamous Bitcoin scam that erupted on the social media platform in July, which froze the verified accounts of numerous coin exchanges, politicians, and tech figures, such as Elon Musk, Bill Gates, Joe Biden, Gemini, to name a few.

The incident was said to have been masterminded by four hackers, two of which were 16 and 17-year-olds, much to the dismay of law enforcers. The hack was reported to be one of the biggest ones that Twitter had suffered in all of its history, with at least 130 social accounts being compromised. The massive security breach resulted in more than $100,000 worth of BTC being funneled into the scammers’ pockets.

As a result of the massive hack, Twitter had received a lot of backlash in July. The social media company underwent a drop in stock shares, plummeting by more than 4% and losing $1.3 billion in market value.

Hackers Demand $1 Million in Bitcoin Ransom After Hacking Computer Systems of Insurance Firm

A hacker group known as ‘the Black Shadow’ demands Shirbit insurance company to pay a ransom of 50 Bitcoins worth $961,110 to their BTC wallet within 24 hours. The hacker group attacked the leading insurance company Shirbit Insurance in Israel on December 1.

The group has said that if the insurance firm sends the funds within the stipulated time, then they would not publicly disclose any data of the company and would not sell it to anyone. As per the media outlets, the malicious actors have already published huge collections of files that contain the private information of the company’s employees and customers.

The hackers have warned that if the insurance firm fails to send the money within 24 hours, then the ransom demand would increase to 100 Bitcoins worth $1,922,220. Moreover, the hacker group mentioned that if another 24 hours pass, then the demand would increase to 200 Bitcoins worth $3,847,680. The hackers warned: “After that we will sell the data to the others.” They further said that they would leak some more data at the end of every 24 hours. Shortly after the hackers published the message for the ransom demand, they further published more files, including ID cards and faxes.

On Dec. 1, the Israeli National Cyber Directorate and the Capital Markets, Insurance and Savings Authority jointly stated that they were collaborating with Shirbit to conduct investigations of the suspected attack and said that an initial probe identified that the hackers have leaked insurance details of the company.

Shirbit is known to have several government employees among its clientele, including Gilad Noitel, the President of the Tel Aviv District Court. In a Telegram message, the hackers said that they had other targets that they would reveal later and further stated that they carried out the ransomware attack in order to make money, without disclosing more details.

Zvi Leibushor, the CEO of Shirbit Insurance made comments in response to the incident. He said: “Shirbit is investing all resources and efforts needed for an effective, safe and rapid solution to the cyberattack, whose real goal is to try to harm the Israeli economy.”

According to MonsterCloud cybersecurity services company, the attack facing Shirbit comes at a time when cases of ransomware attacks against insurance firms have increased with many insurance companies in the United States suffered such attacks in the previous week.

The hackers in the US are reported to have requested between $100,000 to millions of dollars in ransom. Zohar Pinhasi, MonsterCloud CEO, said: “This is a new trend in the US. This type of attack is caused due to a lack of cybersecurity knowledge. It seems insurance companies have a long and turbulent road ahead.” However, Pinhasi said that it is unclear whether the same hackers are behind the cyber-attacks in the United States, saying that hacker groups normally change their names frequently so that to protect themselves.

While a growing number of institutions and businesses have become victims of ransomware attacks, hackers normally love cryptocurrency and demand payments to be made in crypto assets before releasing ‘hostage’ computers under their control. The anonymity associated with such digital assets is the reason why hackers choose them as their preferred means of transaction.