ransom - Pwim.Net

US Law Firms Had Data Stolen and Encrypted by Hackers Demanding Crypto Ransoms

There has been a recent report of an online breach in five United States law firms as it has been compromised by hackers demanding two 100 Bitcoins (over $933,000 at the time of this report) from each firm. The ransom demanded by the hackers was expected to be paid in parts, one to allow access to the data and another to delete the hackers’ copy of the data instead of selling it.

From the information coming from cybersecurity firm Emsisoft, Maze, the hacker group had already begun to execute their threat as they had started publishing some of the data they had stolen from the firms in parts. Two of the five firms had already been hacked on Feb.1.

The articles containing the stolen data had already been published on two sites, which remain undisclosed to protect the firms involved. Maze group has said that they would continue to reveal the stolen data as proof in increasing order of sensitivity with time until a response has been made from the firms before the leaks would stop.

Callow had said that the group had gone ahead to make the published data in Russian hacker forums with a note saying that the information should be used in any nefarious ways that they want. As a result of this, he believes that more data will be released with time unless the hacked firms pay. He also explained, “It seems highly unlikely that a criminal enterprise would delete what it may be able to monetize at a later date.”

Callow went further in his explanation to state that not only had the ransomware group been responsible for just encrypting data in the past, they had also been stealing them while exploiting their victims in the process.

Image via Shutterstock

New Zealand Police Issues Warning Against “Nasty” Sextortion Blackmail Porn Scam Demanding Bitcoin Ransom

New Zealand police are warning about a new porn blackmail scam that is targeting residents who watch adult content videos in the country. The scam, which threatens to expose porn activities unless a Bitcoin ransom is paid, is moving and doing round. The fraudsters blackmail victims through their emails and threaten to expose their porn-viewing proclivities to the world if they do not pay up.

Senior Detective Sergeant Callum McNeill said that this is not the first time New Zealand residents have experienced such email extortion scams. He stated that such fraudulent activities have been steadily on the rise since 2018 in the country.

Scammers Prey on Victims

Waitemata police, (in Auckland, New Zealand), are investigating recent reports of the illegal extortion activities demanding victims to pay a ransom in Bitcoin. The police outline that the the fraudsters operate by sending an email to victims informing them that their computer system has been hacked, and a video has been taken through their webcam (screenshots) showing that they have been looking at pornographic sites. Then the fraudsters threaten to send the pornographic videos to friends and family of the victims unless they are paid NZ$1900 (US$1,150) in Bitcoin.

Police stated that the crypto blackmailers also claim to know victims’ passwords. In some cases, the scammers disclose passwords that victims have used in the past, which they have obtained through leaked online data hacks on the dark web through compromised credentials.

Police have advised residents who have received such ‘sextortion’ emails demanding a Bitcoin ransom to simply delete them. McNeill urged residents to regularly change passwords as frequent as possible, and it is especially vital to change the password if it has been listed by a fraudster in an email.

McNeil said: “We ask anyone who believes they are a victim of this scam and has transferred money to contact police by phoning 105.”

Beware of Crypto Scams

Cybercriminals continue to affect the crypto market adversely. Crypto scammers disguise themselves as trustworthy companies or third parties to trick victims into giving away sensitive information, which could be used to gain access to their accounts and devices to steal their money. It is vital for general consumers to be very cautious and practice good habits to avoid falling victim to such scams. As Bitcoin becomes more popular and attracts mainstream users, fraudsters are preying on new and resorting to tricks like imitation websites and phishing emails to steal consumers’ funds.

Image via Shutterstock

Norwegian Police Arrest Millionaire For Wife's Murder After Two-Year Goose Chase for Kidnappers Demanding $10M Monero Ransom

In October 2018, a Norwegian millionaire named Tom Hagen reported that his wife had been kidnapped and presented a ransom note to police that demanded $10 million worth of the privacy-centric cryptocurrency Monero.

According an article published by Reuters, Hagen was arrested on April 28 on the suspicion of murdering his own wife, Anne-Elisabeth Hagen, although his lawyer has denied the allegations.

Although Hagen has not officially been charged with any crime, Police Legal Counsel Aase Kjustad Eriksson was quoted in the report saying that police now have “reason to suspect Tom Hagen of murder or conspiracy for murder.”

But what about the $10 million Monero ransom?

According to Police Inspector Tommy Broeske, “There was no kidnapping, no real negotiating counterpart or real negotiations.” Inspector Broeske said there appears to be substantial evidence that the investigation has been intentionally misled.

Hagen’s wife, Anne-Elisabeth, was reported missing from their Oslo home in late October last year. While Hagen is considered to be one of the richest people in Norway, with a value of over $150 million, it is unknown how much Bitcoin or other crytptocurrency he may hold.

Hagen’s lawyer Svein Holden denied the allegations and said that, “He (Hagen) strongly maintains that he has nothing to do with this.”

Under Norwegian law, people may be held under suspicion of a crime prior to any formal arrest being made. Hagen will appear in court on April 29.

Why Did the University of California San Francisco Pay Hackers $1.4 Million in Bitcoin?

The University of California, San Francisco (UCSF), has recently paid criminal hackers $1.14 million to resolve a ransomware attack. The university reportedly paid the amount in 116.4 Bitcoins worth over $1 million.

The Netwalker ransomware gang is believed to be responsible for the attack. Initially, the group demanded a $3 million ransom, but the UCSF had offered them to accept a sum of $780,000. Eventually, after the negotiations were completed, the university paid out $1,140,895 in Bitcoins.

The university was left with ‘no good options’

The cyber hackers launched malware that affected “a limited number of servers” within the medical school at the University of California, thus making data temporarily inaccessible. While researchers at the University of California, medicine school are among those leading COVID-19 related antibody testing, the attack did not impede their coronavirus work, the university said. The institution revealed that it is working with a team of cybersecurity experts to restore the affected servers “soon.”

The university stated that the encrypted data was vital to some of the academic work that the institution purses in serving the broader public interest. As per the report, the university stated that “We, therefore, made the difficult decision to pay some portion of the ransom.”

The mysterious cyberattack was detected recently as June 1, and the university stated that the malicious actors were stopped during the attack. The hackers used malicious malware (software) known as Netwalker to access and gain control of the university’s data. The incident promoted the UCSF medical staff officials to engage in ransomware negotiations that eventually followed with payment.

In exchange, the UCSF said it obtained copies of the stolen documents as well as a key to restoring access to the files. The university, however, refused to say what was in the files, which was worth more than $1 million. It did not believe that medical records were exposed. The incident also did not affect Covid-19 work or patient care delivery operations.

The university stated that it continues working together with law enforcement authorities to investigate the matter. Earlier this month, Netwalker also attacked Michigan State University, but the university declined to pay a ransom.

Why are crypto exchanges and major institutions hacked so often?

Cyber hackers have stolen hundreds of millions of dollars worth of cryptocurrencies in recent years. This problem is unlikely to go away anytime soon, and fear about security has hit crypto prices this year. Hackers are expected to continue targeting crypto exchanges and big institutions. The rewards are high, as crypto exchanges and big organizations own huge amounts of money, but they have not yet implemented proper security.

US Travel Firm CWT Paid $4.5 Million in Bitcoin to Get Computer System Back from Hackers

US travel management company CWT paid $4.5 million in Bitcoin to hackers who stole sensitive corporate files. CWT has a global clientele and is the fifth-largest US travel company. The firm boasts an estimate of $1.5 billion in annual revenue and claims that it represents more than a third of companies on the S&P 500 US stock index.

The Firm Had No Other Choice

According to the Reuters report, the hackers hijacked CWT’s computer system, stole sensitive corporate files, and knocked computers offline as they were demanding a ransom to be paid. The attackers used ransomware identified as Ragnar Locker that encrypts and renders computer files unusable until the corporate victims pay for access to be restored.

The company confirmed the attack but refused to comment on the details regarding what it stated was an ongoing investigation. The firm said that it temporarily shut down its IT system as a precautionary measure after suffering a cyber-security breach on July 27.

In their ransomware note left on infected CWT computers, the hackers said to have stolen two terabytes of files, including security documents, financial reports, and employees’ personal data like salary information and email addresses.

However, hackers allegedly exaggerated that they infected 30,000 computers. The company said that no traveler and customer information has been compromised.

The ensuing ransom negotiations between a CWT representative and the hackers remained publicly accessible in an online chat group, thus providing some insight into the uneasy relationship between cybercriminals and their corporate victims.

The hackers initially demanded $10 million to be paid to restore the company’s files and delete all the stolen data.

The CWT representative engaged in the negotiations said they were acting on behalf of the company’s chief financial officer. The representative mentioned that the firm had been adversely affected by the coronavirus outbreak and agreed to pay $4.5 million in Bitcoin. Cryptocurrency transactions on the Public Ledger indicate that an online wallet controlled by the hackers obtained the requested payment of 414 Bitcoin on 28th July.

Rampant Ransomware Attacks

Ransomware attacks are on the rise and indicate no sign of slowing down. Despite the increased attention given to public headlines against cybercriminals, ransomware attacks have become a serious and consistent threat to businesses and private firms. Such attacks are known to cost billions of dollars every year, either in recovery costs or extorted payments.

Cybersecurity experts advise the general public to keep their data back-ups secure and to stop paying ransoms as this encourages further criminal attacks without a guarantee that the encrypted files would be restored.

Member of Dark Overlord Crypto Hacking Group Pleads Guilty to Ransom Attacks

UK national Nathan Wyatt was found guilty of multiple charges this week after extracting personal information from victims, demanding payment in Bitcoin as a ransom to prevent Wyatt from exploiting sensitive data obtained by illicit means.

Wyatt, a member of the notorious Bitcoin ransom group “The Dark Overlord”, was found guilty of multiple charges this week in the U.S and faces a five-year prison sentence and a $1.5 million fine according to reports.

The U.S Department of Justice sentenced Wyatt following a string of hacks and ransom attacks on high profile businesses and individuals. Among the targets of these attacks was streaming platform Netflix, which was threatened in 2017 with two failed extortion attempts resulting in the leak of season five of the hit show “Orange Is The New Black” unless they met the demands of the group by handing over a substantial sum in Bitcoin.

Among the information obtained by The Dark Overlord was stolen medical records, client files, and personal information from several U.S companies, with ransom demands ranging between $75,000 and $300,000 worth of Bitcoin forming the basis for much of the investigation.

Wyatt achieved this by contacting executives at victim companies and informing them that their data had been compromised. The report also alleged that Wyatt had sent threatening messages to family members of company executives to further persuade the victims to pay.

Wyatt was identified as a member of The Dark Overlord group when records of phone numbers registered in his name were found, linking Wyatt to his victims. In 2017 Wyatt was arrested in the U.K, where he would later be extradited to the U.S in 2019 where he faced several charges.

This week Wyatt pleaded guilty before a U.S Federal court to six counts, including conspiring to commit aggravated identity theft to computer fraud.

The cost of ransomware attacks is at an all-time high, with cryptocurrency often being the preferred vessel for laundering tainted funds through reputable exchanges. This presents an interesting and pressing new paradigm for the security of blockchain-based applications, with privacy coins such as Monero entering the conversation.

US Seizes $500K in Crypto Paid as Ransom to North Korean Hackers

The U.S. Justice Department has revealed seizing crypto funds worth $500,000, which were paid as a ransom to North Korean hackers. The seizure was conducted after the FBI filed a warrant in May this year.

The seized funds were paid as a ransom by health care providers in Colorado and Kansas.

Lisa Monaco, the deputy attorney general, stated:

“Thanks to rapid reporting and cooperation from a victim, the FBI, and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui.’”

Monaco added:

“Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain.”

Based on court documents, North Korean hackers used Maui to wreak havoc by encrypting servers and files of a medical centre in Kansas, which later paid a ransom of approximately $100K in Bitcoin (BTC) to regain access.

In April 2022, the FBI was able to track a Bitcoin payment worth $120K to one of the seized crypto accounts based on the cooperation of the Kansas medical centre.

The recovered funds are expected to be returned to the victims. Matthew Olsen, an assistant attorney general, acknowledged:

“Reporting cyber incidents to law enforcement and cooperating with investigations not only protects the United States, but is also good business. The reimbursement to these victims of the ransom shows why it pays to work with law enforcement.”

Meanwhile, a recent Chainalysis report revealed that the rising usage of crypto mixers was drawing public attention, with illicit activities like scams, ransomware, terrorism financing, and the darknet market taking the lion’s share.

The blockchain analytic firm noted:

“The increase in illicit cryptocurrency moving to mixers is more interesting, though. Illicit addresses account for 23% of funds sent to mixers so far in 2022, up from 12% in 2021.”

Mixers offer enhanced privacy in crypto transactions, and they can be abused by cybercriminals and hackers when hiding the origin of the funds.

Unknown Sources Target Crypto Investors with Malicious Computer Programs

Software specifically developed to remove malicious software Malwarebytes found two new varieties of malicious computer programs that are targeting bitcoin investors in desktop settings in an aggressive manner. These malware are of the spyware and adware kind. Malwarebytes was able to uncover these malicious programs, which are being distributed by unknown sources.

The findings of the threat intelligence research team at Cisco Talos indicate that the two malicious files in question, the MortalKombat ransomware and the Laplas Clipper malware threats, have been actively scouring the Internet since December 2022 in search of unsuspecting investors to rob of their cryptocurrency holdings. The threats in question are the MortalKombat ransomware and the Laplas Clipper malware threats. As can be seen in the table that follows, the majority of individuals whose lives have been altered as a result of this campaign reside in the United States of America. On the other hand, a much lower number of persons in the United Kingdom, Turkey, and the Philippines have been impacted.

The malicious programs work together to steal information from the user’s clipboard, which is often a string of letters and numbers that the user has copied and pasted onto their clipboard. There is a risk that the malicious program will steal this information. After that point, the virus will check the clipboard for any wallet addresses that have been pasted into it, and it will replace those addresses with a whole new one.

The success of the attack is dependent on the user not paying close enough attention to the sender’s wallet address, which in turn enables the bitcoin to be sent to an unidentified adversary. Because of this, the attacker may conceal their identity. The attack is aimed against a diverse assortment of targets, including individuals, little organizations, and big ones.