Windows TCO Leftovers
-
Cybergeeks ☛ A technical analysis of the BackMyData ransomware used to attack hospitals in Romania
The files are encrypted using the AES256 algorithm, with the AES key being encrypted using the public RSA key decrypted from the configuration. The malware appends 6 custom bytes at the end of every encrypted file. In the end, the ransomware drops two ransom notes called “info.txt” and “info.hta” that contain information about how to contact the threat actor.
-
NL Times ☛ Two people arrested after takedown of Lockbit
At least two people have been arrested in a major international police operation against a gang that took computer systems hostage with the malicious software LockBit. The arrests happened in Poland and Ukraine. A total of 34 cyber criminals' servers have been taken down in the Netherlands, the United States, Germany, Great Britain, France, Finland, Switzerland and Australia.
-
Krebs On Security ☛ Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – Krebs on Security
U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn’t pay, LockBit’s victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates.
-
The Register UK ☛ Police turn LockBit ops site against them
After the infosec world was invigorated by the announcement of LockBit's site being seized yesterday, the authorities involved in the takedown operation – dubbed Operation Cronos – have now completely taken over the extortionists' dark-web leak site and turned it into an exposé hub.
The site retains the same general format it did when it displayed all of the group's victims, but instead of children's hospitals, schools, and charities, each post now leads to new revelations about the case with more to come.
-
Cyble Inc ☛ Department Of Justice Takes Down LockBit, Arrests Members
LockBit recognized as one of the world’s most active ransomware groups, has inflicted widespread damage by targeting over 2,000 victims and extorting more than US$120 million in ransom payments. This nefarious group has caused immense financial losses and operational disruptions to businesses and organizations worldwide.
-
Cyble Inc ☛ Cactus Ransomware Claims Schneider Electric Data Breach
In a concerning development, Schneider Electric’s Sustainability Business Division has fallen victim to a data breach, raising alarms about the security of sensitive information within the company’s ecosystem.
While officials have confirmed the Schneider Electric data breach, details remain murky as the ransomware group responsible for the cyberattack has not been officially named.
-
Cyble Inc ☛ UK University Cyberattack: Anonymous Sudan Claim DDoS Attacks
Anonymous Sudan has been linked to a series of alleged Distributed Denial of Service (DDoS) attacks on prominent UK universities, including the University of Cambridge and the University of Manchester.
The group, believed to be utilizing the Skynet botnet, recently upgraded its capabilities. In a post attributed to the threat actor, Anonymous Sudan cited reasons for the attack, including the UK’s perceived support for Israel and involvement in conflicts such as the Gaza and bombing campaigns in Yemen.
-
Security Week ☛ Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers
Approximately 68,000 other Exchange instances are considered ‘possibly’ vulnerable, meaning that they have mitigations installed, which brings the total of potentially exploitable servers to roughly 97,000, Shadowserver says.
The vulnerability, tracked as CVE-2024-21410 (CVSS score of 9.8), is a privilege escalation flaw leading to pass-the-hash attacks, allowing an attacker to relay a user’s Net-NTLMv2 hash against a vulnerable server and authenticate as that user.
-
Security Week ☛ Cactus Ransomware Group Confirms Hacking Schneider Electric
The Cactus ransomware gang has claimed responsibility for the cyberattack that French industrial giant Schneider Electric disclosed at the end of January.