News – October 2021


  • Europol: 12 Targeted For Involvement In Ransomware Attacks Against Critical Infrastructure

    October 29, 2021

    A total of 12 individuals wreaking havoc across the world with ransomware attacks against critical infrastructure have been targeted as the result of a law enforcement and judicial operation involving eight countries. These attacks are believed to have affected over 1 800 victims in 71 countries. These cyber actors are known for specifically targeting large corporations, ...

  • TrickBot malware dev extradited to U.S. faces 60 years in prison

    October 29, 2021

    A Russian national believed to be a member of the TrickBot malware development team has been extradited to the U.S. and is currently facing charges that could get him 60 years in prison. 38-year old Vladimir Dunaev, also known as FFX, was a malware developer that supervised the creation of TrickBot’s browser injection module, the indictment ...

  • Schreiber Foods back to normal after ransomware attack shuts down milk plants

    October 29, 2021

    Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack took down their systems earlier last weekend. The food production giant became the latest critical industry company to be hit with ransomware in recent months as cybercriminals continue to show little fear in attacking a variety of industries. Schreiber ...

  • Suspected REvil Gang Insider Identified

    October 28, 2021

    He lolls around on yachts, wears a luxury watch with a Bitcoin address engraved on its dial, and is suspected of buying it all with money he made as a core member of the REvil ransomware gang. The showy billionaire goes by “Nikolay K.”on social media, and German police are hoping he’ll cruise out of Russia ...

  • Network Scanning Traffic Observed in Public Clouds

    October 28, 2021

    Tracking network scanning activities can help researchers understand which services are being targeted. By monitoring the origins of the scanners, researchers can also identify compromised endpoints. If a host belonging to a known organization suddenly starts to scan a part of the internet, it is a strong indicator that the host is compromised. This blog summarizes ...

  • EU Green Pass-generation keys stolen – sources

    October 27, 2021

    Some of the keys used to generate the European Green Pass have been stolen and distributed on programming networks to create false COVID-19 health certificates, qualified Italian sources said on Wednesday. A series of meetings at the EU level were being held on Wednesday to examine the situation, according to the sources. Read more… Source: ANSA News  

  • Free decryptor released for Atom Silo and LockFile ransomware

    October 27, 2021

    Avast has just released a decryption tool that will help AtomSilo and LockFile ransomware victims recover some of their files for free without having to pay a ransom. Avast released another decryption tool earlier today to help Babuk ransomware victims recover their files for free. As the Czech cybersecurity software firm explained, this decryptor may not be ...

  • Warehouse belonging to Chinese payment terminal manufacturer raided by FBI

    October 27, 2021

    US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware. PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world. It operates around 60 million point-of-sale (PoS) payment ...

  • Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t

    October 27, 2021

    Proofpoint has uncovered a new, “highly active” threat group that is impersonating the Philippine government and businesses to spread Trojan malware. On Wednesday, researchers Selena Larson and Joe Wise said the threat actors, dubbed “Balikbayan Foxes” and tracked as TA2722, are concentrated in the Philippines but are targeting the shipping, logistics, manufacturing, pharmaceutical, business, and energy ...

  • Iran struggles to relaunch petrol stations after cyber attack

    October 27, 2021

    Iran struggled Wednesday to restart its petrol distribution system after it was hit by an unprecedented cyber-attack which security officials said was launched from abroad. The unclaimed attack crippled the country’s system of government-issued electronic cards which motorists use to purchase heavily subsidised fuel. Long queues have formed outside petrol stations, angering motorists in a country already ...

  • FBI: Ranzy Locker ransomware hit at least 30 US companies this year

    October 26, 2021

    The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. “Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021,” the FBI said in a TLP: WHITE flash alert. “The victims include the construction subsector of ...

  • What To Expect in a Ransomware Negotiation

    October 26, 2021

    We all know the risk of a ransomware attack. Headlines of the latest victims might haunt the dreams of chief information security officers (CISOs) and security operations centers (SOCs) due to the multi-extortion models used by modern ransomware groups. We wanted to get a better understanding of what victims go through during the aftermath and recovery ...

  • Money launderers for Russian hacking groups arrested in Ukraine

    October 26, 2021

    The Ukrainian cybercrime police force has arrested members of a group of money launderers and hackers at the request of U.S. intelligence services. In a press release by Ukraine’s SSU, law enforcement says the individuals engaged in large-scale international operations where they laundered tens of millions of USD for various hacking groups. To engage with their “clients,” ...

  • Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

    October 26, 2021

    Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills. Jakub Vavra from the threat operations team of security firm Avast uncovered the campaign, which he dubbed UltimaSMS because one of the first apps he discovered ...

  • Kaspersky APT trends report Q3 2021

    October 26, 2021

    The SolarWinds incident reported last December stood out because of the extreme carefulness of the attackers and the high-profile nature of their victims. The evidence suggests that the threat actor behind the attack, DarkHalo (aka Nobelium), had spent six months inside OrionIT’s networks to perfect their attack. In June, more than six months after DarkHalo had ...