Tag: World market onion

Kaseya denies ransomware payment because it hails ‘100% effective’decryption tool

Kaseya has denied rumors that it paid a ransom to the REvil cybercrime gang as it continues to roll out a decryptor world market onion to victims of a recently available ransomware attack.

The program supply chain attack, which began on July 2, is believed to have affected up to 1,500 organizations via the hack of IT management platform Kaseya VSA.

Kaseya revealed on July 22 that it had obtained a decryption tool from a “third party” and was working to restore the environments of impacted organizations with the aid of anti-malware experts Emsisoft.

Speculation

The update sparked speculation regarding identity of the unnamed alternative party, with Allan Liska of Recorded Future’s CSIRT team positing a disgruntled REvil affiliate, the Russian government, or that Kaseya themselves had paid the ransom.

The theory that the universal decryptor key became available as a result of police action was strengthened on July 13 once the dark web domains connected with REvil abruptly went offline.

However, some experts also said it had been likely that this is a prelude to REvil, whose other notable scalps include Travelex and meat supplier JBS, rebranding itself in a bid to dodge law enforcement.

Non-disclosure agreement

The cybercrime outfit was believed to own initially demanded a payment of $70 million from Kaseya, before lowering the price tag to $50 million.

Kaseya, that has reportedly granted organizations usage of the decryptor contingent on signing a non-disclosure agreement, addressed rumors that it had paid a ransom in a statement yesterday (July 26):

Recent reports have suggested our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could possibly be further from our goal. While each company must make a unique decision on whether to pay for the ransom, Kaseya decided after consultation with experts not to negotiate with the criminals who perpetrated this attack and we’ve not wavered from that commitment. As a result, we’re confirming in no uncertain terms that Kaseya didn’t pay a ransom – either directly or indirectly through an alternative party – to obtain the decryptor.

Kaseya stated that “the decryption tool has proven 100% capable of decrypting files that have been fully encrypted in the attack&rdquo ;.

It added: “We continue to provide the decryptor to customers that request it, and we encourage all our customers whose data might have been encrypted during the attack to reach out to your contacts at Kaseya&rdquo ;.

More zero-days

A week ago, meanwhile, security researchers from the corporation that unearthed the zero-day Kaseya vulnerabilities exploited by REvil disclosed a trio of additional zero-day flaws in another Kaseya product.

The Dutch Institute for Vulnerability Disclosure (DIVD) advised users of cloud-based Kaseya Unitrends, which can be acquired being an add-on for Kaseya VSA, not to expose the service to the internet until a patch was released.

Also a week ago, Huntress Labs released a article speculating on why the compromise of 60 upstream, managed company customers via a fake software update hadn’t had even more calamitous consequences.

Dismissing the idea that Kaseya’s system shutdown was the principal reason, security researcher John Hammond pondered, among other potential reasons, whether threat actors had learned “from previous incidents (like Colonial Pipeline) that a much larger impact might invite government intervention?”

US authorities are offering $10 million for world market darknet home elevators nation-state cyber-attacks

US authorities are offering around $10 million in cryptocurrency for information ultimately causing the identification of state-sponsored cyber-attackers.

Beneath the scheme, which takes place beneath the Department of State’s Rewards for Justice (RFJ) program, payouts will be awarded for the identity or location of anybody who, “while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).

A press release states that violations include threats made during ransomware attacks, unauthorized access to a protected computer with intention to steal sensitive data, and intentionally causing damage without authorization to a protected computer.

This program has set up a reporting channel accessible on the dark web to simply help protect the safety and security of potential sources.

“Reward payments may include payments in cryptocurrency,” said the Department of State.

Extra information on the best way to access the Tor-based reporting channel is found in the release.

In the pipeline

The offer of an incentive comes while the US continues to experience cyber-attacks against critical infrastructure that have caused chaos across the nation.

In May this season, a ransomware attack on gas supplier Colonial Pipeline stop services to multiple states on the east coast.

Attackers leveraging DarkSide malware demanded $4.3 million in bitcoin – a sum that has been reportedly paid out by the company.

Security professionals previously told The Daily Swig that in paying ransoms, organizations risk perpetuating a “feedback loop of malicious activity” that “allows the groups to reach a greater amount of sophistication during their next attacks, whether that be via training, new tooling, purchasing credentials, or recruitment.

The Feds Seized $1 Billion in Stolen Silk Road Bitcoins

A hacker identified only as Individual X have been sitting on a cryptocurrency gold mine for seven years prior to the IRS came knocking.More than seven years have passed since Ross Ulbricht was arrested in the science fiction section of a San Francisco library and faced with running the sprawling, dark web drug bazaar called the Silk Road. But once the Feds laid on the job Ulbricht’s laptop that day, they found keys to unlock merely a fraction of the bitcoins he had amassed on the Silk Road’s years of bustling black World Market drug trade. Today the Justice Department finally revealed in which a billion-dollar tranche of the Silk Road’s treasure finished up: stolen by a mysterious hacker, and now seized by the US Treasury.

The Feds Seized $1 Billion in Stolen Silk Road Bitcoins

A hacker identified only as Individual X had been sitting on a cryptocurrency gold mine for seven years prior to the IRS came knocking.More than seven years have passed since Ross Ulbricht was arrested in the science fiction portion of a San Francisco library and faced with running the sprawling, dark web drug bazaar called the Silk Road. But once the Feds laid on the job Ulbricht’s laptop that day, they found keys to unlock merely a fraction of the bitcoins that he had amassed on the Silk Road’s years of bustling black world market onion drug trade. Today the Justice Department finally revealed the place where a billion-dollar tranche of the Silk Road’s treasure wound up: stolen by a mystical hacker, and now seized by the US Treasury.