Tag: World market url

Kaseya denies ransomware payment because it hails ‘100% effective’decryption tool

Kaseya has denied rumors so it paid a ransom to the REvil cybercrime gang since it continues to roll out a decryptor to victims of a current ransomware attack.

The program supply chain attack, which began on July 2, is believed to own affected up to 1,500 organizations via the hack of IT management platform Kaseya VSA.

Kaseya revealed on July 22 so it had obtained a decryption tool from a “third party” and was attempting to restore the environments of impacted organizations with assistance from anti-malware experts Emsisoft.

Speculation

The update sparked speculation regarding the identity of the unnamed alternative party, with Allan Liska of Recorded Future’s CSIRT team positing a disgruntled REvil affiliate, the Russian government, or that Kaseya themselves had paid the ransom.

The theory that the universal decryptor key became available because of police force action was strengthened on July 13 once the dark web domains associated with REvil abruptly went offline.

However, some experts also said it was likely that this was a prelude to REvil, whose other notable scalps include Travelex and meat supplier JBS, rebranding itself in a bid to dodge law enforcement.

Non-disclosure agreement

The cybercrime outfit was believed to have initially demanded a payment of $70 million from Kaseya, before lowering the price tag to $50 million.

Kaseya, that has reportedly granted organizations usage of the decryptor contingent on signing a non-disclosure agreement, addressed rumors so it had paid a ransom in a statement yesterday (July 26):

Recent reports have suggested which our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing might be further from our goal. While each company must make its own decision on whether to pay for the ransom, Kaseya decided after consultation with experts not to negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment. As a result, we are confirming in no uncertain terms that Kaseya didn’t pay a ransom – either directly or world market darknet indirectly through an alternative party – to acquire the decryptor.

Kaseya stated that “the decryption tool has proven 100% effective at decrypting files which were fully encrypted in the attack&rdquo ;.

It added: “We continue to supply the decryptor to customers that request it, and we encourage all our customers whose data may have been encrypted through the attack to touch base to your contacts at Kaseya&rdquo ;.

More zero-days

The other day, meanwhile, security researchers from the organization that unearthed the zero-day Kaseya vulnerabilities exploited by REvil disclosed a trio of additional zero-day flaws in another Kaseya product.

The Dutch Institute for Vulnerability Disclosure (DIVD) advised users of cloud-based Kaseya Unitrends, which is available being an add-on for Kaseya VSA, to not expose the service to the web until a patch was released.

Also a week ago, Huntress Labs released a post speculating on why the compromise of 60 upstream, managed service provider customers with a fake software update hadn’t had a lot more calamitous consequences.

Dismissing the idea that Kaseya’s system shutdown was the principal reason, security researcher John Hammond pondered, among other potential reasons, whether threat actors had learned “from previous incidents (like Colonial Pipeline) that a much larger impact might invite government intervention?”

Deer.io takedown: Russian citizen jailed for selling stolen sensitive information of US citizens online

A Russian citizen is jailed for 30 months for his role in selling stolen debit card information along with other data utilized to fuel further criminal activity.

Kirill Victorovich Firsov, 30, from Moscow, acted as the administrator of a web site that provided stolen personal data along with other services to use for cybercrime, a US Department of Justice release states.

One-stop cybercrime platform

As previously reported by The Daily Swig, the now-defunct website – Deer.io – hosted nearly 2,000 illicit websites making it approximately $17 million during its seven-year operation.

It sold information including gamer account logins, as well as the sensitive information of US citizens not on a names, current addresses, contact numbers, at times Social Security numbers.

Deer.io was launched around October 2013 and was banned following Firsov’s arrest in March 2020 after an operation in which the FBI purchased 1,100 gamer accounts and also the information that is personal for more than 3,600 Americans.

The prosecutor asserted that Firsov knew deer.io was selling stolen and counterfeit accounts because he built the platform.

“Also, deer.io was easily searchable, so anyone – including Firsov – could search the woking platform for stolen US accounts and data,” the discharge reads.

“Eventhough it sold stolen accounts, deer.io isn’t cloaked in secrecy and required no special password for access, because everything was exhaust Russia, and American police force could gain no foothold.”

‘Sending a message’

“The FBI will pursue cybercriminals globally,” said FBI Special Agent in Charge, Suzanne Turner.

“Today’s sentence sends a note – conducting criminal activity from outside the United States does not mean you might be out from reach.

“The FBI will identify and pursue criminal actors in the cyber-sphere, no matter where they operate, and World market Onion work to bring those to justice within a United States court.”

Deer.io takedown: Russian citizen jailed for selling stolen personal data of US citizens online

A Russian citizen has been jailed for 30 months for his role in selling stolen bank card information along with other data helpful to fuel further criminal activity.

Kirill Victorovich Firsov, 30, from Moscow, acted because administrator of a website that provided stolen personal information along with other services to be utilized for cybercrime, a US Department of Justice release states.

One-stop cybercrime platform

As previously reported by The Daily Swig, the now-defunct website – Deer.io – hosted about 2,000 illicit internet vendors and made approximately $17 million during its seven-year operation.

It sold information including gamer account logins, and the private information of US citizens not confined to names, current addresses, numbers, and also at times Social Security numbers.

Deer.io was introduced who are only October 2013 and was shut down following Firsov’s arrest in March 2020 after an operation during which the FBI purchased 1,100 gamer accounts and the private data over 3,600 Americans.

The prosecutor asserted that Firsov knew deer.io was selling stolen and counterfeit accounts when he built the platform.

“Also, deer.io was easily searchable, so anyone – including Firsov – could search prestashop for stolen US accounts and knowledge,” the discharge reads.

“Though it sold stolen accounts, deer.io isn’t cloaked in secrecy and required no special password for access, because everything was use up all your Russia, and American police officers could gain no foothold.”

‘Sending a message’

“The FBI will pursue cybercriminals across the World Market Onion,” said FBI Special Agent in Charge, Suzanne Turner.

“Today’s sentence sends a message – conducting criminal activity externally the United States doesn’t imply you are out from reach.

“The FBI will identify and pursue criminal actors within the cyber-sphere, wherever they operate, and try to bring these to justice in a United States court.”