AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/08/2021

Justice Dept. conducting cyber crackdown

The Justice Department is stepping up actions to combat ransomware and cybercrime through arrests and other actions, its No. 2 official told The Associated Press, as the Biden administration escalates its response to what it regards as an urgent economic and national security threat. Deputy Attorney General Lisa Monaco said that “in the days and weeks to come, you’re going to see more arrests,” more seizures of ransom payments to hackers and additional law enforcement operations. “If you come for us, we’re going to come for you,” Monaco said in an interview with the AP this week. She declined to offer specifics about who in particular might face prosecution.


Ukraine discloses identity of Gamaredon members, links it to Russia’s FSB

The Ukrainian Security Service (SSU) has revealed today the real identities of five members of the Gamaredon cyber-espionage group, linking its members to the Crimean branch of the Russian Federal Security Service (FSB). Officials said the group —which the SSU tracks internally as Armageddon but is more widely known in cybersecurity circles as Gamaredon— operated from the city of Sevastopol, Crimea, but acted on orders from the FSB Center for Information Security (also known as “Center 18”) in Moscow, a known hub for the FSB’s cyber operations. Five members were identified by name and position and the SSU said it sent them “notices of high treason”.


Shopping Online Securely

The holiday season is nearing. Soon millions of people will be looking to buy the perfect gifts, and many of us will shop online. Unfortunately, cyber criminals will be active as well, creating fake shopping websites and other online shopping scams to steal your information or money. Learn how you can find good deals without becoming a victim.


U.S. offers $10 million reward in hunt for DarkSide cybercrime group

The U.S. State Department on Thursday announced a reward of up to $10 million for information leading to the identification or location of anyone with a key leadership position in DarkSide, a cybercrime organization the FBI has said is based in Russia. The FBI has said DarkSide was responsible for the May cyber attack targeting the Colonial Pipeline, causing a days-long shutdown that led to a spike in gas prices, panic buying and localized fuel shortages in the U.S. Southeast. The State Department also said it is offering a reward of up to $5 million for information leading to the arrest or conviction in any country of any person attempting to participate in a DarkSide ransomware incident. “In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals,” the department said in a statement.


Hackers Apologize to Arab Royal Families for Leaking Their Data

In October, the infamous ransomware gang known as Conti released thousands of files stolen from the UK jewelry store Graff. Now, the hackers would like the world to know that they regret their decision, perhaps in part because they released files belonging to very powerful people. Among the data Conti leaked, there were sensitive files belonging to celebrities like David Beckham, Oprah Winfrey, and Donald Trump, according to The Daily Mail. There was also, according to the hackers themselves, information belonging to the UAE, Qatar, and Saudi royal families. And the hackers really don’t want to piss them off. “We found that our sample data was not properly reviewed before being uploaded to the blog,” the hackers wrote in an announcement published on Thursday. “Conti guarantees that any information pertaining to members of Saudi Arabia, UAE, and Qatar families will be deleted without any exposure and review.” “Our Team apologizes to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families whose names were mentioned in the publication for any inconvenience,” the hackers added. 


FBI: Ransomware gangs hit several tribal-owned casinos in the last year

The FBI’s Cyber Division said in a private industry notification issued earlier this week that ransomware gangs have hit several tribal-owned casinos, taking down their systems and disabling connected systems. These attacks are part of a long series of similar incidents targeting tribal entities since 2016, with damages estimated in the millions of dollars in recent months. Ransomware-hit casinos had to shut down their gaming floors, as well as restaurants, hotels, and gas stations, causing significant revenues losses after being forced into providing limited or no services to customers while working on restoring their systems. Limited cyber investigative capabilities and law enforcement resources are likely some of the reasons behind ransomware groups’ seeing US tribes as desirable targets, according to the FBI. Ransomware gangs that coordinated attacks against tribal communities include REvil (Sodinokibi), Bitpaymer, Ryuk, Conti, Snatch, and Cuba. Due to these incidents, tribal entities have dealt with operational disruption, theft of sensitive data, and financial losses.

Related Posts