•   
  •   
  •   

Politics US, allied nations force REvil ransomware group offline: report

01:45  22 october  2021
01:45  22 october  2021 Source:   thehill.com

White House convenes virtual meeting of countries to counter ransomware

  White House convenes virtual meeting of countries to counter ransomware The White House on Wednesday will convene a virtual meeting on countering ransomware with senior officials representing 30 countries and the European Union, Biden administration officials said, as part of President Biden's effort to work with global partners to address cyber threats.Ministers and senior officials from a range of countries will take part in the virtual meeting, though the attendees do not include representatives from Russia, which has been a key focus of the Biden administration in trying to root out criminal ransomware groups.

The United States and other nations earlier this week in a joint operation hacked and forced offline the REvil cyber criminal group, which has been linked to several major ransomware attacks this year.

a group of people looking at a laptop: US, allied nations force REvil ransomware group offline: report © iStockphoto US, allied nations force REvil ransomware group offline: report

Reuters reported Thursday citing multiple officials and private sector experts that the FBI, U.S. Cyber Command, the Secret Service, and the governments of other unnamed nations had breached servers used by REvil to carry out attacks in an effort to disrupt their operations.

The Hill reached out to the FBI, U.S. Cyber Command, and the Cybersecurity and Infrastructure Security Agency (CISA) for comment.

US talks global cybersecurity without a key player: Russia

  US talks global cybersecurity without a key player: Russia As the FDA nears a decision on authorizing Pfizer’s Covid-19 vaccine for children 5-11 years old, public-health officials and pediatricians are sharing research with families to assure hesitant parents of the shot's safety. Photo: John Locher/Associated Press

REvil was linked by the FBI in July to the ransomware attack against IT group Kaseya, which impacted up to 1,500 companies, and earlier in the year to the ransomware attack on meat producer JBS USA.

This is the second time REvil has been taken offline, with the group's websites going dark shortly after the attack on Kaseya in July. The websites were taken down prior to a planned operation against them led by the FBI, which chose to withhold a decryption key from Kaseya and other groups impacted by the attack while the operation was pursued.

According to Reuters, when several members of the REvil hacker group restarted the websites last month from a backup, they unknowingly restarted systems that law enforcement had already gained access to.

Agencies say agriculture groups being targeted by BlackMatter ransomware

  Agencies say agriculture groups being targeted by BlackMatter ransomware A trio of federal agencies on Monday sounded the alarm about critical infrastructure groups, particularly agricultural organizations, being targeted by a prolific ransomware group.The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) put out a joint advisory warning of targeting by "BlackMatter ransomware," connecting the group to previous attacks this year. "Since July 2021, BlackMatterThe FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) put out a joint advisory warning of targeting by "BlackMatter ransomware," connecting the group to previous attacks this year.

"The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised," Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB., told Reuters. "Ironically, the gang's own favorite tactic of compromising the backups was turned against them."

REvil is one of several Russian cybercriminal groups that have become a national security threat in recent months.

The DarkSide ransomware group was linked to the ransomware attack on Colonial Pipeline in May that led to gas shortages in multiple states, and a coalition of federal agencies warned earlier this week that the BlackMatter ransomware group targeting the agriculture sector could be a rebrand of DarkSide.

Bloomberg News reported Wednesday that the Russian-based Evil Corp. cyber group was behind the ransomware attack on Sinclair Broadcast Group, an attack that continues to disrupt some operations at the company's 185 owned and operated news stations.

US takes aim at cryptocurrencies in bid to stem ransomware

  US takes aim at cryptocurrencies in bid to stem ransomware The Biden administration last week took several steps to crack down on the use of cryptocurrencies, which have become the most popular way that criminal groups demand ransom payments after carrying out devastating cyberattacks. The White House convened a virtual counter-ransomware summit of officials from 30 countries, also last week, and the group pledged cooperation […] The post US takes aim at cryptocurrencies in bid to stem ransomware appeared first on Roll Call.

The Biden administration has taken numerous steps to confront the increasing ransomware attacks against critical groups, which have also included schools, hospitals, and government agencies.

President Biden urged Russian President Vladimir Putin to crack down on cybercriminals based in Russia during their in-person meeting in June, and last week the White House hosted an international meeting on ransomware that involved leaders from other 30 countries. Russia was not invited to participate in the meeting.

The Justice Department set up a ransomware task force and recently announced a program to go after federal contractors who fail to report cyber incidents to the U.S. government. It also successfully recovered the majority of the $4.4 million in Bitcoin paid by Colonial Pipeline to the hackers in May.

"We need to use all of the tools that we can to disrupt malicious cyber activity," Deputy Attorney General Lisa Monaco said at the virtual Aspen Institute Cyber Summit earlier this month.

NRA Hacked by Russian Ransomware Gang, Likely Not Politically Motivated, Expert Says .
"It's not likely that this was specifically targeted at the NRA, the NRA just happened to get hit," said an intelligence analyst at a cybersecurity firm.Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, said that it's very unusual for a politically-active group like the NRA to be singled out by ransomware gangs. Those groups usually also opt to target vulnerable technologies rather than organizations, he said.

usr: 7
This is interesting!