Everest ransomware group claims it breached ASUS, stealing over 1TB of data including camera source code. ASUS has been given 21 hours to respond via Qtox.

The OnSolve CodeRED platform has been targeted by the Inc Ransom ransomware group, resulting in disruptions and a data breach.

The post Ransomware Attack Disrupts Local Emergency Alert System Across US appeared first on SecurityWeek.

The information was stolen from a legacy cloud file storage system, not from its payment processing platform.

The post Checkout.com Discloses Data Breach After Extortion Attempt appeared first on SecurityWeek.

Law enforcement authorities from over a dozen countries in Europe and North America have taken part in disrupting the activities of the Hive ransomware group, the U.S. Justice Department and Europol announced. Hive is believed to have targeted various organizations worldwide in the past couple of years, often extorting payments in cryptocurrency.

Captured Decryption Keys Helped Hive Victims Avoid Paying $130 Million in Ransom

Ransomware network Hive, which has had around 1,500 victims in more than 80 countries, has been hit in a months-long disruption campaign, the U.S. Department of Justice (DOJ) and the European Union Agency for Law Enforcement Cooperation (Europol) revealed. A total of 13 nations participated in the operation, including EU member states, the U.K. and Canada.

Hive has been identified as a major cybersecurity threat as the ransomware has been used by affiliated actors to compromise and encrypt data and computer systems of government facilities, oil multinationals, IT and telecom companies in the EU and U.S., Europol said. Hospitals, schools, financial firms, and critical infrastructure have been targeted, the DOJ noted.

It has been one of the most prolific ransomware strains, Chainalysis pointed out, which has collected at least $100 million from victims since its launch in 2021. A recent report by the blockchain forensics company unveiled that revenue from such attacks has decreased last year, with a growing number of affected organizations refusing to pay the demanded ransoms.

According to the announcements by the law enforcement authorities, the U.S. Federal Bureau of Investigation (FBI) penetrated Hive’s computers in July 2022 and captured its decryption keys, providing them to victims around the world which prevented them from paying another $130 million.

Working with the German Federal Police and the Dutch High Tech Crime Unit, the Bureau has now seized control over the servers and websites that Hive used to communicate with its members and the victims, including the darknet domain where the stolen data was sometimes posted. FBI Director Christopher Wray was quoted as stating:

The coordinated disruption of Hive’s computer networks … shows what we can accomplish by combining a relentless search for useful technical information to share with victims.

The Hive ransomware was created, maintained and updated by developers while being employed by affiliates in a ‘ransomware-as-a-service’ (RaaS) double extortion model, Europol explained. The affiliates would initially copy the data and then encrypt the files before asking for a ransom to decrypt the information and not publish it on the leak site.

The attackers exploited various vulnerabilities and used a number of methods, including single factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols as well as phishing emails with malicious attachments, the law enforcement agencies detailed.

Do you expect police authorities around the world to dismantle more ransomware networks in the near future? Tell us in the comments section below.

Another unfortunate case of a ransomware attack on a municipality. Read more here and how they may end up paying the ransom.

Multiple websites linked to the infamous ransomware gang REvil are currently offline, according to multiple security researchers. REvil is the group linked to the recent hack of information technology firm Kaseya which an REvil affiliate used to then ransom a wealth of other companies around the world.

"Onionsite not found," an error message currently reads when visiting REvil's dark web site where the group ordinarily posts data stolen from victims.

Lawrence Abrams, owner of information security publication BleepingComputer, said in a tweet that the downtime extended to "all" of REvil's sites, including their sites used for ransom payment.

Pseudonymous research group vx-underground added in a tweet that "Unknown," a representative for REvil, has not posted on popular hacking forums Exploit and XSS since July 8.

Do you have new information about REvil? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

The reason for the downtime is unclear. Sometimes dark web sites temporarily go offline and swiftly return. The site has been down now for over eight hours. Vx-underground added that the dumping site became unresponsive at 1AM EST.

REvil is a hugely prolific ransomware group, and was also responsible for the attack on the world's largest meat producer JBS. The group is Russian speaking.

President Biden told President Putin last Friday that Russia must "take action" against cybercriminals based in the country who target the United States. Russian and U.S. officials are meeting this week to discuss the issue.