The four most prominent ransomware strains of 2020, Maze, Egregor, SunCrypt, and Doppelpaymer have connections that lead back to the same Ransom as a Service (RaaS) network and affiliates.

According to a new Chainalysis 2021 Crypto Crime Report, established connections between the four strains indicate that they are either being controlled or executed by the same group of people.

“There may be fewer cybercriminals responsible for ransom attacks that one would initially think, given the number of individual attacks, distinct strains and amount stolen from victims.”

RaaS is a business model by ransom developers who lease or sell different strains of their ransomware to affiliates who in turn use them to perform attacks on individuals or organizations.

Cybersecurity researchers identified strong links between the four strains, all of which were relatively active in 2020. They were used to attack different companies and institutions including Barnes &Noble, LG, Pemex and University Hospital New Jersey.

“All four use the RaaS model, meaning that affiliates carry out the ransom attacks themselves and pay a percentage of each victim payment back to the strain’s creators and administrators.”

Additionally, the strains have all been using the same double extortion method to blackmail their victims by threatening to withhold data and publish it online for extra intimidation.

Ransomware Strains are Interlinked

The Maze strain disappeared shortly after Egregor became active in Q4 2020. Its administrators later announced in November that its website was shutting down due to reduced activity.

“Some Cybersecurity researchers see this as evidence that Maze and Egregor are linked in some way.”

Researchers further claimed that Maze operators either rebranded to Egregor or joined the latter’s operators, with a row between the two groups resulting in a split.

“Maze and Egregor share much of the same code, the same ransom note, and have very similar victim payment sites.”

SunCrypt has also been linked severally to Maze, including through a privately circulated report from a threat intelligence firm saying that SunCrypt is a rebrand of a well-known ransomware strain.

A connection between Egragor and Doppelpaymer has also been established through a 78.8 BTC ransom payment for Egregor that was suspected to be a Doppelpaymer administrator wallet.

Useful Information for Law Enforcement

Chainalysis concludes that Law enforcement agencies could benefit from this information to expand their crackdowns and even halt operations of well-known interlinked strains with a single takedown.

“Evidence suggests that the ransom world is smaller than one may initially think, given the number of unique strains currently operating.”

Ransomware attacks grew by 311% in 2020, with $350 million being paid by ransomware victims to attackers, despite crypto-related criminal activity falling by 83%. 

The post 4 of 2020’s Biggest Ransomware Strains Linked to Majority of Attacks appeared first on TechCavit.

According to Assistant Director Jeanette Manfra of the Cybersecurity and Infrastructure Security Agency (CISA) – A Division of the US Department of Homeland Security, there is an impending cyberattack of an even greater magnitude than the ‘2017 WannaCry Attack’ to be expected within the next few years.

As a branch of the Department of Homeland Security (DHS) focused mainly on cybersecurity, CISA becomes wholly in charge of protecting and increasing the security of critical government networks by means of collaborating with the private sector on a global scale. And as such any threat within the aforementioned jurisdiction falls under the responsibility of the agency. 

Just last week at the TechCrunch Disrupt in San Francisco, California, following a statement by Manfra who analyzed the current situation of cyberspace to be at a very vulnerable state. Elaborating further, the former Senior Counsellor to the Secretary of the DHS highlighted on the uncertainty of preventing such attacks in the near future but also emphasizes on the readiness of the department in the event of such occurrence. Stressing yet on the ‘WannaCry Attack’ she said;

“I don’t know that we could ever prevent something like that, we just have something that completely manifests itself as a worm. I think the original perpetrators didn’t expect probably that sort of impact.” 

Nonetheless, she also added that;

“Updating your patches would have prevented a good quantity of individuals from being a sufferer.”

The Bluekeep Glitch

All of these statements about a worldwide ransomware attack comes as a warning against a looming loophole in Bluekeep, which was detected a few months back. The ‘Bluekeep’ terminology was coined by another cybersecurity expert – Kevin Beaumont in a tweet, as it often leads to a Blue screen when exploited.

The Bluekeep glitch is a “wormable” vulnerability that was first reported sometime in May on Microsoft’s Remote Desktop Protocol (RDP) that allows for remote code execution. This bug was initially believed to be present in all unpatched versions of the NT-based Windows ranging from Windows 2000 through Windows Server 2008 R2.

While the much newer versions such as Windows 7 and all other versions upwards to Windows 10 were prone to the ‘Dejablue’ flaw. Subsequently, this error could compromise over a million internet-connected gadgets from all over the world that are connected and susceptible to Microsoft’s BlueKeep.

Although Bluekeep shares similar characteristics to other wormable viruses such as the NotPetya and WannaCry bug, all of which are capable of creeping into weak computer systems on a broader network. And given that the Bluekeep bug allows for remote access from unlicensed third-party agents, it is only a matter of time before ‘Black hackers’ exploits this vulnerability.

Notwithstanding, the Expert Cybersecurity Analyst – Manfra guarantees that extreme measures by the governments of multiple nations are underway to help manage such incidents if and when it happens.

The post CISA Prepares For Another ‘WannaCry’ Incident: Says Something Big is Coming to The Entire Cyber-Space appeared first on TechCavit.

Following the outbreak of a number of cybersecurity mishaps in recent times. Ecuador as at Monday, 16th September, experienced a major data breach baring the personal information of almost all the population of Ecuador to unlicensed third-party agents. The leaked 18Gigabyte-sized data contained research documents and statistics on over 20 million individuals.

The leaked data encompasses such information as names, addresses, employment status, phone numbers, and national identity numbers. Derived from about 7.5 million personage financial and banking records, 2.5 million car ownership logs as well as detailed information on infant demography in the region, to the tune of 6.7 million children data.

According to the report released by ZDNet, this data infringement is believed to be as a result of carelessness on the part of the administrators of the IT consulting firm who allowed entry to the Elasticsearch server unchecked and without a password. Otherwise granting access to these records to anyone on the Internet.

In a statement issued by the Ministry of Telecommunications and Information Society on Monday. The Minister of telecommunications – Andrés Michelena Ayala announced that Novaestrat – the data analytics and IT consulting firm directly involved with the leaked data, and its employees are been placed under investigation upon the charges of privacy violation and distribution of private information to the general public without due authorization.

Subsequently, the Ecuadorian authorities swooped down on Williams Roberto G. – Director of Novaestrat. As the management at Novaestrat is been slapped with the allegations of accumulating these data illegally. Although a government-endorsed data analytics firm, since Novaestrat boasts of a number of contracts been awarded by the Ecuadorian government between 2015 to 2017. What is not actually known is whether the employees at Novaestrat intentionally broadcasted this data or perhaps it was a glitch on the company’s server-side handling. 

However, one certainty stands to be that these data are originally not supposed to be in the possession of the company who might have come across such data while working extensively with the government in the past. Inclined by the gravity of the data breach, the Ecuadorian government is set to take a giant leap towards implementing a stricter data privacy law with plans to pass this new law to the parliament within the next three days.

The post Ecuador Data Breach: Records of Over 20 Million Users Exposed appeared first on TechCavit.