Posted on Jul 5, 2021
Gang behind huge cyber-attack demands $70m in Bitcoin
493
16
4
6
6
0
The gang behind a "colossal" ransomware attack has demanded $70m (£50.5m) paid in Bitcoin in return for a "universal decryptor" that it says will unlock the files of all victims.
The REvil group claims its malware, which initially targeted US IT firm Kaseya, has hit one million "systems".
This number has not been verified and the exact total of victims is unknown.
However, it does include 500 Swedish Coop supermarkets and 11 schools in New Zealand.
Two Dutch IT firms have also been hit, according to local media reports.
The REvil group claims its malware, which initially targeted US IT firm Kaseya, has hit one million "systems".
This number has not been verified and the exact total of victims is unknown.
However, it does include 500 Swedish Coop supermarkets and 11 schools in New Zealand.
Two Dutch IT firms have also been hit, according to local media reports.
Gang behind huge cyber-attack demands $70m in Bitcoin
Posted from bbc.com
Cyber
Hacking
Crime
Cybersecurity
Posted 3 y ago
Responses: 4
4
4
0
3
3
0
1
1
0
Ransomware as a Service (RaaS)
UNLCASS/OPEN DISCUSSION based on recent NEWS/OSINT. Know HOW the adversary is TARGETING US (Critical Infrastructure) Private organizations.
'It's just business' (Darkside, Russian APT Criminal motive group, 2021). <Observation - Darkside's similar TTPs and shared characteristics indicate the APT group is a 'faction' or affiliate of REvil>.
SEC 10Q/10K/8K/14A/etc. filings provide an unlimited dynamic source of businesses intelligence used by adversaries (threats) to target organizations based on their financial, policy (liability), and cyber posture (executive C-Suite perspectives, not just the 'technical' cybersecurity).
Take Z****, for example. A RaaS threat actor/group currently leverages open-source business intelligence to assess strategic risk in EBITDA terms like any corporate adversary in the 'cyber' industry.
Google search results:
• 10K "z****" site:*.sec.gov, or 14A "z***2020" site:*.sec.gov
o 2020 Proxy Summary
▪ "cash and cash equivalents" or just "cash"
• 'The Company has continued to enhance its capital structure and liquidity with cash on the balance sheet at December 29, 2019, of $172.6 million,'
• APT targeted ransomware yield from Z**** $1,726,000 (calculated 1% of cash),
o Is it worth it to pursue target?
• Preliminary recon. hXXps://pentest-tools.com/website-vulnerability-scanning/website-scanner#
o +more prelim, low cost, fast TTPs
RaaS collection managers would still find >$1.7 million ransom or ransom/extortion hybrid attractive. Still, Z**** being a US DIB (and CMMC C3PAO) contractor, may make the effort more costly over 'softer targets' available. The business decision would result in a 'big player' (ex. Darkside, REvil) kicking this business intelligence package down to a RaaS affiliate for action, where under the RaaS model, both parties split the proceeds.
Recommend **Don't just think 'technical security perimeter' and assume a 'reactive' posture (as many SOC/CISSP/CISOs are used to). Google the terms; 'Fusion' 'CRISC' 'BISO' and 'EBITDA', and the '5W's + H' starting analysis with WHO (APT), not just WHAT (malware, the ransomware). 'SOCs to Fusion Operations' (Carnegie Mellon SEI, 2019).
UNLCASS/OPEN DISCUSSION based on recent NEWS/OSINT. Know HOW the adversary is TARGETING US (Critical Infrastructure) Private organizations.
'It's just business' (Darkside, Russian APT Criminal motive group, 2021). <Observation - Darkside's similar TTPs and shared characteristics indicate the APT group is a 'faction' or affiliate of REvil>.
SEC 10Q/10K/8K/14A/etc. filings provide an unlimited dynamic source of businesses intelligence used by adversaries (threats) to target organizations based on their financial, policy (liability), and cyber posture (executive C-Suite perspectives, not just the 'technical' cybersecurity).
Take Z****, for example. A RaaS threat actor/group currently leverages open-source business intelligence to assess strategic risk in EBITDA terms like any corporate adversary in the 'cyber' industry.
Google search results:
• 10K "z****" site:*.sec.gov, or 14A "z***2020" site:*.sec.gov
o 2020 Proxy Summary
▪ "cash and cash equivalents" or just "cash"
• 'The Company has continued to enhance its capital structure and liquidity with cash on the balance sheet at December 29, 2019, of $172.6 million,'
• APT targeted ransomware yield from Z**** $1,726,000 (calculated 1% of cash),
o Is it worth it to pursue target?
• Preliminary recon. hXXps://pentest-tools.com/website-vulnerability-scanning/website-scanner#
o +more prelim, low cost, fast TTPs
RaaS collection managers would still find >$1.7 million ransom or ransom/extortion hybrid attractive. Still, Z**** being a US DIB (and CMMC C3PAO) contractor, may make the effort more costly over 'softer targets' available. The business decision would result in a 'big player' (ex. Darkside, REvil) kicking this business intelligence package down to a RaaS affiliate for action, where under the RaaS model, both parties split the proceeds.
Recommend **Don't just think 'technical security perimeter' and assume a 'reactive' posture (as many SOC/CISSP/CISOs are used to). Google the terms; 'Fusion' 'CRISC' 'BISO' and 'EBITDA', and the '5W's + H' starting analysis with WHO (APT), not just WHAT (malware, the ransomware). 'SOCs to Fusion Operations' (Carnegie Mellon SEI, 2019).
(1)
(0)
Read This Next
Continue with Facebook 
Continue with Google