Categories
Security

Ransomware victims are refusing to pay — but is it working?

A new report has highlighted how ransomware payments to hackers have begun to slow down, with victims continuously opting to not cave in to demands.

Coveware, a company that provides ransomware decryption services, revealed some interesting analytics relating to the state of ransomware during the second quarter of 2022.

Getty Images

As reported by Bleeping Computer, the average payment pertaining to ransomware demands has indeed increased. However, the median value of these payments have decreased in a big way.

During 2022’s second quarter, the mean average ransom payment totalled $228,125, representing an 8% increase compared to the first quarter of this year.

The median ransom payment value, however, came to $36,360 — that’s a staggering 51% drop when compared to the first quarter of 2022.

The aforementioned fall in value follows consistent drops since the first quarter of 2021. That specific period saw average ransomware payments reach new highs ($332,168), while the median value reached a peak of $117,116. That said, this state of affairs was undoubtedly aided by the pandemic and the rise of individuals using their systems at home.

“This trend reflects the shift of RaaS affiliates and developers toward the mid-market where the risk-to-reward profile of attack is more consistent and less risky than high profile attacks,” Coveware said in its findings.

Coveware also mentioned how large corporations are not entertaining any ransom demands solely due to the amount. “We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts.”

A system hacked warning alert being displayed on a computer screen.
Getty Images

A shift in strategy

Hackers have increasingly shifted their efforts and focus toward smaller organizations that are delivering positive financial results, which is reflected by the fact that the median size of companies affected by ransomware fell during 2022’s second quarter.

Elsewhere, the most popular choices for ransomware list within the report show a few familiar names from the hacking scene. BlackCat controls 16.9% of the ransomware attacks, while LockBit 2.0 accounts for another sizable chunk (13.1%).

As for all the recent shutdowns of ransomware gangs, the individuals from these groups have turned to lower-tier attacks, which has subsequently aided various smaller ransomware-as-a-service (RaaS) operations popping up.

The report also revealed how the double extortion method — a way to threaten targets that their stolen files will be leaked before the encryption process — is still a favored scare tactic among threat actors, with 86% of the reported cases associated with this specific strategy.

For a considerable number of these cases, hackers will continue with their extortion schemes or leak the files they’ve obtained even if they’ve received the ransom payment.

If you’ve been a victim of ransomware, then be sure to seek the services of this anti-hacker group that provides free decryptors.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Security

Latest LAPSUS$ victims include Facebook, DHL in massive hack

Hacking group LAPSUS$ has revealed its latest target: Globant, an IT and software development company whose clientele includes the likes of technology giant Facebook.

In a Telegram update where the hackers affirmed they’re “back from a vacation,” — potentially referring to alleged members of the group getting arrested in London — LAPSUS$ stated that they’ve acquired 70GB of data from the cyber security breach.

Justin Sullivan/Getty Images

Not only have they seemingly obtained sensitive information belonging to several large organizations, the group decided to release the entire 70GB via a torrent link.

As reported by Computing, the group shared evidence of the hack via an image displaying folders that are named after Facebook, DHL, Stifel, and C-Span, to name but a few.

Although there is a folder titled “apple-health-app,” it is not directly related to the iPhone maker.

Instead, The Verge highlights how the data it contains is actually associated with Globant’s BeHealthy app, which was developed in partnership with Apple due to its use of the Apple Watch.

Meanwhile, LAPSUS$ posted an additional message on its Telegram group listing all of the passwords of Globant’s system admins and the company’s DevOps platforms. Vx-underground, which has conveniently documented all of the group’s recent hacks, confirmed the passwords are extremely weak.

LAPSUS$ also threw their System Admins under the bus exposing their passwords to confluence (among other things). We have censored the passwords they displayed. However, it should be noted these passwords are very easily guessable and used multiple times… pic.twitter.com/gT7skg9mDw

— vx-underground (@vxunderground) March 30, 2022

Notably, login credentials for one of those platforms seemingly offered access to “3,000 spaces of customer documents.”

Following the Telegram message and subsequent leak on March 30, Globant itself confirmed it was compromised in a press release.

“We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation.

According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.

We are taking strict measures to prevent further incidents.”

Earlier in March, seven alleged members of the group, reportedly aged 16 to 21, were arrested in London, before being released pending further investigations. According to reports, the alleged ringleader of the group, a 16-year-old from Oxford, U.K., has also apparently been outed by rival hackers and researchers. “Our inquiries remain ongoing,” City of London police stated.

Security researchers have suggested other members of LAPSUS$ could be based out of South America.

Hacking scene’s newcomer causing a lot of noise

LAPSUS$ has gained a reputation by injecting activity into the hacking scene in an extremely short span of time.

Amazingly, the majority of its hacks seem to come to fruition by simply targeting engineers of large companies and their access points via weak passwords. The group even stresses this fact repeatedly in its Telegram updates.

It’s understandable when an average user from home is subjected to a hack due to weak passwords, but we’re not talking about individuals here. LAPSUS$ has successfully infiltrated some of the largest corporations in history without the apparent need to resort to complicated and sophisticated hacking methods.

Moreover, hackers are now even exploiting weak passwords that make your PC’s own power supply vulnerable to a potential attack, which could lead to threat actors causing it to burn up and start a fire. With this in mind, be sure to strengthen your passwords.

LAPSUS$ has already leaked the source codes for Microsoft’s Cortana and Bing search engine. That incident was preceded by a massive 1TB Nvidia hack. Other victims include Ubisoft, as well as the more recent cyber security breach of Okta, which prompted the latter to issue a statement acknowledging a mistake in how it reported the situation.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Game

‘Axie Infinity’ hack victims will only get back around a third of what they lost

Sky Mavis, the developer of blockchain game Axie Infinity, says it will start reimbursing the victims of a $617 million hack that took place earlier this year. The attackers took $25.5 million in USDC (a stablecoin that’s pegged to the value of the US dollar) and 173,600 ether, which was worth around $591.2 million at the time. The FBI claimed North Korean state-backed hacker groups were behind the attack.

Impacted Axie Infinity players will be able to withdraw one ether token for each one they lost in the hack, Sky Mavis told Bloomberg (the company didn’t mention a USDC reimbursement). However, as with other cryptocurrencies, the value of Ethereum has plummeted since the attack in March. 

Because of that, Sky Mavis will return around $216.5 million to users. It’s possible that the price of Ethereum will rise again, but as things stand, affected users will get back around a third of what they lost.

In April, Sky Mavis raised $150 million in funding to help it pay back the victims. The developer plans to reimburse affected users on June 28th, when it restarts the Ronin software bridge that the hackers targeted. 

Axie Infinity is widely considered the most popular play-to-earn game. Players collect and mint NFTs representing creatures that battle each other, Pokémon-style. These NFTs can be sold to other players, with Sky Mavis charging a transaction fee. By February, Axie Infinity had facilitated $4 billion in NFT sales.

However, the NFT market has all but bottomed out, which has had a significant impact on Axie Infinity. For one thing, according to Bloomberg, the daily active user count dropped from 2.7 million in November to a quarter of that by the end of May.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Repost: Original Source and Author Link

Categories
AI

Egress: 73% of orgs were victims of phishing attacks in the last year

All the sessions from Transform 2021 are available on-demand now. Watch now.


73% of organizations were victims of successful phishing attacks in the last year, according to the Egress 2021 Insider Data Breach Survey. IT leaders indicate that the remote and hybrid future of work will make it harder to prevent phishing incidents. Remote work has already increased the risk of a data breach, with over half (53%) of IT leaders reporting an increase in incidents caused by phishing. In addition, the research has revealed concerns over future hybrid working, with 50% of IT leaders saying it will make it harder to prevent breaches caused by malicious email attacks.

The survey, independently conducted by Arlington Research on behalf of Egress, polled 500 IT leaders and 3,000 employees across the US and UK in numerous vertical markets including financial services, healthcare and legal.

Phishing attacks are still very prevalent. Employees continue to fall victim to phishing attacks with 43% not following security protocols and 36% rushing and making mistakes. The results also highlight the human cost of phishing as it found that in almost one quarter (23%) of organizations, employees who were hacked via a phishing email left the organizations — either voluntarily or involuntarily. IT leaders need to gain a firm grasp on phishing risk and put an effective strategy in place to mitigate it.

Read the full report by Egress.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link