
If there was ever a need for deepfake...
In what is either a creepy, weird spin on Robin Hood or something from a Black Mirror episode, we're told a ransomware gang is encrypting data and then forcing each victim to perform three good deeds before they can download a decryption tool. The so-called GoodWill ransomware group, first identified by CloudSEK's threat intel …
No. not really. Can you clearly explain how "going to the hospital and paying someone's bills" is creepy?
The whole article reads like "These guys aren't even asking for MONEY!!!!!! What the fuck is wrong with them?? Can you BELIEVE the RIDICULOUS things they're making people do? Like, nice things, yeah, but for POOR PEOPLE?!?!".
Here is the UK, you can do task 1 in most towns but giving to a homeless shelter would be better.
Task 2 won't end well if you try to collect a random bunch of kids with offers of pizza.
Task 3 basically requires your paying vast amounts for things like vanity based cosmetic surgery (not covered by NHS free treatment).
"going to the hospital and paying someone's bills" => Not (necessarily) creepy.
"take some selfies with them with full of smiles and happy faces, record the full audio of the interaction, and send it to the operators" => Creepy as all get out.
Task 2 will straight up get you arrested
Task 3 is effectively impossible unless you can find someone who can't afford the small fee for their prescription. I guess you could hang around a dentist and offer to pay those bills? but again, you'd probably end up talking with the police.
. . they would just send an email saying "You have been the recipient of a GoodWill message. Do three good things and document them on social media, then send this message to ten other companies. Thank you for your cooperation".
That way, the companies that truly have some good will will be honored for showing it, whilst the other will continue business as usual.
Umm, certainly in the UK extortion is illegal.
The fact is this ignores any good works already performed (not to boast but I've contributed to the Disasters Emergency Committee funds for Yemen, Ukraine, and others, and the local Women's Refuge, I regularly give my pristine, but old, books to the Oxfam bookshop, and 'donated' £30 I found on the street to charity).
As a single gay man, there is no way I am going to take some disadvantaged children to any fast food establishment without written permission from parents / guardians.
I would advise anyone else to be very careful too - "but your honour, my computer was infected by ransomware, I had to buy them some unhealthy food to get my data back" is an unlikely defence to child abduction.
Better check those backups.
I wonder what they extort from you once you've done the good deeds, given them access to your social media accounts, and downloaded and run their so-called decrypter. Maybe that's enough and they use the social media accounts to spread Russian government propaganda. I hear it pays well. Hackers are criminals, they criminate.
Feature US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing scourge of ransomware.
"Only by working together with key law enforcement and prosecutorial partners in the EU can we effectively combat the threat that ransomware poses to our society," said US assistant attorney general Kenneth Polite, Jr, in a canned statement.
Earlier this month, at the annual RSA Conference, this same topic was on cybersecurity professionals' minds – and lips.
A former Canadian government employee has pleaded guilty in a US court to several charges related to his involvement with the NetWalker ransomware gang.
On Tuesday, 34-year-old Sebastien Vachon-Desjardins admitted he conspired to commit computer and wire fraud, intentionally damaged a protected computer, and transmitted a demand in relation to damaging a protected computer.
He will also forfeit $21.5 million and 21 laptops, mobile phones, gaming consoles, and other devices, according to his plea agreement [PDF], which described Vachon-Desjardins as "one of the most prolific NetWalker Ransomware affiliates" responsible for extorting said millions of dollars from dozens of companies worldwide.
Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands.
The new capabilities make the ransomware, first detected in November 2021 - and the developer behind it even more dangerous - according to researchers with Palo Alto Networks' Unit 42 threat intelligence group. Unit 42 said the HelloXD ransomware family is in its initial stages but it's working to track down the author.
"While the ransomware functionality is nothing new, during our research, following the lines, we found out the ransomware is most likely developed by a threat actor named x4k," the researchers wrote in a blog post.
If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the processor designer following an alleged security breach earlier this year.
RansomHouse says it obtained the files from an intrusion into AMD's network on January 5, 2022, and that this isn't material from a previous leak of its intellectual property.
This relatively new crew also says it doesn't breach the security of systems itself, nor develop or use ransomware. Instead, it acts as a "mediator" between attackers and victims to ensure payment is made for purloined data.
Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach.
The bot's operators are also working with the Black Basta gang to spread ransomware in yet another partnership in the underground world of cyber-crime, it is claimed.
This combination of Follina exploitation and its use to extort organizations makes the malware an even larger threat for enterprises. Qbot started off as a software nasty that raided people's online bank accounts, and evolved to snoop on user keystrokes and steal sensitive information from machines. It can also deliver other malware payloads, such as backdoors and ransomware, onto infected Windows systems, and forms a remote-controllable botnet.
Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances.
The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.
This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come.
Microsoft is extending the Defender brand with a version aimed at families and individuals.
"Defender" has been the company's name of choice for its anti-malware platform for years. Microsoft Defender for individuals, available for Microsoft 365 Personal and Family subscribers, is a cross-platform application, encompassing macOS, iOS, and Android devices and extending "the protection already built into Windows Security beyond your PC."
The system comprises a dashboard showing the status of linked devices as well as alerts and suggestions.
Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).
RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.
We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.
NSO Group told European lawmakers this week that "under 50" customers use its notorious Pegasus spyware, though these customers include "more than five" European Union member states.
The surveillance-ware maker's General Counsel Chaim Gelfand refused to answer specific questions about the company's customers during a European Parliament committee meeting on Thursday.
Instead, he frequently repeated the company line that NSO exclusively sells its spyware to government agencies — not private companies or individuals — and only "for the purpose of preventing and investigating terrorism and other serious crimes."
QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions.
The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor's users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.
The previous attacks occurred in January, March, and May.
Biting the hand that feeds IT © 1998–2022