back to article Ransomware crooks SIM swap medical research biz exec, threaten to leak stolen data

Ransomware crooks claim they've stolen data from a firm that helps other organizations run medical trials after one of its executives had their cellphone number and accounts hijacked. The Register understands one or more people close to or affiliated with the notorious Alphv, aka BlackCat, extortion gang managed to get into a …

  1. zerotonin
    Facepalm

    SMS 2FA

    Rather than make us change passwords every other month, can we make people get off SMS 2FA? It's irritating enough that criminals are poking people's public infra for holes to exploit to then deploy ransomware or exfiltrate data. Now we have to worry about staff being SIM swapped

  2. Kevin McMurtrie Silver badge

    Some 2FA apps are not like others

    Some companies use a 2FA token generator called "VIP Access." It's really secure. Super duper secure. It's so secure that you can't back up its internal token. Lose your phone data, lose your 2FA.

    Companies using it know this happens all the time so they're fast at fixing it. All they do is ask some trivial questions and verify your identity with SMS.

  3. t245t Silver badge
    Terminator

    SIM swapping and hijacked cellphone number

    Is it possible for the telecoms to put a lock on a mobile to prevent SIM swapping?

    1. H in The Hague

      Re: SIM swapping and hijacked cellphone number

      "Is it possible for the telecoms to put a lock on a mobile to prevent SIM swapping?"

      It all depends on the telco's approach. Here in NL Vodafone will give you a new SIM in one of their shops, but you'll need to show your driving licence or passport. Or they'll send you one, but to the address in their records only I think. So that's reasonably secure.

      1. anothercynic Silver badge

        Re: SIM swapping and hijacked cellphone number

        Same in the UK... you actually have to prove who you are. Clearly either someone in the US is lax at their job, or has been bunged some moola to let it happen... or the security procedures are just *that* lax at the mobile provider where this occurred, in which case it'd be useful to know who they are so people are put on notice about them.

    2. FlamingDeath Silver badge

      Re: SIM swapping and hijacked cellphone number

      My phone provider requires me to tell them a password that I chose earlier if I ever call them up.

      Hopefully all agents follow this protocol and do not makes changes on an account if the caller pretends they have forgotten the password.

      This is why I never use SMS 2FA where possible.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like