![]() ![]() A different REvil representative, nom-de-hack “0_neday,” announced the hijacking on the Russophone forum XSS, made an ineffectual gesture in the direction of conciliating REvil’s criminal affiliates, wished everyone “good luck,” and signed off. They note that the gang’s former spokesman, a known unknown who went by the predictable nom-de-hack “Unknown”-had private keys for access to the sites, and that the unknown hijackers had used Unknown’s private keys to take control of them. Security firm Flashpoint posted a description of this latest occultation to its blog Monday morning. The data dump site had been known as “the Happy Blog.” REvil appears to have detected the hijacking this past Sunday. The REvil ransomware gang appears to have again withdrawn from active operations, this time, BleepingComputer reports, because unknown parties hijacked the Tor sites the gang used for receiving payments and leaking stolen data. ![]() REvil disappears again: might it be gone for good? Macaw ransomware (and thus its proprietor, Evil Corp) are also said, by TechCrunch, to be responsible for ongoing attacks against Olympus. Sinclair's recovery from the attack remains a work in progress: according to the Daily Beast, disruptions to business and production systems have continued into the week. The gang's two alleged leaders, Maksim Yakubets and Igor Turashev, were also indicted by the US at time sanctions were imposed. One purpose of adopting rebranded malware strains may be obscuring the fact that payment of ransom to the sanctioned entity amounts to a violation of US law. Evil Corp has been under US sanctions since December of 2019, which would complicate any attempt to buy back access to infected systems by paying the ransom. The attackers are said to have used the Macaw strain of WastedLocker ransomware (Emsisoft calls Macaw simply a rebranded version of WastedLocker). Attempts to isolate and contain the attack began almost immediately upon detection.īloomberg reported Thursday that the Sinclair Broadcast Group was hit by the Russian cybercriminal organization usually known as Evil Corp. To recap, Sinclair discovered a possible incident Saturday, identified it as a cyberattack Sunday, and issued a public statement Monday, which the Wall Street Journal calls quick disclosure. NY1 reports that the attack involved, as is now routine in such criminal operations. The Hollywood Reporter says that some service disruptions continued into the early part of the week. The media company detected what it regarded as "a potential security incident" on Saturday, and is now in the process of recovery. The Sinclair Broadcast Group, which operates one-hundred-eighty-five television stations with six-hundred-twenty channels in eighty-six US media markets, has disclosed that it determined last Sunday that it had been subjected to a ransomware attack. Ransomware at the Sinclair Broadcast Group and Olympus attributed to Evil Corp. While the accounts were active for several months, neither had more than a thousand followers. A member of Google's Threat Analysis Group says the two accounts are part of a cluster, some of whose members were taken down in August. The Record reports that the two accounts are part of an espionage campaign that began last year. Twitter last week suspended two accounts that North Korean operators established for the apparent purpose of catphishing security researchers. Twitter suspends two North Korean catphishing accounts. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |