Bad Month For Major Ransomware Operators
Term of the month: Bot
Bot is a short term for robot and is meant to perform a simple and specific task as a part of a computer. The most common uses are to mimic human behaviour on a repetitive task and eliminating manual processes. They can also be used for destructive or malicious purposes when programmed to do so.
This month has been bad for the most prolific and well known ransomware operators. 14 members of the REvil ransomware group were arrested in Russia, most well-known for the Colonial Pipeline attack that had far reaching consequences that included panic buying of gas and an address on the issue by the US president and numerous large companies. Also two Ukrainian ransomware operators were arrested who Interpol described as prolific but no names or affiliations were released.
In other news the first use of ransomware as a hacktivism tool has been observed. A group in Belarus infected the countries state-run railroad with ransomware to prevent the aiding of Russian troops ahead of the possible invasion of Ukraine and demanded the release of political prisoners. Marking an interesting turn for ransomware form a mainly financial extortion malware to a political tool.
Microsoft also announced that they have seen an uptick in malicious malware designed to look like ransomware that has no recovery mechanism. All of the affected organisations are based in Ukraine.
Mac OS has also been under a lot of scrutiny this month since it was revealed that safari browsing activity is being leaked to sites open in other tabs. The article also includes a demo site where anyone can test and see it in action.
DHL has taken the unwanted crown of being the most mimicked brand for phishing attacks. So next time you receive a DHL e-mail pay extra close attention if it is actually a real e-mail or an attempt to get you credentials.
CYBER SECURITY IN THE NEWS