On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six more security flaws to its known exploited vulnerabilities (KEV) list. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six more security flaws to its known exploited vulnerabilities (KEV) list. […] Read More
BleepingComputer
Authorities Seized RagnarLocker Ransomware Dark Web Site
A coordinated international law enforcement action has seized the dark web site used by the notorious RagnarLocker ransomware group.
This operation involving law enforcement agencies from several countries is a major setback for cyber criminals and a significant achievement in the ongoing war against ransomware attacks.
The RagnarLocker website now displays a message: “This service has been seized by a part of a coordinated international law enforcement action against the RagnarLocker group.”
Document
FREE Demo
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
The message also mentions the participation of law enforcement agencies from the United States, the European Union, and Japan, highlighting the global scope of this operation.
The details of this law enforcement initiative are still not fully disclosed, and many questions remain unanswered.
It is unclear whether the gang’s entire infrastructure was captured, any arrests were made, or any stolen funds were recovered.
Europol, the European Union’s law enforcement agency, has officially confirmed its involvement in an ongoing action against the ransomware group.
Europol spokesperson Claire Georges has stated that a detailed announcement regarding the takedown will be made on Friday after all actions have been completed.
October 17th – Ukrainian Cyber Alliance takes down Trigona ransomware group, taking down servers and seizing wallets.
October 19th – EUROPOL takes down RagnarLocker ransomware group
Image 1 & 2: Ukrainian Cyber Alliance
Image 3: Ragnar Locker pic.twitter.com/c9QkDVb5cw
— vx-underground (@vxunderground) October 19, 2023
The Italian State Police is also expected to reveal more information about the operation. However, an FBI spokesperson has declined to comment at this time.
TechCrunch has contacted law enforcement agencies in various countries, including Spain, Latvia, Germany, and the Netherlands, but no responses have been received yet.
RagnarLocker, the name of a ransomware strain and the criminal group behind it has been a prominent actor in the cybercrime world.
This gang, which some security experts suspect to have links to Russia, has been active since 2020, mainly targeting critical infrastructure organizations.
The FBI had previously issued an alert, identifying over 52 U.S. entities across ten critical infrastructure sectors, such as manufacturing, energy, and government, that RagnarLocker ransomware attacks had hit.
BREAKING
Ragnar Locker leak site seized. pic.twitter.com/YWygzCEITm
— Dominic Alvieri (@AlvieriD) October 19, 2023
The agency also released indicators of compromise associated with RagnarLocker, including Bitcoin addresses used for ransom payments and email addresses used by the gang’s operators.
Despite being under the radar of law enforcement for a long time, RagnarLocker has continued its malicious activities.
Ransomware tracker Ransom Watch reported that the gang was still targeting victims as recently as this month.
In September, RagnarLocker claimed responsibility for an attack on Israel’s Mayanei Hayeshua hospital, threatening to leak over a terabyte of data allegedly stolen during the attack.
The successful seizure of the dark website represents a significant step forward in the fight against ransomware, showing the collaborative efforts of international law enforcement agencies in disrupting cybercriminal networks.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.
The post Authorities Seized RagnarLocker Ransomware Dark Web Site appeared first on Cyber Security News.
Cyber Security News
Microsoft says April Windows updates break VPN connections
Microsoft says the April 2024 Windows security updates break VPN connections on Windows 11, Windows 10, and Windows Server systems. […] Read More
BleepingComputer
US to offer $10 million for Information on Iranian CyberAv3ngers Hackers
The United States has intensified its efforts to combat cyber threats by offering a substantial reward for information leading to identifying or locating individuals involved in malicious cyber activities against U.S. critical infrastructure.
The move comes as part of a broader strategy to counter cyber threats from foreign entities.
According to the tweet from the U.S. Department of State’s Rewards for Justice program has announced a reward of up to $10 million for information on individuals acting under the direction or control of a foreign government, who participate in cyber activities that violate the Computer Fraud and Abuse Act.
Time to avenge CyberAv3ngers’ hacking activities!
This group, linked to Iranian military officials, has hacked into industrial control systems used by U.S. industries and public utilities.
Got info on CyberAv3ngers or these officials? Text us today via our Tor tip line. pic.twitter.com/9wRCsP23Ye
— Rewards for Justice (@RFJ_USA) August 7, 2024
This initiative underscores the U.S. government’s commitment to safeguarding its critical infrastructure from cyber threats.
How to Build a Security Framework With Limited Resources IT Security Team (PDF) – Free Guide
This reward focuses on the CyberAv3ngers, a hacking group affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC). This group has been linked to cyberattacks targeting programmable logic controllers (PLCs) used in various industries, including water and wastewater, energy, and healthcare.
Several Iranian security officials have been linked to these malicious activities. Among them is Hamid Reza Lashgarian, the head of the IRGC’s Cyber-Electronic Command (IRGC-CEC), who also serves as a commander in the IRGC-Qods Force.
The U.S. Department of the Treasury has sanctioned Lashgarian, along with Hamid Homayunfal, Mahdi Lashgarian, Milad Mansuri, Reza Mohammad Amin Siberian, and Mohammad Bagher Shirinkar.
These individuals have been designated as Specially Designated Nationals under Executive Order 13224, which targets leaders or officials of the IRGC-CEC for their involvement in cyber and intelligence operations.
As a result, all property and interests in property of these individuals within the United States are blocked, and U.S. persons are generally prohibited from engaging in transactions with them.
The CyberAv3ngers group has been active in targeting Israeli-made PLCs, compromising their default credentials, and leaving provocative messages on the devices.
In October 2023, they claimed responsibility for cyberattacks against Israeli PLCs on their Telegram channel. Since November 2023, these activities have extended to the United States, where compromised devices displayed messages such as, “You have been hacked, down with Israel.”
The U.S. government’s response to these cyber threats highlights the increasing importance of international cooperation and intelligence sharing in addressing cybersecurity challenges.
By offering financial incentives for information, the U.S. aims to disrupt the activities of these hacking groups and protect its critical infrastructure from further attacks.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access
The post US to offer $10 million for Information on Iranian CyberAv3ngers Hackers appeared first on Cyber Security News.