Connect with us


REvil Ransomware Group Dismantled by Russia at US Request



By Reuters | Updated: 17 January 2022

Apple said on Saturday it would allow developers of dating apps in the Netherlands to offer non-Apple payment options to their users, complying with an order from the country’s market regulator to do so by January 15 or face fines.

The country’s Authority for Consumers and Markets found in a decision published on December 24 that Apple had abused its market position by requiring dating app developers, including Tinder owner Match Group, to exclusively use Apple’s in-app payment system.

Apple’s practice of requiring developers to use its system and pay commissions of 15-30 percent on digital goods purchases has come under scrutiny from regulators and lawmakers around the world, but the Dutch ruling applies only in the Netherlands and only for dating apps.

Russia has dismantled ransomware crime group REvil at the request of the United States in an operation in which it detained and charged the group’s members, the FSB domestic intelligence service said on Friday.

The arrests were a rare apparent demonstration of US-Russian collaboration at a time of high tensions between the two over Ukraine. The announcement came as Ukraine was responding to a massive cyber attack that shut down government websites, though there was no indication the incidents were related.

The United States welcomed the arrests, according to a senior administration official, adding “we understand that one of the individuals who was arrested today was responsible for attack against Colonial Pipeline last spring.”

A May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the US East Coast used encryption software called DarkSide, which was developed by REvil associates.

A police and FSB operation searched 25 addresses, detaining 14 people, the FSB said, listing assets it had seized including 426 million (roughly Rs. 40 crore), $600,000 (roughly Rs. 4 crore), 500,000, computer equipment and 20 luxury cars.

A Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov and remanded them in custody for two months. Muromsky could not be reached for comment and his phone was off. Reuters could not immediately reach Bessonov.

Two Muscovites told Reuters Muromsky was a web developer who had helped them with websites for their businesses.

Russia told Washington directly of the moves it had taken against the group, the FSB said. The US Embassy in Moscow said it could not immediately comment.

“The investigative measures were based on a request from the … United States,” the FSB said. “… The organised criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralised.”

The REN TV channel aired footage of agents raiding homes and arresting people, pinning them to the floor, and seizing large piles of dollars and Russian roubles.

The group members have been charged and could face up to seven years in prison, the FSB said.

A source familiar with the case told Interfax the group’s members with Russian citizenship would not be handed over to the United States.

The United States said in November it was offering a reward of up to $10 million (roughly Rs. 75 crore) for information leading to the identification or location of anyone holding a key position in the REvil group.

The United States has been hit by a string of high-profile hacks by ransom-seeking cybercriminals. A source with direct knowledge of the matter told Reuters in June that REvil was suspected of being the group behind a ransomware attack on the world’s biggest meat packing company, JBS SA.

Washington has repeatedly accused the Russian state in the past of malicious activity on the internet, which Moscow denies.

REvil has not been associated with any major attacks for months.

John Shier, a threat researcher at the UK-based Sophos cybersecurity company, said there was no independent confirmation the self-identified leaders of the “defunct” group had been arrested.

“If nothing else, it serves as a warning to other criminals that operating out of Russia might not be the safe harbor they thought it was,” he said.

‘Normal programmer’

A former client of Muromsky who only gave the name Sergei described him as a regular worker who did not appear wealthy.

Sergei runs a shop called Motohansa selling motorcycle spare parts. Muromsky created its website and supported it for some time charging him around RUB 15,000 (roughly Rs. 14,700) per month, he said.

“He is a smart person and I can imagine that if he wanted to do it (hacking) he could, but he charged very little money for his services. Several years ago he had a Rover car. That’s not an expensive car at all,” Sergei said.

Muromsky is in his thirties and was born in Anapa in Russia’s south, he said. “He worked as a normal programmer.”

Another client, Adam Guzuyev, described Muromsky as “a regular normal worker” who proved unable to install all the features Guzuyev wanted on his website.

“He earned no more than RUB 60,000 (roughly Rs. 60,000). I can’t say he has genius abilities,” he said, adding Muromsky spent three months working on his website.

© Thomson Reuters 2022

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.


Facebook, Twitter, Google, Other Tech Firms Ask US Supreme Court to Block Texas Social Media Law



By Reuters | Updated: 14 May 2022

Lobbying groups representing Facebook, Twitter, Google and other tech companies filed an emergency request with the US Supreme Court on Friday, seeking to block a Texas law that prohibits large social media platforms from banning users based on their political views.

The Texas law went into effect on Wednesday when the 5th US Circuit Court of Appeals granted the state’s request for a stay of a district judge’s injunction blocking the law.

The law forbids social media companies with more than 50 million active users per month from banning members based on their political views and requires them to publicly disclose how they moderate content.

It was signed into law by Texas Governor Greg Abbott, a Republican, in September.

Internet lobbying groups NetChoice and the Computer & Communications Industry Association filed a lawsuit against the measure, and US District Judge Robert Pitman in Austin, Texas, issued a preliminary injunction in December.

Pitman had found that the law would harm social media companies’ free speech rights under the First Amendment of the US Constitution.

The tech groups, in their emergency request, asked the Supreme Court to “allow the District Court’s careful reasoning to remain in effect while an orderly appellate process plays out.”

© Thomson Reuters 2022

Continue Reading


Cyberattacks Grown in Last 2 Years During Pandemic, Global Cost Topped $6 Billion in 2021: Italian Defence Firm



By Agencies | Updated: 11 May 2022

The global cost of cybercrime topped $6 trillion (roughly Rs. 4,63,52,100 crore) last year, as the coronavirus pandemic caused online activity to soar, the head of Italian defence, security and aerospace giant Leonardo said Tuesday.

“New cybersecurity threats over the last two years have been a ‘collateral damage’ of the COVID-19 pandemic and the acceleration of digitalisation it induced,” Alessandro Profumo said at the opening of the Cybertech Europe 2022 conference in Rome.”

Cyberattacks have grown in number, sophistication and impact — in 2021 the global cost of cybercrime exceeded $6 trillion. “The figures came from Clusit, the Italian association for information security, and compare to an estimate of losses of $1 trillion (roughly Rs. 77,25,550 crore) in 2020.

One fifth of the total attacks was directed at Europe, Profumo said, but the continent lacked at least 200,000 cybersecurity professionals.

Speaking to foreign journalists in Rome last month, he said cybersecurity issues had increased following Russia’s invasion of Ukraine. “We are noticing additional pressure,” said the boss of Leonardo, which has a specialised branch dedicated to cybersecurity.

The statement from Italian defence firm comes a day after the European Union (EU), the UK and the US accused Russia to be behind a series of cyberattacks linked with its conflict with Ukraine earlier this year with wide-ranging impact across Europe.

The western allies said the most recent attack was on the communications company Viasat in Ukraine, which had a wider impact across the European continent, disrupting wind farms and internet users in central Europe. The UK’s National Cyber Security Centre (NCSC) assesses that the Russian Military Intelligence was “almost certainly” involved in the January 13 defacements of Ukrainian government websites and the deployment of a destructive malware called Whispergate.

“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” said UK Foreign Secretary Liz Truss.

Continue Reading


EU, US, UK Accuse Russia of Cyberattacks Amid Invasion of Ukraine; Blame It for Deployment of Whispergate



By Press Trust of India | Updated: 10 May 2022

Russia has been behind a series of cyberattacks linked with its conflict with Ukraine earlier this year with wide-ranging impact across Europe, the European Union (EU), the UK and the US said on Tuesday. The western allies said the most recent attack was on the communications company Viasat in Ukraine, which had a wider impact across the European continent, disrupting wind farms and internet users in central Europe.

The UK’s National Cyber Security Centre (NCSC) assesses that the Russian Military Intelligence was “almost certainly” involved in the January 13 defacements of Ukrainian government websites and the deployment of a destructive malware called Whispergate.

“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” said UK Foreign Secretary Liz Truss.

“We will continue to call out Russia’s malign behaviour and unprovoked aggression across land, sea and cyberspace, and ensure it faces severe consequences,” she said.

The NCSC said it also assesses that it is “almost certain” Russia was responsible for the subsequent cyberattack impacting Viasat on February 24.

At the time, a cyberattack against Viasat began approximately one hour before Russia launched its major invasion of Ukraine. Although the primary target is believed to have been the Ukrainian military, other customers were affected, including personal and commercial internet users. Wind farms in central Europe and internet users were also affected.

Viasat has said that “tens of thousands of terminals have been damaged, made inoperable and cannot be repaired”.

The announcement this week comes as cybersecurity leaders from the Five Eyes intelligence alliance – comprising Australia, Canada, New Zealand, the United Kingdom and the United States – the EU and others are meeting at the NCSC’s Cyber UK conference in Newport to discuss the cyber threats facing the world.

The UK government highlighted that it has already sanctioned the Russian Intelligence network GRU after their poisoning incidents in the city of Salisbury, and has frozen more than GBP 940 billion (roughly Rs. 89,38,530 crore) worth of bank assets and GBP 117 billion (roughly Rs. 11,12,613 crore) in personal net worth from oligarchs and their family members who back Russian President Vladimir Putin.

Continue Reading


Russia’s RuTube Knocked Out for Second Day by Victory Day Cyberattack



By Reuters | Updated: 10 May 2022

RuTube, Russia’s answer to YouTube, was crippled for a second day on Tuesday by a cyber attack whose timing it linked to this week’s anniversary celebrations of victory over Nazi Germany in World War Two.

Usually packed with video content, RuTube’s site is currently black, with a short message reading: “Attention! The site is undergoing technical work. The site was attacked. At the moment the situation is under control. User data has been saved.”

The attack began on Monday, a major national holiday when Russia commemorated the Soviet victory over Adolf Hitler and President Vladimir Putin delivered a speech likening that struggle to the current war in Ukraine.

“Someone really wanted to prevent RuTube from showing the Victory Day parade and celebratory fireworks,” RuTube said. “It is not a sin to remember the battles our guys won. The battle for RuTube continues.”

It described the cyberattack as the worst in the site’s history.

In a separate incident on Monday, Russian satellite television menus were hacked to show viewers in Moscow messages about events in Ukraine, including “You have blood on your hands”, according to screenshots obtained by Reuters.

The websites of state-owned companies and news websites have fallen under sporadic hacking efforts since Russia invaded Ukraine on February 24, often to show information that is at odds with Moscow’s official line on what it calls a “special military operation”.

RuTube said a large team was working to restore the service, and denied reports it had lost the website’s source code.

The long outage goes some way to explaining why Russia has not yet blocked Alphabet’s YouTube, despite repeatedly fining and warning the US service over its removal of some state-backed Russian channels and for failing to delete content Moscow deems illegal.

Russia restricted access to Twitter and Meta Platform’s Facebook and Instagram in early March.

Critics have previously told Reuters that RuTube, despite its weekly user numbers jumping in early March as other foreign social media were forced out of the Russian market, still has a long way to go to rival Google’s video product.

© Thomson Reuters 2022

Continue Reading


US Offers $15 Million Reward for Information on Conti Ransomware Group



By Reuters | Updated: 7 May 2022

The US on Friday offered a reward of up to $15 million (roughly Rs. 115 crore) for information on the Russia-based Conti ransomware group, which has been blamed for cyber extortion attacks worldwide, State Department spokesman Ned Price said.

The FBI estimates that more than 1,000 victims of the Conti group have paid a total in excess of $150 million (roughly Rs. 1,154 crore) in ransomware payments, Price said in a statement.

“In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cyber criminals,” he said.

The reward comprises $10 million (roughly Rs. 77 crore) for the identification or the location of leaders of the group, and $5 million (roughly Rs. 38 crore) for information that results in the arrest of anyone conspiring with Conti.

Last year, the FBI said Conti was responsible for striking 16 medical and first responder networks in the US.

Price noted that Conti was blamed for an attack in April on Costa Rica’s tax and customs platforms, impacting the Central American country’s foreign trade.

In February, the Conti group vowed to attack enemies of the Kremlin if they respond to Russia’s invasion of Ukraine.

© Thomson Reuters 2022

Continue Reading


AGCO Ransomware Attack Disrupts Tractor Sales During US Planting Season



By Reuters | Updated: 7 May 2022

AGCO did not disclose the names of the facilities or if any data was stolen, but said it was still probing the extent of the attack that occurred on Thursday and working to repair its systems.

Tim Brannon, president and owner of B&G Equipment in Tennessee, told Reuters he has not been able to access AGCO’s website for ordering and looking up parts since Thursday morning.

“We just have to trust that it will be over as soon as possible because we are coming into our busiest time of the year and it will be very damaging to our business and customers,” Brannon said.

AGCO, which competes with larger rival Deere & Co, sells tractors and combines, manufactures and assembles products in 42 locations worldwide with 1,810 dealerships in North America.

Dealers are now struggling to keep up with orders that were already backlogged.

The company told dealers that it was “prioritising” the most business critical systems in an e-mail read to Reuters by a dealer who declined to be identified.

“I’ve got about nine orders that I need to place right now,” said the dealer.

He said AGCO told him “digital systems” had been impacted worldwide.

AGCO did not respond to requests for additional comment.

AGCO’s shares were down 6 percent at $125.55 (roughly Rs. 9,600) in late afternoon trading.

Ransomware attacks have targeted food and fuel companies in the United States in recent years, including the Colonial Pipeline’s oil network and meat processing company JBS. Last autumn, at least three grain handlers in the Midwest were hit with ransomware attacks.

© Thomson Reuters 2022

Continue Reading