Olympus US hack tied to sanctioned Russian ransomware group
Zack Whittaker, Carly Page/•October 20, 2021
Image Credits: Bryce Durbin / TechCrunch
An “ongoing” cyberattack against the Japanese technology giant Olympus was caused by a Russian ransomware group sanctioned by the U.S. government, according to two people with knowledge of the incident.
A new malware variant known as Macaw was used in the attack that began on October 10, which encrypted Olympus’ systems in the U.S., Canada and Latin America. Macaw is a variant of the WastedLocker malware, both of which were created by Evil Corp., a Russia-based crime group that was subject to U.S. Treasury sanctions in 2019.
It’s the second ransomware attack to hit the company in as many months, after its networks in Europe, the Middle East and Africa were knocked offline by the BlackMatter ransomware group in September. (BlackMatter and Evil Corp. are not known to be linked.)
“Olympus was hit by BlackMatter last month and then hit by Macaw a week or so ago,” Allan Liska, a senior threat analyst at security firm Recorded Future, told TechCrunch. Liska said that the Macaw malware leaves behind a ransom note on hacked computers that claims to have stolen data from its victims.
Olympus said in a statement on Tuesday that the company was investigating the “likelihood of data exfiltration,” a common technique by ransomware groups known as “double extortion,” where the hackers steal files before encrypting the victim’s network and threaten to publish the files online if the ransom to decrypt the files is not paid.
When reached on Wednesday, Olympus spokesperson Jennifer Bannan declined to answer our questions or say if the company paid the ransom.
“In the best interests of the security of our system, our customers and their patients, we will not comment on criminal actors and their actions, if any. We are committed to providing appropriate notifications to impacted stakeholders,” the company said in a statement.
Treasury sanctions make it more difficult for companies based or operating in the United States to pay a ransom to get their files back, since U.S. nationals are “generally prohibited” from transacting with sanctioned entities. Evil Corp. has renamed and modified its malware several times to circumvent U.S. sanctions.
Bloomberg reported Wednesday that the Macaw malware was also used to cause widespread disruption last week at Sinclair Broadcast Group, which owns or operates 185 television stations across more than 80 markets. Sinclair said in a statement on Monday that while some data was stolen from Sinclair’s network, it wasn’t clear exactly what information was taken.
Evil Corp. also launched attacks at Garmin, which caused a nearly week-long outage after a ransomware attack in 2020, as well as insurance giant CNA.
Zack Whittaker, Carly Page/•October 20, 2021
Image Credits: Bryce Durbin / TechCrunch
An “ongoing” cyberattack against the Japanese technology giant Olympus was caused by a Russian ransomware group sanctioned by the U.S. government, according to two people with knowledge of the incident.
A new malware variant known as Macaw was used in the attack that began on October 10, which encrypted Olympus’ systems in the U.S., Canada and Latin America. Macaw is a variant of the WastedLocker malware, both of which were created by Evil Corp., a Russia-based crime group that was subject to U.S. Treasury sanctions in 2019.
It’s the second ransomware attack to hit the company in as many months, after its networks in Europe, the Middle East and Africa were knocked offline by the BlackMatter ransomware group in September. (BlackMatter and Evil Corp. are not known to be linked.)
“Olympus was hit by BlackMatter last month and then hit by Macaw a week or so ago,” Allan Liska, a senior threat analyst at security firm Recorded Future, told TechCrunch. Liska said that the Macaw malware leaves behind a ransom note on hacked computers that claims to have stolen data from its victims.
Olympus said in a statement on Tuesday that the company was investigating the “likelihood of data exfiltration,” a common technique by ransomware groups known as “double extortion,” where the hackers steal files before encrypting the victim’s network and threaten to publish the files online if the ransom to decrypt the files is not paid.
When reached on Wednesday, Olympus spokesperson Jennifer Bannan declined to answer our questions or say if the company paid the ransom.
“In the best interests of the security of our system, our customers and their patients, we will not comment on criminal actors and their actions, if any. We are committed to providing appropriate notifications to impacted stakeholders,” the company said in a statement.
Treasury sanctions make it more difficult for companies based or operating in the United States to pay a ransom to get their files back, since U.S. nationals are “generally prohibited” from transacting with sanctioned entities. Evil Corp. has renamed and modified its malware several times to circumvent U.S. sanctions.
Bloomberg reported Wednesday that the Macaw malware was also used to cause widespread disruption last week at Sinclair Broadcast Group, which owns or operates 185 television stations across more than 80 markets. Sinclair said in a statement on Monday that while some data was stolen from Sinclair’s network, it wasn’t clear exactly what information was taken.
Evil Corp. also launched attacks at Garmin, which caused a nearly week-long outage after a ransomware attack in 2020, as well as insurance giant CNA.
The agencies are warning organisations about the attacks which they say have been used in the past to target US critical infrastructure
by: Zach Marzouk
19 Oct 2021
The CISA, FBI, and NSA have published a cyber security advisory warning organisations of BlackMatter ransomware attacks which have targeted multiple US critical infrastructure entities in the food and agriculture sector.
The organisations underlined that BlackMatter, first seen in July 2021, is a ransomware as a service (RaaS) tool which cyber actors have used to access a network and remotely encrypt host and shared drives. The developers who sell the tool are able to profit from cyber criminal affiliates who deploy it, said the advisory.
The agencies underlined that ransomware attacks against critical infrastructure entities could directly affect consumer access to these services, which is why the CISA, FBI, and NSA have urged all organisations to implement a number of mitigations to help organisations reduce the risk of compromise from BlackMatter ransomware attacks.
The mitigations include implementing and enforcing backup procedures, using strong unique passwords, using multi-factor authentication, and implementing network segmentation and traversal monitoring.
“This advisory highlights the evolving and persistent nature of criminal cyber actors and the need for a collective public and private approach to reduce the impact and prevalence of ransomware attacks,” said Eric Goldstein, executive assistant director for Cybersecurity at the CISA.
“CISA, FBI and NSA are taking every step possible to try to make it harder for cyber criminals to operate. Americans can help us in this long-term endeavor by visiting Stopransomware.gov to learn how to reduce their risk of becoming a victim of ransomware.”
Bryan Vorndran, assistant director of the FBI’s Cyber Division, highlighted the need for organisations to report any ransomware incidents by contacting their local FBI Field Office and speaking to a cyber agent.
“By reporting a cyber incident, targeted entities are enhancing our ability to respond and investigate with the goal of disrupting cybercriminal operations,” he said.
In September, the BlackMatter ransomware group hit New Cooperative, an Iowa-based farming cooperative, with a $5.9 million ransom demand. The gang had obtained financial documents, networking information, employee social security numbers, and the source code for a farmer technology platform from the cooperative. The timing of the attack made it crucial for the organisation to get its systems back online as soon as possible as the harvesting season was about to begin.
Hacker Who Built A Fake News Pro-Trump Empire Has Unmasked Himself
BY : CAMERON FREW ON : 15 OCT 2021
BY : CAMERON FREW ON : 15 OCT 2021
Alamy
Hacker X, the man responsible for a pro-Trump fake news empire, has revealed himself.
Over the course of two years, Hacker X sat at the helm of a ‘monster’ which relentlessly spread baseless stories, conspiracy theories and propaganda in aid of the former president’s rhetoric, all with the aim of securing a victory in the 2016 election against Hillary Clinton.
Armed with a team of writers and editors paid specifically to undermine facts by conjuring content, he believes the bulk of interference in the election came from misinformation in the US, not Russia, which ultimately played ‘such a minor role that they weren’t even a blip on the radar’.
Hacker X, the man responsible for a pro-Trump fake news empire, has revealed himself.
Over the course of two years, Hacker X sat at the helm of a ‘monster’ which relentlessly spread baseless stories, conspiracy theories and propaganda in aid of the former president’s rhetoric, all with the aim of securing a victory in the 2016 election against Hillary Clinton.
Armed with a team of writers and editors paid specifically to undermine facts by conjuring content, he believes the bulk of interference in the election came from misinformation in the US, not Russia, which ultimately played ‘such a minor role that they weren’t even a blip on the radar’.
Alamy
Speaking exclusively to Ars Technica, the hacker revealed his identity: Robert Willis, who dubs himself an ‘ethical hacker’. The publication insists it’s fact-checked his claims, only conceding to use a fake name, Koala Media, for his former company.
In 2015, he was on the hunt for a job in IT. ‘I showed up at the location, which was a large corporate building. I was given directions to wait downstairs until I was collected. The secretiveness was intriguing. It may have turned some people off, but I love an adventure,’ he recalled.
‘I had not been given any information on the job other than that they were very excited, because to find someone like me was very rare – I had tons of random, overlapping, highly technical skills from years of wearing multiple hats at smaller private companies.’
Speaking exclusively to Ars Technica, the hacker revealed his identity: Robert Willis, who dubs himself an ‘ethical hacker’. The publication insists it’s fact-checked his claims, only conceding to use a fake name, Koala Media, for his former company.
In 2015, he was on the hunt for a job in IT. ‘I showed up at the location, which was a large corporate building. I was given directions to wait downstairs until I was collected. The secretiveness was intriguing. It may have turned some people off, but I love an adventure,’ he recalled.
‘I had not been given any information on the job other than that they were very excited, because to find someone like me was very rare – I had tons of random, overlapping, highly technical skills from years of wearing multiple hats at smaller private companies.’
Alamy
The interviewers eventually revealed the name of the company and its wider intentions. ‘I wasn’t scared but excited at how crazy this was already turning out [to be]. I listened. I was told that there were big plans for the office I was sitting in and that they had already hired the initial writers and editor for the new operation,’ he said.
‘They told me that they were against big companies and big government because they are basically the same thing. They said they had readers on the right and the left. They said they were about freedom,’ Willis continued, before they told him, ‘If you work for us, you can help stop Hillary Clinton.’
‘I hated the establishment, Republicans, and Democrats, and Hillary was the target because she was as establishment as it got and was the only candidate that was all but guaranteed to be running on the main ticket in the future 2016 cycle.
The interviewers eventually revealed the name of the company and its wider intentions. ‘I wasn’t scared but excited at how crazy this was already turning out [to be]. I listened. I was told that there were big plans for the office I was sitting in and that they had already hired the initial writers and editor for the new operation,’ he said.
‘They told me that they were against big companies and big government because they are basically the same thing. They said they had readers on the right and the left. They said they were about freedom,’ Willis continued, before they told him, ‘If you work for us, you can help stop Hillary Clinton.’
‘I hated the establishment, Republicans, and Democrats, and Hillary was the target because she was as establishment as it got and was the only candidate that was all but guaranteed to be running on the main ticket in the future 2016 cycle.
Alamy
‘If I were to choose a lesser evil at the time, it would have, without a doubt, been the Republican Party, since I had moved to the new city due to the Democrats literally destroying my previous home state. It felt like good revenge.’
Of course, he took the job. Quite quickly, he realised how easy it was to get engagement on any anti-Clinton content. ‘Pieces that ran… claimed, among other things, that Clinton had plans to criminalise gun owners, to kill the free press, to forcefully drug conservatives, to vaccinate people against their wills, to euthanise some adults, and to ban the US flag,’ he said.
Willis left after two years, and Koala Media has since been exorcised from Facebook. Upon seeing the damage of misinformation during the COVID-19 pandemic – including his own father being manipulated – he wishes to make amends. ‘COVID has shown me the deadly side of fake news and anti-vaccination people,’ he said.
‘If I were to choose a lesser evil at the time, it would have, without a doubt, been the Republican Party, since I had moved to the new city due to the Democrats literally destroying my previous home state. It felt like good revenge.’
Of course, he took the job. Quite quickly, he realised how easy it was to get engagement on any anti-Clinton content. ‘Pieces that ran… claimed, among other things, that Clinton had plans to criminalise gun owners, to kill the free press, to forcefully drug conservatives, to vaccinate people against their wills, to euthanise some adults, and to ban the US flag,’ he said.
Willis left after two years, and Koala Media has since been exorcised from Facebook. Upon seeing the damage of misinformation during the COVID-19 pandemic – including his own father being manipulated – he wishes to make amends. ‘COVID has shown me the deadly side of fake news and anti-vaccination people,’ he said.
No comments:
Post a Comment