Since the beginning of 2021, the world has experienced a series of large-scale cyber attacks. (Source: Reuters) In an age where technology is creeping into every aspect of life, the term cyberattack is not new. Many people think simply that a cyber attack is an attempt by a hacker to steal data or money by infiltrating a computer network, databases, network infrastructure, websites, and devices. individual or organization. But now, hackers have found a way to make a lot of money illegally by attacking physical infrastructure targets, disrupting essential services, affecting not only to a person, a company that can spread to an entire city, even a country. Cyberattacks on the rise Over the past time, the US has continuously suffered from ransomware attacks targeting large companies, non-governmental organizations and government agencies. Most recently, on June 2, a ferry terminal operator service in the US state of Massachusetts became the target of a cyber attack, partially disrupting the ferry service payment system. Previously, hackers attacked the world’s leading meat processing group JBS SA, a branch in the US. In early May, the largest US oil pipeline operator Colonial Pipeline was also attacked by ransomware and forced to shut down some systems, disrupting supplies and pushing gasoline prices to record highs. green. Not only the US, the targets of hackers are very diverse. According to data from cybersecurity company BlackFog, from the beginning of 2021 to the present, US organizations and businesses have suffered 52 ransomware attacks, three times higher than the second-ranked country, the UK (16 (16). competition), followed by France (7), Canada (7), Australia (4), the Netherlands (4) and India (3). The rest of the world suffered only 39 attacks by hackers. Danger wave According to CNN, hacker groups have found that attacking critical service infrastructure can easily make them more money, in less time. These types of attacks have the potential to cause chaos in life, which can lead to product scarcity, push prices higher… The bigger the disruption, the quicker the hacked companies pay the hacker to fix the problem soon. The US Cybersecurity and Infrastructure Agency (CISA) has listed 16 industries as critical infrastructure sectors, including energy, healthcare, financial services, water, etc. Attacks, disruption of these industries can have a dramatic impact, undermining the US economy and security. More dangerously, most companies in this industry do not consider themselves technology-focused companies, leaving the operating system defenseless against increasingly sophisticated attacks by hackers. In addition, it is no coincidence that cyber attacks have increased sharply in the context of the raging Covid-19 pandemic. Millions of people move to remote work, including employees with access to critical infrastructure, while ransomware is deployed simply by enticing victims to click a link in an email. . Eric Cole, a former cybersecurity official under President Barack Obama, said that in order to promote automation, the internal networks of critical infrastructures are now networked and make the risk more risky. higher attack. In particular, hospital systems and healthcare providers are often targeted because they are busy dealing with Covid-19 and have little time to update their defenses. In response to this new wave of danger, on June 3, the White House sent an open letter, asking essential service companies to “consider ransomware as a threat to our core business.” themselves, rather than simply risk data theft.” US Commerce Secretary Gina Raimondo on June 6 asked the private sector of the country to be vigilant against the increasing wave of cyber attacks, and said that the threat is always present and even present. may become more severe. In order to protect your safety as well as your wallet, according to CNN , not only the US, companies, organizations and agencies also need to quickly close potential vulnerabilities in the system, update software and ensure that the most important functions are “immune” from damage. network attacks. Individuals also need to be cautious and alert before clicking on any link on the internet.

After a hacker attack Meat producer JBS pays ransom

Status: 10.06.2021 7:13 a.m.

The world’s largest meat company JBS has apparently paid a ransom of $ 11 million after a cyber attack by hackers. It was another incident in a series of corporate blackmail cases in the United States. The US subsidiary of the Brazilian meat processor JBS paid the equivalent of eleven million dollars in ransom after a hacker attack. The payment was made to prevent further disruption by the hackers and to restore the smooth operation of the affected locations, said the Dallas-based company. According to the US media, the payment was made in Bitcoin. According to the US government, the company had received a ransom note from a criminal organization likely based in Russia. The attack paralyzed JBS production in Australia and affected Canada and the United States.

“A difficult decision”

“This was a very difficult decision for our company and for me personally,” explained Managing Director Andre Nogueira. “However, we felt that this decision had to be made in order to avoid any potential risk to our customers.” The investigations are still ongoing, but preliminary results have suggested “that no company, customer or employee data has been compromised.”

US investigators suspect Russia is behind it

US President Joe Biden said last week that investigators had linked Russia to the JBS case. “JBS USA was in constant contact with government officials throughout the incident,” the company said. In the USA, the state and business are currently fighting a series of attacks with blackmail software known as “ransomware”. The data of the attacked systems are encrypted. The hackers demand cash payments in cryptocurrency so that they can unlock access again and not publish the data.

Ransom payment in Bitcoin

The US utility company was also last month Colonial pipeline The victim of a hacker attack with a blackmail Trojan that temporarily shut down the entire pipeline network. The US Federal Police FBI blames a hacker group called “Darkside” for the attack and later tracked down the ransom of 75 Bitcoin that Colonial had paid – at the time it was worth $ 4.4 million.

(Artwork. Source: bitcoinexchangeguide.com) Ransomware attacks have been on the rise in South Korea over the past year, paralyzing hospitals and shopping malls amid the COVID-19 pandemic leading to an increase in online shopping activities. . On June 3, a large plastic surgery hospital in the south of Seoul announced on its website that its server had been attacked with ransomware and that hackers appeared to have stolen data. patient’s personal data. This is the latest in a series of recently reported ransomware attacks – a tactic used by cybercriminals to infiltrate businesses’ systems and use their data to demand ransom. ransom. According to the South Korean Ministry of Science and Information Technology, last year there were 127 ransomware attacks, a threefold increase from the previous year. Since the beginning of this year, the country has recorded 65 attacks with ransomware. Malware attacks blackmail was aimed at various businesses in Korea. Last month, food delivery company Super Hero’s operations were paralyzed for hours after an attack that affected 15,000 delivery workers nationwide. Last November, local fashion and retail group E-Land was also “inquired” by hackers, forcing 23 of the 50 branches of the NC Department Store and NewCore Outlet to suspend operations. Mr. Kim Seung-joo, Professor of Cyber ​​Security at University Korea , commented that as companies are forced to choose to increase their reliance on remote work during the pandemic, cyber attacks malicious code Blackmail has become a bigger threat because they can paralyze the entire working system. This has led to many companies paying a ransom and has led hackers to carry out more attacks. He urged businesses to invest in cybersecurity to prevent the threat in the first place. In response to ransomware attacks in the near future, last month, the Korean Ministry of Information and Communications Technology set up a 24-hour monitoring group to support hacked companies. . The government is now providing assistance to affected companies in system recovery.

The entrance to a shopping mall in Seoul, South Korea is closed after a ransomware attack. (Source: Yonhap) On June 3, a large plastic surgery hospital in the south of Seoul announced on its website that its server had been attacked with ransomware and that hackers appeared to have stolen data. patient’s personal data. This is the latest in a series of recently reported ransomware attacks – a tactic used by cybercriminals to infiltrate businesses’ systems and use their data to demand ransom. ransom. According to the Korean Ministry of Science and Information Technology, last year there were 127 ransomware attacks, a threefold increase from the previous year. Since the beginning of this year, the country has recorded 65 attacks with ransomware. Ransomware attacks have targeted various businesses in South Korea. Last month, food delivery company Super Hero’s operations were paralyzed for hours after an attack that affected 15,000 delivery workers nationwide. Last November, local retail and fashion group E-Land was also “inquired” by hackers, forcing 23 of the 50 branches of the NC Department Store and NewCore Outlet to suspend operations. Kim Seung-joo, a professor of cybersecurity at Korea University, said that in the context of companies being forced to choose to increase their reliance on remote working during the pandemic, ransomware attacks Money has become a bigger threat because they can paralyze the whole working system. This has led to many companies paying a ransom and has led hackers to carry out more attacks. Kim Seung-joo urged businesses to invest in cybersecurity to prevent the threat in the first place. In response to ransomware attacks, last month, South Korea’s Ministry of Information and Communications Technology set up a 24-hour monitoring team to assist hacked companies. The government is now providing assistance to affected companies in system recovery. (according to Yonhap)

The move comes after the attack on the US oil and gas shipping company Colonial Pipeline and the growing damage caused by cybercriminals. The US raised the level of investigation into the crime of extortion hackers to the level of ‘terrorists’. Photo: REUTERS In an internal guideline document sent to law offices across the United States on June 3, the US Department of Justice directed that investigations into ransomware should be coordinated with the central government, specifically: A new task force was established in Washington. “This will be a specialized process to ensure we can track all cases of extortion hackers regardless of where they happen in the US, so we can capture the connection between subjects and proceed to break the whole link,” said Deputy Attorney General John Carlin. Previously, in May, the largest US oil pipeline system, the Colonial Pipeline, was crippled by hackers. Colonial Pipeline has decided to pay hackers who have compromised their systems nearly $5 million to regain access. According to the Reuters , the DOJ’s guidance document specifically mentions the Colonial attack as an example of “the growing threat posed by cybercriminals and digital ransomware to the nation.” . “To ensure we can uncover connections between incidents and investigations across the country and globally, and to paint a big picture of national security and economic threats, The economy we face, we must strengthen and focus our internal monitoring,” the guidance document states. Reuters Citing US officials, the decision to include ransomware attacks in a special process by the Department of Justice shows that the issue is being prioritized. “We’ve used this model in the past for counterterrorism, but never with ransomware,” said Carlin, adding that the process typically applies to cases involving direct national security. In practice, this means that investigators at US attorneys’ offices dealing with ransomware cases will have to share both up-to-date case details and technical information with officials in Washington. The guidelines also require offices to review and report other investigations related to the large-scale cybercrime ecology. According to the guidelines, the list of investigations currently required to be reported to the central government includes: anti-virus services, illegal online forums or marketplaces, cryptocurrency exchanges, cybercriminal server services, botnets, and online money laundering services. “We would like to emphasize that prosecutors and criminal investigators need to report and conduct monitoring of cryptocurrency exchanges, illegal online forums or marketplaces for trading hacking tools. , as well as tracking botnets that serve a variety of purposes,” said Carlin. According to Mark Califano, a former US attorney and cybercrime expert, raising the level of investigation could allow the US Justice Department to “deploy resources more effectively” and “identify common exploits” variables” used by cybercriminals.

In a statement on May 31, JBS USA said it detected an organized cyberattack that affected several servers that support the corporation’s information technology systems at its North American facilities. and Australia. JBS is the world’s largest meat processing company, with operations in many countries such as the US, Australia, Canada, Europe, Mexico, New Zealand and the UK. The company said no customer, supplier or employee data was leaked or used for shady purposes following the cyberattack. However, the company said it will take a long time to resolve this issue and as a result, some transactions with customers and suppliers may be disrupted. All US beef processing plants under JBS have stopped production, affecting nearly a quarter of the total supply in the US market. The company’s other meat processing plants were also disrupted to a certain extent. Photo: Visual China Although the company has not publicly stated that it is threatened by ransomware, the White House said the attack was ransomware, possibly from a group based in Russia, although JBS has not made it public. confirm this. White House spokeswoman Karine Jean-Pierre told Reuters the FBI was investigating. Ransomware is malicious software that encrypts a target’s system, preventing users from accessing and using their computer system or document files (mainly detected on Windows operating systems). In some cases, hackers also gain access to the target’s data and demand a ransom if they want to get the data back. Since November last year, a series of ransomware attacks have targeted well-known companies such as the US factory Foxconn, Apple’s Macbook Quanta laptop assembly partner, and the Colonel Pipeline pipeline company. Among them, Quanta has stolen a large number of drawings of the new MacBook, which has a certain effect on Apple. The hacker group asked Apple to pay a ransom of $ 50 million to not publicly publish the data they have, Apple flatly refused. Leading US fuel pipeline operator Colonial Pipeline has shut down its entire network following a ransomware-related cyberattack. According to CNBC, the company Colonial paid $4.4 million in ransom in the form of Bitcoin cryptocurrency to the DarkSide hacker group. For these companies, there are two issues that need to be considered: First, why the security team can’t resist hacker attacks; second, what role does cryptocurrencies play in these transactions? The “fragility” of businesses before a cyber attack When you hear the word “cybersecurity,” you probably think of large companies or government organizations that invest tens of millions of dollars in firewalls, anti-virus software, and other security protocols to protect their systems from potentially malicious attacks or data leaks. Or you would think of the large internal cybersecurity teams who are knowledgeable and know how to deploy the latest technology to fight hackers and protect corporate information. The reality is that security issues affect every company – from the smallest store, fledgling startups to the largest multinationals. Any system is not immune to loopholes, and hackers who have the guts to attack large businesses are organized and premeditated. The security team of a large enterprise cannot avoid negligence, giving hackers the opportunity to take advantage. Hackers take advantage of cryptocurrency to make blackmail transactions Photo: QQ After successful attacks, many hacker groups now demand ransom in the form of cryptocurrencies, namely Bitcoin instead of real money. All transactions are assigned to Bitcoin addresses, but this address is not assigned to a specific person or organization. To increase anonymity, each transaction you can use a Bitcoin address to send and receive money, no one can know who you are. So Bitcoin is definitely the best choice when it comes to making illegal transactions. As the most valuable cryptocurrency today, Bitcoin has become a favorite object of hackers. The market value of cryptocurrencies skyrocketed around October of last year. Since mid-May of this year, this market price has been continuously falling, but it seems that the cryptocurrency still has a chance to explode again. In 2017, a type of malicious code called WannaCry opened a huge cyber attack in 150 countries, causing many users’ files to be locked. If they want the right to unlock, the victim has to pay the hackers 300 USD worth of Bitcoin. In 2019, hackers attacked the city of Baltimore (Maryland state, USA), froze thousands of computers, turned off emails … and demanded the city pay about 100,000 USD in Bitcoin. Ransomware attacks will get stronger and stronger Photo: QQ According to Ekram Ahmed, a spokesman for cybersecurity firm Check Point: “Hackers are pursuing larger and more advanced targets because they know they can succeed. Networks like Colonial paid $4.4 million in ransom, ransomware monetization will attract many new entrants. Things are getting worse, and I firmly believe that ransomware is now a national security threat.” . The consecutive attacks signal a worrying trend in ransomware attacks, especially those that can cause major disruption. Ransomware attacks are becoming more and more common, although hackers often find smaller and more vulnerable targets, less network security, and will pay a ransom to keep their systems normal. usually return as quickly as possible. Cryptocurrencies like Bitcoin have made it much easier for hackers to obtain ransoms. “Ransomware is now a lucrative business for hackers. Since the beginning of 2020, the number of organizations affected by ransomware has increased by 120%.” According to a recent report by cybersecurity firm Sophos, the average cost of recovering from a ransomware attack also appears to have doubled. Software company Chainalysis determined that $350 million was spent on ransomware ransoms in 2020. But it can be difficult to know the full scale of the attacks and the amount of ransom paid, because many the company did not report them in the first place. CNA Financial Corporation, one of the largest insurance companies in the US, paid $40 million in ransom last March, which was revealed only two months later. Law enforcement agencies advise businesses hit by ransomware not to pay the ransom, and say it will encourage hackers to continue demanding increasingly high amounts. However, not every company has the technological capabilities to deal with a group of hackers as sophisticated as Apple.

Appropriate measures should be taken to limit the risk from ransomware. Illustration. With this form of attack, hackers often use tricks to fake websites, extract data of agencies and organizations and demand ransom. Cybercriminals carry out cyberattacks according to a concise strategy that is applicable to many industries. An analysis of recent experts shows that, in 2020 alone, the amount of damage related to ransomware attacks has reached billions of dollars. More dangerously, this behavior also targets the government’s information technology systems, causing serious impact. To protect critical data from attacks, government IT systems need to ensure external layers of security, while having the added responsibility of maintaining the infrastructure if an intrusion occurs. offense. According to studies, despite the development and expansion of the scope, the attacker’s methods still have similarities. Most hackers will illegally exploit the lowest-level vulnerabilities first, through some common and easy-to-implement method. Therefore, experts recommend to prevent ransomware from this initial step through some of the following methods. 1. Secure remote access Remote access is a familiar method often used by attackers, especially through unpatched vulnerabilities of information systems. Accordingly, hackers are constantly scanning the internet, looking for ways to exploit these vulnerabilities to perform attacks. To combat vulnerability scanning, organizations should prioritize patching vulnerabilities first. Along with that, to protect the system, experts recommend that organizations identify remote access systems to their systems by looking up IP addresses. If an attack is suspected, users should block public access to remote desktop protocol services (iRemoteDesktop – RDP), a secure shell that encrypts transmission data (Secure Socket Shell – SSH) ) and file transfer protocol (File Transfer Protocol – FTP). Agencies and organizations need to ensure that systems for remote access such as firewalls, VPN gateways, and email gateways are regularly patched, perform scanning for security holes, and deploy multi-factor authentication. Multi-factor Authentication (MFA) for accounts that are authorized for remote access. Hackers take advantage of security holes to attack the network. Illustration. 2. Email security Many ransomware incidents can start with an email sent to a user. This attack method is gradually becoming popular for hackers to perform blackmail. Experts say it’s safer to prevent unsolicited emails in the first place. The email security system acts as a “fence” to protect the strange messages from the internet and private mailboxes in the intranet system. To avoid email threats, users need to make sure email messages are scanned through a filtering system, and check attachments and links for advanced threats. In addition, account holders should audit or block password-protected documents as hackers often use this method to bypass email data scanning. 3. Keep data backups safe The third most common method for ransomware is to identify the target, encrypt the data, and then completely delete the backups. In addition to the data on the network and the data being used directly, the hacker will search all backups and encrypt them, disabling the data to increase the possibility of ransom from the victim. The victim then has a high probability of paying to buy back these encrypted data. Therefore, individuals, agencies and organizations should have backup plans to ensure the safety of all data. 4. Implement a 3-2-1 . Backup Strategy Without the right protections, backups, and archiving, concurrent copies on the same network are vulnerable to hackers. To avoid network-wide attacks, experts have come up with a safe backup measure for users’ data systems. For all important files, users should store 3 copies, including 1 primary backup for daily use and 2 backup copies. In it, the files will be saved on 2 different media environments to reduce the possibility of mass attacks. These copies must be in place so that data can be accessed and restored easily and quickly in the event of a failure. At the same time, users should save 1 copy outside the work network or home network, in case of force majeure situations due to natural disasters, unexpected disasters.

“This group leaves cash in specific places – behind a bush or under a bus seat – for criminals to get. They send specific location instructions. This is a whole new profession.” Financial Times quoted Dr. Tom Robinson, founder of Elliptic organization specializing in analyzing cryptocurrency transactions. The dark web site Hydra (Russian) offers a variety of methods for criminals to exchange cryptocurrency for cash, for example exchanging Bitcoins for gift certificates, debit cards or iTunes vouchers. Special software is required to access the Hydra dark web. Photo: ZDNet. Anonymous but still leaving traces According to experts, the ability to store cryptocurrency without providing an identity makes this currency especially attractive to many criminal gangs, especially hackers specializing in breaking into networks of businesses. and demand ransom. Statistics from research firm Chainalysis show that in 2020, businesses and organizations paid at least $350 million in cryptocurrency ransoms to a number of hacker groups, including DarkSide, the group that attacked the pipeline system. Colonial Pipeline earlier this month. But while anonymous, cryptocurrency transactions are recorded on an immutable blockchain system, leaving a clear trail for anyone with any knowledge of the technology. A number of investigative firms have been established to assist national authorities in tracking various criminal gangs by analyzing the flow of cryptocurrency transactions. Chainalysis (headquartered in New York, USA) is one such company. Binance cryptocurrency exchange. In 2011-2019, cryptocurrency exchanges supported the conversion to cash of about 60-80% of Bitcoin transactions by criminal groups. Photo: Binance. Chainalysis raised $100 million in its initial public offering, reaching a valuation of over $2 billion. There are also Elliptic (headquartered in London, UK) and CipherTrace, a company supported by the US government. Chainalysis said that in 2020, some illegal organizations receive about 5 billion USD and transfer 5 billion USD to other organizations. This represents almost 1% of all global crypto flows. Initially, the criminals only withdrew funds through major cryptocurrency exchanges. Elliptic estimates that between 2011 and 2019, cryptocurrency exchanges supported the conversion of about 60-80% of Bitcoin transactions by illegal organizations into cash. Take advantage of crypto ATMs Since last year, exchanges have been concerned about the tightening of regulations by many governments, so they have begun to apply anti-money laundering (AML) and customer identity verification (KYC) processes. This change pushes criminals to unlicensed exchanges. Still, expert Michael Phillips of online insurance company Resilience said that unlicensed exchanges have low liquidity, making it difficult for criminals to convert crypto to fiat. “The goal is to make it more expensive for criminals to convert money,” he explained. However, criminals still have a way around. Research by Chainalysis shows that some intermediaries are quietly assisting gangs in conducting many illegal money conversion transactions. Meanwhile, small-scale transactions still flow through more than 11,600 crypto ATMs worldwide without any control, or through gambling sites that accept crypto payments. Criminals can use crypto ATMs to get cash. Photo: EPA. Faced with that situation, crypto security companies use the technology of analyzing blockchain transactions and intelligence to determine which crypto wallets belong to criminal gangs. At the same time, they provide an overview of the global crypto crime ecosystem. As a result, companies discovered that many hacker groups lease ransomware to criminal networks. Kimberly Grauer, director of research at Chainalysis, said hackers also pay support services to other criminal groups in cryptocurrency. Thus, a criminal cryptocurrency ecosystem has been formed on a global scale. “We were able to see the ransom transactions, how the gangs split the money and how that money went to groups in the system,” Grauer said. The tricks are getting more and more sophisticated However, cybercriminals are increasingly using a variety of high-tech tools to obscure the traces of cryptocurrency transactions. Some criminals use “chain-hopping” – repeatedly switching between different cryptocurrencies – to avoid the eyes of security companies. In addition, they use a “privacy cryptocurrency” like Monero, which has a high degree of anonymity. Another tool commonly used by criminals is a “mixer,” a third-party service that mixes illegal cryptocurrencies with clean money, before pushing them back onto the market. In April, the US Department of Justice arrested a Swedish citizen of Russian origin, who specialized in operating a “mixing” service called Bitcoin Fog. During the past 10 years, this guy has transferred a total of 335 million USD in Bitcoin. Governments need to modernize confiscation and asset freezing processes to make it easier to confiscate cryptocurrencies from exchanges. Tom Kellerman, director of cybersecurity strategy at VMware V “It is possible to untangle mixed cryptocurrencies. However, that requires high technology and a lot of processing and data power,” said Katherine Kirkpatrick, director of law firm King & Spalding. According to Elliptic, the popular 2020 coin mixers are highly anonymous “personal wallets”. They supported 12% of Bitcoin wash transactions last year. Tom Kellerman, director of cybersecurity strategy at VMware and a member of the US Secret Service’s advisory board, said that governments need to modernize the process of confiscating and freezing assets for law enforcement. easily confiscate cryptocurrencies from exchanges. In the past, blockchain security experts have floated the idea of ​​sharing a “blacklist” of crypto wallets used by criminals with exchanges, analytics firms, and governments. “Now is the right time to consider that initiative.” he Kemba Walden of Microsoft’s Digital Crimes Unit.

The form of attack and distribution of malware via email is quite common. Photo: Yahoo Recently, Microsoft’s security research team discovered a new attack via email. When the victim downloads and opens the attached PDF files, the Trojan will access the device and steal login information, passwords, etc. In addition, the malware also takes control of the system and disguises itself as fake ransomware. “Version 1.5 of the malware has quite a few changes compared to the previous version, but their functionality remains largely the same, including collecting browser passwords, running remote commands and PowerShell, remembering operations. keyboard operation… and some other features”. Malicious PDF file attached to email. Photo: Microsoft According to the report of Threatpost , malware is being distributed by attackers by email, users can identify their signs through messages like “Outgoing Payments”, “Accounts Payable Department” … Microsoft said that Microsoft 365 Defender software can detect and prevent malware from attacking computers based on machine learning.

Ransomware is a type of malware that encrypts the victim’s data. Cybercriminals using ransomware also often steal data. The hackers then demanded a payment to unlock the files and promised not to leak the stolen data. In recent years, hackers have targeted victims with cyber insurance policies, and large volumes of sensitive consumer data make them more likely to pay ransoms, according to cybersecurity experts. According to the unnamed source, CNA paid the hackers about two weeks after a bunch of company data was stolen and CNA officials were locked out of its own network. CNA does not comment on the ransom, with a CNA spokesperson saying CNA followed all laws, regulations and guidelines, including OFAC’s 2020 ransomware guide, in handling the matter. CAN also shares attack intelligence and hackers’ identities with the FBI and the Treasury Department’s Office of Foreign Assets Control because facilitating ransom payments to hackers can cause punishment risk. The largest ransom amount Ransomware attacks – and payments in particular – are rarely disclosed so it’s difficult to know what the largest ransom is. The $40 million payout is larger than any previously disclosed payments to hackers. The hackers attacking CNA used malware called Phoenix Locker, a variant of ransomware called ‘Hades.’ According to cybersecurity experts, Hades was created by a Russian cybercrime organization called Evil Corp. Evil Corp. was sanctioned by the United States in 2019. However, identifying attacks can be difficult because hacking groups can share code or sell malware to each other. CNA, which provides cyber insurance, said its investigation concluded that the Phoenix hacker group was not on the US sanctions list. The disclosure of the payment is likely to draw outrage from lawmakers and regulators who are unhappy that US companies are paying large sums of money to criminal hackers who over the past year have targeted hospitals, drug manufacturers, police forces and other entities critical to public safety. The FBI discourages organizations from paying ransoms because it encourages additional attacks and does not guarantee data will be returned. Last year was a standout year for ransomware groups, with a task force made up of security experts and law enforcement agencies estimating that victims paid around $350 million in ransom last year, up 311% compared to 2019. The Task Force suggested 48 actions the Biden administration and the private sector could take to mitigate such attacks, including better regulation of money markets. digital currency used to make ransom payments. The report, prepared by the Institute for Security and Technology, was delivered to the White House days before the Colonial Pipeline Company was compromised in a ransomware attack that resulted in fuel shortages and long lines at stores. gas stations along the US East Coast Bloomberg reported that Colonial paid hackers nearly $5 million shortly after the attack. Colonial CEO Joseph Blount, in an interview with the Wall Street Journal published Wednesday, confirmed that the company paid the hackers – $4.4 million in ransom. According to two people familiar with the CNA attack, the company initially ignored the hacker’s request and attempted to recover the data without negotiating with the criminals. But within a week, the company decided to start negotiating with the hackers, who were demanding $60 million. Residents said the payment was made a week later. According to Barry Hensley, chief intelligence officer at cybersecurity firm Secureworks Corp. then the Phoenix Locker seems to be a variation of Hades based on the overlap of the code used in each. He said they have not yet identified which hackers used the Hades variant to attack CNA. Cybersecurity firm CrowdStrike Holdings Inc believes Hades was created by Evil Corp. to bypass US sanctions against the hacking group. In December 2019, the Treasury Department announced sanctions against 17 individuals and six entities associated with Evil Corp. At the time, the Treasury Department said Evil Corp used malware “to infect computers and collect login information from hundreds of banks and financial institutions in more than 40 countries, causing more than 100 million dollars of theft. “It is illegal for any U.S. company to knowingly pay a ransom to Evil Corp. According to Melissa Hathaway, President of Hathaway Global Strategies and a former cybersecurity adviser to Presidents George W. Bush and Barack Obama, demand for ransomware has grown exponentially over the past six months. Hathaway said the average hacker’s ransom demand is between $50 million and $70 million. Those claims are often negotiable, and companies often pay ransoms in the tens of millions of dollars, in part because cyber insurance policies cover some or all of the costs. Hathaway estimates that the average payout is between $10 and $15 million. Ngoc Linh – According to Insurance Journal

Illustration. https://tinhtexaydung.petrotimes.vn According to GasBuddy, about 30% of all retail gas stations in North Carolina, South Carolina and George are out of gas. Virginia and Tennessee are also experiencing significant blackouts. Colonial Pipeline’s main pipeline transporting gasoline and diesel to the US East Coast has been shut down, following a ransomware attack earlier this month. More than a thousand fuel stations in the Southeast have run out of petrol and diesel due to panic buying and pipeline closures. Even people in Texas, in the Rio Grande Valley, are flocking to gas stations to fill up with fuel, when news of gas stations running out of fuel. Colonial Pipeline paid almost $5 million in ransom in the form of a cryptocurrency to the hackers. But 2 weeks after shutting down, some gas stations are still shutting down. In Georgia, according to AAA data, the average price of a gallon of regular retail gasoline was $2,944 as of May 20, up from $2,708 a month before the pipeline failure. In North Carolina, the average price for gasoline is $2,929 per gallon, compared with $2,627 a month ago. According to Reuters, U.S. gasoline consumption is nearing pre-pandemic levels and is now down just 4% in the four weeks since May 14 from the five-year pre-pandemic average. https://tinhtexaydung.petrotimes.vn

A Colonia Pipeline fuel station. Photo: Getty Images The US Department of Transportation’s guidance notice emphasizes that this decision is in response to emergency conditions, stemming from the need for immediate transportation of fuel items, to relieve problems related to supply scarcity. Colonial Pipeline on May 9 also said that many of the company’s main operating pipelines are still closed, but some small lines connecting the supply station and distribution point have returned to normal operation. On May 7, Colonial Pipeline was hacked with ransomware, a type of code that locks systems by encrypting data and demands a ransom to restore access. The attack caused Colonia Pipeline to shut down the entire pipeline network. Colonial Pipeline transports gasoline, diesel, jet fuel and other refined products from the Gulf of Texas to the densely populated East Coast of the United States through an 8,850-kilometer pipeline, serving 50 million customers. In areas affected by supply disruptions, fuel demand increased by 4% on May 8, prices also increased by more than 4.2%. The attack caused concern among US consumers about the scarcity of gasoline supplies if the problem is not fixed in time.

The attack was one of the most disruptive digital ransom schemes reported, prompting US lawmakers to call for increased protection of America’s critical energy infrastructure from hackers. Commerce Secretary Gina Raimondo said pipeline repairs were a priority for the Biden administration and Washington was working to avoid more severe fuel supply disruptions by helping Colonial restart the road network. The tube is more than 5,500 miles (8,850 km) long. “Right now it’s an all-in-one effort,” Raimondo said on CBS’s “Face the Nation.” “We are working closely with company, state and local officials to ensure they return to normal operations as quickly as possible and without disruption to supplies,” Colonial said. The pipeline network was attacked – Photo: Reuters Their main fuel lines are still offline, but some of the smaller routes between the terminals and delivery points are now up and running. Neither Raimondo nor the company has given an estimate of a full reboot date. U.S. gasoline futures rose more than 3% to $2,217 a gallon, the highest since May 2018 as trading opened for the week and market participants reacted to pipeline closures. Colonial ships about 2.5 million barrels per day of gasoline and other fuels from refineries on the Gulf Coast to consumers. Its extensive pipeline network serves major US airports including Atlanta’s Hartsfield Jackson Airport, the world’s busiest airport by passenger traffic. A spokeswoman for Charlotte Douglas International Airport said the airport had supplies on hand and was “monitoring the situation closely”. Retail fuel experts including the American Automobile Association say outages lasting several days could have a significant impact on fuel supplies in the region, particularly in the southeastern US. Colonial Pipeline’s fuel tanks – Photo: Reuters While the US government investigation is in its early stages, a former official and three industry sources said the suspected hackers were a professional cybercrime group called DarkSide. DarkSide is one of many gangs that often use malware to extort victims. These groups gain access to private networks, encrypt files with software, and often steal data. They ask for money to decrypt the files and ask for more money to not publish the stolen content. During the Colonial attack, the hackers stole more than 100 gigabytes of data.

Colonial Pipeline had to shut down the entire network after a cyber attack. Photo: wsj.com The administration of President Joe Biden said it was making every effort to restore the company’s operations and avoid disruption to supply. Experts say gas prices will not be affected if the company resumes normal operations in the next few days. However, this cyberattack, rated as the worst ever for the US infrastructure system, should be a warning bell for other companies about the risk they will become the next target of similar attacks. According to Colonial Pipeline, the company’s pipeline carries gasoline and other fuels from Texas to the Northeast, providing nearly 45 percent of the fuel for the East Coast of the United States. Although Colonial Pipeline has not revealed who is responsible for the cyber attack, an unnamed person on the team investigating the incident confirmed that the culprit was a hacker group nicknamed Darkside. This group has been spreading ransomware since August 2020 and is classified as one of the most attackable groups. Over the past 3 years, Darkside has become more and more professional and has caused Western countries tens of billions of dollars in losses. Ransomware attacks are malicious code designed to lock down computer systems using encrypted data and demand a ransom to restore access. US Commerce Secretary Gina Raimondo on May 9 warned US businesses to be wary of ransomware attacks. The female minister affirmed that she would work closely with the Department of Homeland Security to handle the issue, considering this a top priority of the government. Reuters news agency, citing a notice from the White House, said the administration was working to help Colonial Pipeline company resume operations to avoid supply disruptions. According to sources, before activating ransomware, hackers often steal data, which is used to blackmail businesses or distort the truth. Sometimes stolen data is more valuable to hackers than the benefit they get by disrupting business operations. Security experts say the attack is a warning to operators and managers of essential infrastructure in the US such as electricity, water, energy and transportation facilities that have long been built. do not update the method to ensure security against the risk of being attacked. Mr. David Kennedy, a senior security consultant and founder of the security consulting firm TrustedSec, admitted that ransomware attacks have spiraled out of control in the US and are currently under development. is one of the greatest threats facing the United States. However, most American companies lack the ability to prepare for such threats.

According to the Vice , DarkSide’s message does not directly refer to the Colonial Pipeline attack, but is titled “Regarding the Latest News”. The group said its actions were unrelated to politics. The cyber attack on May 7 caused the Colonial Pipeline’s fuel pipeline system to stop working. Photo: Bloomberg. “We are a non-political group, not involved in geopolitics. Don’t tie us to a government or look for other motives… Our aim is to make money, not to cause problems for society,” a DarkSide representative wrote on a website belonging to the dark web. According to the Washington Post , some US officials believe that DarkSide is the hacker group behind the Colonial Pipeline attack. Also in the new statement, DarkSide said it will change the way it works and selects targets. “From today, we will examine and analyze each company that partners want to encrypt to avoid social consequences,” the group wrote. On May 7, Colonial Pipeline announced that it had to disconnect some systems after discovering it was “a victim of a cyber attack”. According to the Business Insider , this move caused more than 8,046 km of fuel pipes and some computer systems of Colonial Pipeline to stop working. In an updated statement on May 8, the company representative confirmed that the software used for the attack was in the form of ransomware, which encrypts files in the system and requires victims to pay if they want to get it. again. The company hired a cybersecurity firm to investigate the severity of the attack. The DarkSide hacker group spoke out after the alleged implementation of a cyber attack against the Colonial Pipeline. Photo: Motherboard. According to information on its website, Colonial Pipeline transports about 45% of all fuel consumed on the East Coast of the United States. On May 9, the company said that while the main pipelines are still closed, some smaller pipelines have been reactivated. In response to the incident, the US Department of Transportation has declared a state of emergency in 17 states and Washington to lift restrictions on carriers and drivers assisting in fuel shortages. The declaration of emergency will be in effect until the end of the state of affairs, or until 23:59 on June 8 (local time). After the Colonial Pipeline incident, gasoline prices in the US increased more than 3% to $2,217 per gallon – the highest price since May 2018. Experts warn that the price of gas raw materials may increase further if Colonial Pipeline does not reopen the pipeline in the next few days. How did the FBI hack the suspect’s iPhone? Cellebrite has invented a phone-cracking technology that makes it easier for the FBI to investigate.

Colonial Pipeline’s Dorsey hub in Maryland, USA. Photo: Reuters The difficulty in fuel supply has raised concerns that gasoline prices at pumping stations will escalate during the peak summer travel season. Colonial Pipeline said the company is trying to resume operations this weekend after its fuel pipeline system was paralyzed since May 7 after being hit by a cyber attack. The shutdown of the Colonial Pipeline’s fuel pipeline system shut down nearly half of the US East Coast’s fuel supply. The US Energy Administration on May 10 called for mandatory cybersecurity standards for fuel pipeline operators and operators. “Incentivizing the voluntary application of standards to pipelines is inadequate,” said US Federal Energy Regulatory Commission Chairman Richard Glick. The US Federal Bureau of Investigation (FBI) has accused a cybercriminal group called “DarkSide” of causing a ransomware attack on Colonial Pipeline. Reuters news agency quoted cybersecurity experts as saying that DarkSide is based in Russia or Eastern Europe, so the gang usually avoids targeting computers that use the languages ​​of the former Soviet republics. However, US President Joe Biden on May 10 expressed he did not believe that the Russian government was behind the cyber attack on the Colonial Pipeline. “So far there is no evidence based on our intelligence that Russia is involved,” Biden said. A statement titled DarkSide group on May 10 stated: “Our goal is to make money and not create problems for society.” Ransomware attack is a type of malware designed to disable computers by encrypting data and blackmailing victims if they want to regain system access. It is not clear what price the hackers offered for Colonial Pipeline, and the company has not commented on the matter. Fuel demand in the southeastern United States has increased sharply in recent days as consumers fear fuel shortages. The Southeastern region of the United States has long depended mainly on the supply of fuel flowing through the Colonial Pipeline’s pipeline system. The average national gasoline price rose 6 cents to $2.96 a gallon last week, the highest since May 2018 and close to a peak set in 2014, the American Automobile Association said. also warned of speculation about fuel hoarding as the supply continued to decrease. Katina Willey, a resident of Florida on May 10, said she had to go to 5 gas stations to buy gas. “Consumers have to wait in long lines at three of the five gas stations I go to,” added Katina Willey. Many other car owners said they were also looking to refill their gas tanks out of fear that the fuel situation could worsen. If the Colonial Pipeline’s pipeline disruptions continue, fuel suppliers may be able to force fuel transportation by trucks and trains to partially ease the fuel shortage. The US Department of Transportation on May 9 lifted travel restrictions for fuel truck drivers in 17 states affected by supply disruptions.

Illustration. The breach at Alpharetta, Georgia-based Colonial Pipeline is the latest in a series of cybersecurity incidents confronting the administration of President Joe Biden – as well as a striking reminder that many companies Operators of the nation’s most basic infrastructure, from dams to power plants, are still unprepared to deal with the threats posed by toxic numbers. Here’s a summary of how a criminal gang managed to get into Colonial’s systems and why the tool they use – ransomware – is such a persistent threat. How can a hacker shut down a pipeline? On May 7, Colonial Pipeline said it learned that hackers had infected their computer networks with ransomware, malicious code used to take control of computers and extract payments from victims. The breach affected Colonial’s business network, which it uses for tasks like payroll management and data reporting to regulators. Colonial disabled those systems, but it also turned off the much more sensitive technology running its pipeline operations — a precaution meant to prevent hackers from accessing it if they hadn’t already. These systems monitor air flow for impurities and leaks, control power levels, and perform other automated tasks to keep pipelines running smoothly. What exactly was closed? Colonial shut down its entire main pipeline, more than 5,500 miles long from Houston, Texas, to Linden, New Jersey. The pipeline transports 45% of gasoline, jet fuel and diesel to the US East Coast, according to the company. The short-lived outage sent wholesale gas prices up on financial markets in the affected region, but that rally cooled slightly during trading on May 10. And while some gasoline retailers may try to add a few cents a gallon to the price at the pump, there have been no reports of shortages at suppliers serving those retail points. Market analysts say the pipeline shutdown will need to last through at least the middle of the week to start affecting supply in some parts of the Southeast, and Houston’s refineries won’t start. reduce production unless Colonial shuts down until next week. Overall, the US is stockpiling 235 million barrels of gasoline, enough to supply the whole country for nearly a month. However, retail gasoline prices have risen steadily in recent weeks and any anxiety could accelerate gains as the country approaches Memorial Day weekend, which the industry considers is the beginning of the “summer driving season” in high demand. How bad could this be? It depends on whether the outage turns into a protracted crisis for Colonial’s customers, which include busy airports and US military bases. Some customers can buy fuel from foreign suppliers, but they will face more financial pressure as Colonial’s pipeline network remains offline. Colonial said on May 10 that it has begun reactivating segments of the pipeline and anticipates “significantly restoring operational service by the end of the week”. However, they did not explain what “basically” means and did provide some other details about the attack investigation. What is Ransomware? Ransomware is software that hackers deploy to lock down victims’ data so they can’t access or use it – in the worst case scenario, essentially shutting down an entire company or government office. The hacker then demands a ransom in exchange for providing a digital key to unlock the files. Over the past few years, ransomware has grown from an occasional nuisance to a ubiquitous threat. Victims include the hospital system, the school district and the DC police department, as well as many small businesses. According to the FBI report, ransomware attacks increased by 37% from 2018-2019 and 20% from 2019-2020. According to one report, the pandemic has led to a significant increase in ransomware, with the number of attacks Attacks more than doubled year-on-year, with a particularly large increase in the healthcare sector. The Department of Justice recently launched a task force to explore new solutions to the problem. But in the meantime, the problem continues to get worse as criminal motives grow. Why aren’t pipelines and power plants better protected against ransomware? The private companies that operate much of America’s critical infrastructure — power plants, dams, natural gas pipelines, and other critical facilities — often neglect to implement safety protocols. government-recommended cybersecurity. While protecting against foreign government hackers sometimes requires complex technology that small critical infrastructure operators cannot afford, protecting against ransomware is are not. Use strong passwords, train employees not to click on suspicious links, and require employees to use multi-factor authentication – which involves entering a randomly generated number after entering one’s password – can prevent all but the most advanced types of hacks, including ransomware. Despite years of warnings from government officials and cybersecurity experts, most companies outside of the highly regulated financial sector have not taken many of these steps. And even organizations that try to take cybersecurity seriously can be covered by small holes. A long-neglected office worker or old computer in a closet is often the weak link that opens an organization’s doors to hackers. With so many companies leaving themselves with easy targets, many cybercriminals have started using ransomware to make money. By choosing victims they know there can be no downtime, these criminals virtually guarantee themselves an easy profit. Additionally, many ransomware operators have begun exploiting a secondary source of profit: reselling stolen data on the dark web, where sensitive personal information can fetch huge sums. Between victims and hackers is a burgeoning crypto ecosystem, consisting of unscrupulous payment facilitators ready to handle ransom transactions and rock wall law enforcement. How often do victims pay the ransom? The US government discourages ransomware victims from paying attackers to regain access to their data. While some ransomware operators honor their agreements and unlock victims’ files to foster trust and increase their chances of receiving a future ransom, many of these criminals simply take the money and disappear. Paying the ransom also encourages cybercriminals to continue their attacks. Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said: “We recognize that victims of cyberattacks often face very difficult situations and they must balance the cost-benefit when there is no other option about paying the ransom,” – told reporters on May 10 In the US, it is not illegal to pay a ransom to regain access to locked data. However, it is illegal to pay ransoms to entities on the Treasury’s sanctions list, and the Treasury Department has warned companies that assist ransomware victims to conduct due diligence on hackers. before making payment arrangements. DarkSide, what is the group behind the attack? The FBI has confirmed that the Colonial Pipeline hack was the work of the DarkSide ransomware gang. This group is a relatively newcomer to the ransomware ecosystem, but they are already well known for their professionalism, patience, and large ransom demand. Security firm Cybereason wrote in a report last month: “The team has a phone number and even a help desk to facilitate negotiations with the victim, and they are putting a lot of effort into gathering information. about their victims – not just technical information about their environment, but more general information about the company itself, like the size of the organization and estimated revenue.” DarkSide is based in Russia, but so far the US has said it does not believe the hackers acted on behalf of the government of Russian President Vladimir Putin. Mr. Biden said on the afternoon of May 10: “To date, there is no evidence … from our intelligence people that Russia is involved. However, he added: “There is evidence that the actor’s ransomware is in Russia. They have some responsibility to deal with this.” Like other ransomware gangs, DarkSide operates on a so-called “ransomware-as-a-service” model, in which it provides code to less sophisticated hackers and helps them carry out attacks enter in exchange for their share of the profits. After being closely watched by the Colonial Pipeline attack, DarkSide seems to be rethinking this model. On May 10, a purported statement from the DarkSide hackers announced the group’s intention to scrutinize the partners’ planned attacks in the future to “avoid social consequences.” festival”. “Our goal is to make money, and not create problems for society.” What is the US government doing with this attack? The White House has established a working group that includes the Department of Homeland Security’s Cybersecurity and Infrastructure Agency; The Department of Transport’s Pipeline and Hazardous Materials Safety Administration; FBI; and the Departments of Energy, Treasury and Defense. These agencies are working together to prepare for various scenarios should the pipeline remain shut, including planning for shortages and higher gas prices. In addition, the Department of Transportation waives regulations that limit the driving time without rest of fuel trucks in 17 states and Washington DC. That could make it easier to deliver to customers due to Colonial’s closure.

FlexXon introduces the X-PHY SSD with AI security. Photo: Flexxon Flexxon is a security company based in Singapore, specializing in the design, manufacture and retail of industrial NAND flash memory and storage devices. Flexxon also offers leading memory solutions ensuring the highest level of data security. A new product from Flexxon has been introduced as the world’s first AI solid state drive. New technology to protect data at the hardware level, SSD can protect from both remote and physical attacks. A wide range of features include temperature sensors to detect abnormal movements, detecting traditional threats like malware and viruses or tampering with drives or ransomware. However, Flexxon did not elaborate on the work of this intelligent protection mechanism but when something goes wrong, the X-PHY SSD will send an alert to the user by email and lock itself to prevent actions. vi is believed to affect the system. The user can then unlock the device through the dynamic authentication process. For customers with high security needs, data can be automatically deleted if the device falls into the wrong hands. It is very difficult to send emails about the status of the SSD when the PC is turned off and the operating system is not running, it is not clear how the X-PHY SSD will do this. The devices are manufactured in M.2 2280 and U.2 format and PCIe 3.0 x 4 (NVME 1.3) interface is used for connection. This series includes 512 GB and 1 TB capacities. This device is expected to be ordered and delivered to corporate customers in September this year, and by 2022 it can be mass produced for all customers.

The Colonia company had to shut down the fuel pipeline after a cyber attack. Photo: AP. Leading American fuel pipeline company Colonial shut down its entire network that supplies nearly half of the fuel to the US East Coast, following a May 8 ransomware ransomware attack. Every day, the Colonial company ships 2.5 million barrels of gasoline, diesel, jet fuel and other products through a 850-kilometer pipeline connecting the eastern and southern coasts of the United States. The company has shut down systems to stop the threat after learning about the attack. According to sources, hackers are most likely a highly professional cybercrime group. And the malware used in the attack is ransomware. Ransomware is a type of malware designed to lock systems by encrypting data and taps money to regain access. This malware has become popular in the past 5 years. The Colonial Company has invited a third-party cybersecurity company to conduct an investigation and contacted law enforcement and other federal agencies to initiate an investigation. Colonial provided no further details or said how long their fuel lines would be closed. “Cyber ​​vulnerabilities have become a systemic issue,” said Ms. Algirde Pipikaite, Head of Network Strategies at the World Economic Forum’s Cyber ​​Security Center. Without measures to protect cybersecurity, attacks are occurring more often on industrial systems such as oil and gas pipelines or water treatment plants. In 2017, Colonial shut down its gas distillation and production lines during Hurricane Harvey that hit the Gulf Coast. That contributes to tight supply and price increases in gasoline in the US.

Colonial Pipeline America’s largest fuel pipeline system was attacked by network, has not yet assessed the damage. (Source: Freightwaves) To deal with the incident, the company had to close the entire network. Colonial Pipeline said the attack “suspended all pipeline operations and affected some of our IT systems”. Sources in cybersecurity revealed that the malware used in the Colonial Pipeline attack was ransomware – a type of malware designed to block systems with how to encrypt data and request a ransom payment to restore access. The Colonial transports gasoline, diesel, jet fuel and other refined products from the Gulf of Texas to the populous US East Coast via a 8,850 km pipeline, serving 50 million customers. Oil analyst Andy Lipow said that the impact of the attack on supply and fuel prices will depend on how long the pipeline is down. If the line stops working for a day or two, the impact will be minor. However, if the pipeline is forced to shut down for 5 or 6, shortages or price increases will occur, especially in the area stretching from Alabama to Washington DC. (According to AFP, Reuters)

Quanta is headquartered in Taiwan (China), is the main MacBook manufacturing partner for Apple. The company is also a partner of HP, Facebook, and Alphabet (the parent company of Google). Accordingly, when the event just ended, REvil posted an article containing 15 pictures detailing a device that is supposed to be a MacBook designed in March 2021. Images include the part number, specific sizes and capacities, detailing many of the parts that work inside the Apple laptop. One of the images signed by designer John Andreadis. REvil has asked Apple to pay a ransom of $ 50 million by May 1. Previously, this group posted information on “Happy Blog” – where hackers announced their “victory”. REvil is said to have made an agreement with Quanta before but did not get the victim’s consent, then the new hacker group released the records on the day of the Apple event. Quanta, for its part, admitted the company had suffered a hacker attack but did not detail whether any data was stolen. The Apple partner also reported to law enforcement about the day-to-day attack and said it had immediately activated an information security defense system, upgraded its infrastructure to protect data. Whether. Apple representatives have not released any official comment on the incident. according to Bloomberg

Although Indonesia still ranks 5th globally in the number of ransomware attacks detected, it has dropped from 1,158,837 cases in 2019 to 439,473 cases in 2020. This downtrend also also appeared in other countries in the region including Vietnam, the Philippines, Malaysia and Thailand. China remains at the top of the list for the number of ransomware cases globally in both 2019 and 2020. Meanwhile, Brazil and Russia have swapped the 2nd and 3rd place in the rankings, with Brazil currently ranked 2nd by 2020. “When I look at the statistics for individual ransomware groups, I find that this trend is in line with an overall drop in the number of detected cases,” said Fedor Sinitsyn, security researcher at Kaspersky. This is mainly due to the decrease in the number of cases involving WannaCry. This group makes up a significant portion of all the ransomware discovered to date, although for more than three years these have not been supported by the “originator” and exist only as one. “zombie” “. One of the most persistent cyber threats facing small and medium businesses in the region is still ransomware, malicious code designed to infect the computers of organizations and individuals, and encrypting data. Data inside and block access to the computer. The attackers will then request a fee from the victim in exchange for re-activation of the system. Ransomware attacks may be on the decline, but Kaspersky has been warning businesses of all sizes in every sector about the increasing activity of Ransomware 2.0, also known as ransomware. have purpose. Mr. Yeo Siang Tiong, General Manager of Kaspersky Southeast Asia commented: “We should not be optimistic that the number of detected ransomware cases has decreased. Since last year, we have noticed a number of changes to this threat. The ransomware teams are now more concerned with quality than quantity. This means that instead of randomly and passively waiting for an unsafe user to bite, the attackers are now actively hunting for victims ”.

According to The Record, the hacker gang got this information after a data attack Quanta Computer, one of Apple’s main MacBook manufacturing partners. Several internal technical design drawings for Apple devices such as the MacBook and Apple Watch have been announced by REvil. (Photo: CryptoInsane) The hacker gang behind the ransomware REvil claims to have in-house technical blueprints for Apple devices like the MacBook and Apple Watch, which Quanta Computer uses to assemble products. The hacker group asked Quanta Computer to pay 50 million USD to keep the data confidential. However, due to the unsuccessful agreement, the hacker group asked Apple to pay this ransom. The technical drawings of the MacBook Air and MacBook Pro revealed by the hacker group. (Photo: CryptoInsane) (Photo: CryptoInsane) To prove it, the hacker group has posted a few screenshots showing technical drawings of the MacBook Air and MacBook Pro and included with the liquidity request before May 1. If Apple doesn’t respond, they’ll reveal more data after each day of transaction delay. According to Estrategia & Negocios, on the REvil website (where the gang publishes stolen data to threaten companies to comply with ransom demands), the hacker group said: “To not have to wait for these Apple’s next presentation, we, the REvil team, will make information about the company’s next upcoming products available to many. Tim Cook can thank Quanta. On our side, we have shown goodwill. Quanta has made it clear to us that they are not interested in customer and employee data, giving permission to publish and sell all the data we have. ” MacBook Pro 2021 image revealed by hacker group. (Photo: 9to5Mac) (Photo: CryptoInsane) 9to5Mac said that in some leaked images there are technical information of two unreleased MacBook Pro models, codenamed J314 and J316. Products equipped with Apple Silicon chip, MagSafe charging port, HDMI and SD card slot. These information are true to what analyst Ming-Chi Kuo revealed in January. According to Bloomberg, the codename J316 is the 16-inch MacBook Pro, while the J314 is the 14-inch version. In the image also appears codenamed J374 and J375, which are said to be the Mac mini with the new M1X processor chip. (Photo: CryptoInsane) The hacker gang also said that they are “negotiating to sell a large amount of confidential drawings, GB of personal data with some major brands”. This means, Apple is likely not the only data attack victim. At the moment, representatives from Apple and Quanta Computer said they are reviewing the matter.

In particular, the number of attacks on Vietnamese enterprises fell sharply, from 536.6 thousand cases in 2019, to 204.7 thousand cases in 2020. This pulled Vietnam’s ranking to 11 worldwide. , improved from the 7th place in 2019. In Southeast Asia, Singapore remains the country with the least number of detected attacks, ranking 78 globally. However, out of six Southeast Asian countries, Singapore is the only one experiencing an increase in the number of ransomware infection attempts. Number of detected cases increased from 2,275 in 2019 to 3,191 in 2020. Number of attacks on SMEs detected by Kaspersky in Southeast Asian countries. Although Indonesia still ranks 5th globally in terms of the number of ransomware incidents detected, the country has dropped from 1,158,837 cases in 2019 to 439,473 cases in 2020. This downtrend also coincides with export. currently in other countries in the region including the Philippines, Malaysia and Thailand. China remains at the top of the list for the number of ransomware cases globally in both 2019 and 2020. Meanwhile, Brazil and Russia have swapped the 2nd and 3rd place in the rankings, with Brazil currently ranked 2nd by 2020. Ransomware is designed to infect organizations and individuals’ computers, encrypt the internal data and block access to the computer. The attackers will then request a fee from the victim in exchange for re-activation of the system. Ransomware attacks may be on the decline, but Kaspersky has been warning businesses of all sizes in every sector about the growing activity of ‘Ransomware 2.0’, also known as software. targeted extortion. In the new method, the criminals do not ask for ransom to unlock the data, they threaten to publicly disclose the data they hold, adding pressure to the victims to pay the ransom to protect their reputation. .

The defendant in the criminal case is Ms. Ngo Thi Thanh (born in 1988, living in Chau Thanh district, Tay Ninh), the defendant is Luong Quyet Tuan (born in 1986, living in Ea H’leo district, Dak Lak). The judgment as the inevitable outcome of a married woman but still has a habit of negligence. Thanh inherently has a pretty, tall appearance, easily captivates the opposite sex by his swinging talk mixed with a sweet smile.

In the maiden period, Thanh was pursued by many boys. Then she went to get married according to her parents’ matchmaking, leaving a lot of regret for young people in the village. Her husband’s house is in a commune in Chau Thanh district, Tay Ninh. Her husband is an industrious person but works as a construction worker so he often goes on a business trip. After the wedding of a year, the two had children, Thanh stayed home to take care of the children and her husband was often busy with work trips. Thanh’s relationship with her husband was only warm in the beginning, and her husband’s farewell trips made Thanh’s love for her husband soon cold.

(Illustration)

Luong Quyet Tuan is a healthy young man with easy-looking appearance. Tuan was originally from Phu Tho, but went to the Central Highlands to do business then went to Tay Ninh. Tuan had a wife’s life and had one child. After the divorce, he left and left the children to his mother’s side. In mid-2017, during a trip Tuan ran into Thanh, the two took their phone number. Through conversation, Tuan knew that Thanh was lonely, her husband was often away from home, so he actively flirted. In his desire to have a man by his side, even though he had a husband and children, Thanh fell into Tuan’s arms despite himself.

Although she knew it was a misguided love, but Thanh defied everything with strange feelings mixed with longing in a stealthy relationship. Tuan was an opportunist. When he took over Thanh’s body, he had despicable intentions. Knowing that Thanh has a family and children, if he reveals a relationship there will definitely be a problem, he secretly records hot pictures after each sex.

After a stealthy time, Thanh realized her wrong path, so around July 2018 she announced the end of her relationship with Tuan, but he disagreed. Due to not having a job, Tuan arose the intention of rape Thanh’s assets for consumption. Tuan repeatedly threatened to post photos and videos of Thanh and the guy having sex on social networks or show them to her husband and family. Tuan provided that, if Thanh did not want to post sensitive images online, he had to give him money. Fear of being discovered by her husband and family, Thanh ran everywhere, borrowing money to give Tuan to cover the truth.

Thanh repeatedly gave money to Tuan, with the total amount of 32 million VND. Specifically, for the first time, around July 2018, after Thanh announced the end of her relationship, Tuan forced her to give 5 million dong. Fearful, Thanh handed over money directly to Tuan at Mo Cong market, Mo Cong commune, Tan Bien district. The next time, Tuan gave Thanh his account number to open at Sacombank so that Thanh could transfer money for convenience. From July 13, 2018 to October 23, 2018, Tuan threatened to release the truth, so afraid that Thanh had to transfer money 10 times with the total amount of 22 million dong.

On the afternoon of November 7, 2018, Tuan repeatedly texted Thanh threatening and asking for 5 million VND or else he would send pictures and videos of two sexual relations to her husband. Thanh thought that she had given money many times and if she continued to accept the conditions, she would definitely become hostage to the vile mistress, so she decided to report to the police.

At around 9:30 am on November 8, 2018, Thanh phoned the police before bringing the money to Tuan’s request at room 16, AL inn in Tan Bien town, Tan Bien district to hand over to Tuan. Tuan was arrested by the police while receiving money from the victim. Thanh breathed a sigh of relief after the days of fearing his mistress’s threats. However, the risk of family breakdown exists when the matter is exposed to the law.

At the police station Tuan admitted all acts of extortion and rape of his property. Tuan said that due to lack of family and lack of money to spend, she should find a way to approach married women to have sex and then proceed with extortion and money. Thanh is just one of Tuan’s victims.

The day the People’s Court of Tan Bien district opened the trial of defendant Tuan on the charge of property rape, Thanh was in the same capacity as the victim, but his application was absent. At the trial, Tuan cried and confessed to the entire offense and asked the Panel to consider the lightest sentence so that he could return to society soon.

The Panel said that the defendant is a person with no job, has committed 12 times of appropriating money from Ms. Thanh. After those times, the defendant used the appropriated money as the main source of life and personal consumption, so the act of being subjected to the aggravating circumstance “Professional in nature”, criminal acts and punishment. is stipulated at Point b, Clause 2, Article 170 of the Penal Code, so it is necessary to hear the defendant with a strict sentence and separate from the social life for a while in order to have conditions for reform and education.

Finally, the Panel decided to punish defendant Tuan for 3 years in prison, compensating for the victim 10 million VND. The offender’s behavior was eventually punished by law, but the consequences of the case are still there. Thanh’s husband and his family were shocked after learning the incident. I wonder if the relationship between Thanh and her husband will still be the same, but perhaps this is a valuable lesson that her life can hardly forget.

(The character’s name has changed)