(Artwork. Source: bitcoinexchangeguide.com) Ransomware attacks have been on the rise in South Korea over the past year, paralyzing hospitals and shopping malls amid the COVID-19 pandemic leading to an increase in online shopping activities. . On June 3, a large plastic surgery hospital in the south of Seoul announced on its website that its server had been attacked with ransomware and that hackers appeared to have stolen data. patient’s personal data. This is the latest in a series of recently reported ransomware attacks – a tactic used by cybercriminals to infiltrate businesses’ systems and use their data to demand ransom. ransom. According to the South Korean Ministry of Science and Information Technology, last year there were 127 ransomware attacks, a threefold increase from the previous year. Since the beginning of this year, the country has recorded 65 attacks with ransomware. Malware attacks blackmail was aimed at various businesses in Korea. Last month, food delivery company Super Hero’s operations were paralyzed for hours after an attack that affected 15,000 delivery workers nationwide. Last November, local fashion and retail group E-Land was also “inquired” by hackers, forcing 23 of the 50 branches of the NC Department Store and NewCore Outlet to suspend operations. Mr. Kim Seung-joo, Professor of Cyber ​​Security at University Korea , commented that as companies are forced to choose to increase their reliance on remote work during the pandemic, cyber attacks malicious code Blackmail has become a bigger threat because they can paralyze the entire working system. This has led to many companies paying a ransom and has led hackers to carry out more attacks. He urged businesses to invest in cybersecurity to prevent the threat in the first place. In response to ransomware attacks in the near future, last month, the Korean Ministry of Information and Communications Technology set up a 24-hour monitoring group to support hacked companies. . The government is now providing assistance to affected companies in system recovery.

The entrance to a shopping mall in Seoul, South Korea is closed after a ransomware attack. (Source: Yonhap) On June 3, a large plastic surgery hospital in the south of Seoul announced on its website that its server had been attacked with ransomware and that hackers appeared to have stolen data. patient’s personal data. This is the latest in a series of recently reported ransomware attacks – a tactic used by cybercriminals to infiltrate businesses’ systems and use their data to demand ransom. ransom. According to the Korean Ministry of Science and Information Technology, last year there were 127 ransomware attacks, a threefold increase from the previous year. Since the beginning of this year, the country has recorded 65 attacks with ransomware. Ransomware attacks have targeted various businesses in South Korea. Last month, food delivery company Super Hero’s operations were paralyzed for hours after an attack that affected 15,000 delivery workers nationwide. Last November, local retail and fashion group E-Land was also “inquired” by hackers, forcing 23 of the 50 branches of the NC Department Store and NewCore Outlet to suspend operations. Kim Seung-joo, a professor of cybersecurity at Korea University, said that in the context of companies being forced to choose to increase their reliance on remote working during the pandemic, ransomware attacks Money has become a bigger threat because they can paralyze the whole working system. This has led to many companies paying a ransom and has led hackers to carry out more attacks. Kim Seung-joo urged businesses to invest in cybersecurity to prevent the threat in the first place. In response to ransomware attacks, last month, South Korea’s Ministry of Information and Communications Technology set up a 24-hour monitoring team to assist hacked companies. The government is now providing assistance to affected companies in system recovery. (according to Yonhap)

Appropriate measures should be taken to limit the risk from ransomware. Illustration. With this form of attack, hackers often use tricks to fake websites, extract data of agencies and organizations and demand ransom. Cybercriminals carry out cyberattacks according to a concise strategy that is applicable to many industries. An analysis of recent experts shows that, in 2020 alone, the amount of damage related to ransomware attacks has reached billions of dollars. More dangerously, this behavior also targets the government’s information technology systems, causing serious impact. To protect critical data from attacks, government IT systems need to ensure external layers of security, while having the added responsibility of maintaining the infrastructure if an intrusion occurs. offense. According to studies, despite the development and expansion of the scope, the attacker’s methods still have similarities. Most hackers will illegally exploit the lowest-level vulnerabilities first, through some common and easy-to-implement method. Therefore, experts recommend to prevent ransomware from this initial step through some of the following methods. 1. Secure remote access Remote access is a familiar method often used by attackers, especially through unpatched vulnerabilities of information systems. Accordingly, hackers are constantly scanning the internet, looking for ways to exploit these vulnerabilities to perform attacks. To combat vulnerability scanning, organizations should prioritize patching vulnerabilities first. Along with that, to protect the system, experts recommend that organizations identify remote access systems to their systems by looking up IP addresses. If an attack is suspected, users should block public access to remote desktop protocol services (iRemoteDesktop – RDP), a secure shell that encrypts transmission data (Secure Socket Shell – SSH) ) and file transfer protocol (File Transfer Protocol – FTP). Agencies and organizations need to ensure that systems for remote access such as firewalls, VPN gateways, and email gateways are regularly patched, perform scanning for security holes, and deploy multi-factor authentication. Multi-factor Authentication (MFA) for accounts that are authorized for remote access. Hackers take advantage of security holes to attack the network. Illustration. 2. Email security Many ransomware incidents can start with an email sent to a user. This attack method is gradually becoming popular for hackers to perform blackmail. Experts say it’s safer to prevent unsolicited emails in the first place. The email security system acts as a “fence” to protect the strange messages from the internet and private mailboxes in the intranet system. To avoid email threats, users need to make sure email messages are scanned through a filtering system, and check attachments and links for advanced threats. In addition, account holders should audit or block password-protected documents as hackers often use this method to bypass email data scanning. 3. Keep data backups safe The third most common method for ransomware is to identify the target, encrypt the data, and then completely delete the backups. In addition to the data on the network and the data being used directly, the hacker will search all backups and encrypt them, disabling the data to increase the possibility of ransom from the victim. The victim then has a high probability of paying to buy back these encrypted data. Therefore, individuals, agencies and organizations should have backup plans to ensure the safety of all data. 4. Implement a 3-2-1 . Backup Strategy Without the right protections, backups, and archiving, concurrent copies on the same network are vulnerable to hackers. To avoid network-wide attacks, experts have come up with a safe backup measure for users’ data systems. For all important files, users should store 3 copies, including 1 primary backup for daily use and 2 backup copies. In it, the files will be saved on 2 different media environments to reduce the possibility of mass attacks. These copies must be in place so that data can be accessed and restored easily and quickly in the event of a failure. At the same time, users should save 1 copy outside the work network or home network, in case of force majeure situations due to natural disasters, unexpected disasters.

Ransomware is a type of malware that encrypts the victim’s data. Cybercriminals using ransomware also often steal data. The hackers then demanded a payment to unlock the files and promised not to leak the stolen data. In recent years, hackers have targeted victims with cyber insurance policies, and large volumes of sensitive consumer data make them more likely to pay ransoms, according to cybersecurity experts. According to the unnamed source, CNA paid the hackers about two weeks after a bunch of company data was stolen and CNA officials were locked out of its own network. CNA does not comment on the ransom, with a CNA spokesperson saying CNA followed all laws, regulations and guidelines, including OFAC’s 2020 ransomware guide, in handling the matter. CAN also shares attack intelligence and hackers’ identities with the FBI and the Treasury Department’s Office of Foreign Assets Control because facilitating ransom payments to hackers can cause punishment risk. The largest ransom amount Ransomware attacks – and payments in particular – are rarely disclosed so it’s difficult to know what the largest ransom is. The $40 million payout is larger than any previously disclosed payments to hackers. The hackers attacking CNA used malware called Phoenix Locker, a variant of ransomware called ‘Hades.’ According to cybersecurity experts, Hades was created by a Russian cybercrime organization called Evil Corp. Evil Corp. was sanctioned by the United States in 2019. However, identifying attacks can be difficult because hacking groups can share code or sell malware to each other. CNA, which provides cyber insurance, said its investigation concluded that the Phoenix hacker group was not on the US sanctions list. The disclosure of the payment is likely to draw outrage from lawmakers and regulators who are unhappy that US companies are paying large sums of money to criminal hackers who over the past year have targeted hospitals, drug manufacturers, police forces and other entities critical to public safety. The FBI discourages organizations from paying ransoms because it encourages additional attacks and does not guarantee data will be returned. Last year was a standout year for ransomware groups, with a task force made up of security experts and law enforcement agencies estimating that victims paid around $350 million in ransom last year, up 311% compared to 2019. The Task Force suggested 48 actions the Biden administration and the private sector could take to mitigate such attacks, including better regulation of money markets. digital currency used to make ransom payments. The report, prepared by the Institute for Security and Technology, was delivered to the White House days before the Colonial Pipeline Company was compromised in a ransomware attack that resulted in fuel shortages and long lines at stores. gas stations along the US East Coast Bloomberg reported that Colonial paid hackers nearly $5 million shortly after the attack. Colonial CEO Joseph Blount, in an interview with the Wall Street Journal published Wednesday, confirmed that the company paid the hackers – $4.4 million in ransom. According to two people familiar with the CNA attack, the company initially ignored the hacker’s request and attempted to recover the data without negotiating with the criminals. But within a week, the company decided to start negotiating with the hackers, who were demanding $60 million. Residents said the payment was made a week later. According to Barry Hensley, chief intelligence officer at cybersecurity firm Secureworks Corp. then the Phoenix Locker seems to be a variation of Hades based on the overlap of the code used in each. He said they have not yet identified which hackers used the Hades variant to attack CNA. Cybersecurity firm CrowdStrike Holdings Inc believes Hades was created by Evil Corp. to bypass US sanctions against the hacking group. In December 2019, the Treasury Department announced sanctions against 17 individuals and six entities associated with Evil Corp. At the time, the Treasury Department said Evil Corp used malware “to infect computers and collect login information from hundreds of banks and financial institutions in more than 40 countries, causing more than 100 million dollars of theft. “It is illegal for any U.S. company to knowingly pay a ransom to Evil Corp. According to Melissa Hathaway, President of Hathaway Global Strategies and a former cybersecurity adviser to Presidents George W. Bush and Barack Obama, demand for ransomware has grown exponentially over the past six months. Hathaway said the average hacker’s ransom demand is between $50 million and $70 million. Those claims are often negotiable, and companies often pay ransoms in the tens of millions of dollars, in part because cyber insurance policies cover some or all of the costs. Hathaway estimates that the average payout is between $10 and $15 million. Ngoc Linh – According to Insurance Journal

This hacker organization has received ransom from many victims. This shows that data ransom attacks have become a lucrative business for cybercriminals. Bitcoin is increasingly preferred by criminal organizations Earlier this month, Colonial Pipeline suffered a severe attack that forced the company to shut down nearly all of its fuel system supplying the southeastern states of the United States. The FBI confirmed the crime was DarkSide, a cybercrime organization believed to be located in Eastern Europe. Last week, it was reported that Colonial had agreed to pay $ 5 million to DarkSide (in bitcoin) for the data recovery password. Recently, the CEO of the company confirmed this information. DarkSide operates like a business. This group develops malicious code to crack and steal the target’s data, then trains partners, the partners continue to train the hackers. When hackers use this malicious code to carry out successful missions, DarkSide will receive a percentage of those successful attacks. In March 2021, when it announced a new software that can crack data faster than before, DarkSide even released a press release and invited reporters to interview. Hackers often demand ransom in virtual currency. London-based blockchain analytics firm Elliptic has identified a bitcoin wallet that DarkSide uses to receive ransoms from victims. On May 14, London-based blockchain analytics firm Elliptic said it had identified a bitcoin wallet used by DarkSide to collect ransoms from victims. That same day, Intel 471 security researchers said DarkSide closed after losing access to its servers and when the organization’s virtual currency wallets were empty. According to Elliptic, DarkSide and other affiliates of this organization have collected at least $90 million in bitcoin ransoms, and they receive funds through 47 different digital wallets. “To our knowledge, this analysis includes all payments to DarkSide,” said Tom Robinson, Elliptic co-founder and chief scientist. However, there may be other undetected transactions, so this $90 million figure should be considered the lowest limit.” Also according to Elliptic’s research, DarkSide’s bitcoin wallet was holding $5.3 million in cryptocurrency before it was all withdrawn last week. There are some rumors that these bitcoins have been seized by the US government. Of the $90 million ransom, $15.5 million went to the developers of DarkSide and $74.7 million to affiliates. Much of that is being sent to cryptocurrency exchanges and thereby converted into fiat. Bitcoin is increasingly preferred by criminal organizations as crypto traders do not reveal their identities. However, because the digital ledger that underpins bitcoin is public, researchers can keep track of where these funds are going.

The US has opened an investigation into this cyber attack. Ransomware is a type of malware designed to lock down a system by encrypting data and demanding a ransom from the victim to regain access. Colonial Pipeline asked a cybersecurity company to coordinate with federal law enforcement agencies to investigate this cyberattack. President Joe Biden was briefed on the incident. The White House said Washington will work to help the Colonial Pipeline resume the interrupted fuel supply. This is considered the largest cyber attack on the US energy system Colonial Pipeline is providing nearly half of the fuel for the US east coast. This is considered one of the largest ransomware attacks ever recorded against US energy infrastructure. The shutdown of the largest fuel pipeline network in the United States will cause the price of this item and related products to spike. Colonial Pipeline transports 2.5 million barrels of gasoline and other fuels per day through 8,850 kilometers of pipeline connecting Gulf Coast refineries to the eastern and southern United States. The company also supplies fuel to several major US airports, including Hartsfield Jackson Airport in Atlanta, which has the world’s largest passenger traffic.

Colonial Pipeline transports 2.5 million barrels of fuel per day. Photo: Colonial Pipeline According to the BBC, the state of emergency allows fuel to be transported by road. The news agency quoted experts as saying that fuel prices could increase by 2-3% on May 10, but the real impact would be much worse if this situation continued for longer. Many sources confirm that the malicious code attack is caused by a cybercriminal gang called DarkSide, which infiltrated Colonial’s system on May 6 and stole nearly 100GB of data as a “hostage”. After taking over the data, the group of hackers locked this data on some computers and servers, demanded a ransom and warned that if they did not receive the money, they would release the data on the internet. Colonial is working with law enforcement, cybersecurity and the US Department of Energy to restore service. On the evening of May 9, the company announced that although the four main pipelines continued to stop, some smaller lines between the terminals and delivery points were still operating. “Immediately after learning of the attack, Colonial proactively shut down certain systems to stop the threat. These actions temporarily halted all pipeline operations and affected some systems. our information technology system, which we are actively working on restoring,” said Colonial. “We are in the process of restoring service to other pipelines and will bring the entire system back online when we believe it is safe and in full compliance with all federal regulations. “. The DarkSide message appears on the victim’s computer screen. DarkSide isn’t the largest cybercriminal gang in the field, but the incident demonstrates the heightened risk that malware poses to critical U.S. industrial infrastructure, not just businesses. This gang lists all types of stolen data and sends the victim the URL of the “personal leak site”, where the data is pre-loaded waiting for automatic publication, if the company or organization does not. payment before the deadline. DarkSide claims to provide proof of the data obtained, and is ready to delete all such data from the victim’s network. According to Digital Shadows, a London-based cybersecurity company that tracks global cybercrime groups to help businesses limit their risk of being hacked, DarkSide acts like a company.

The attack was one of the most disruptive digital ransom schemes reported, prompting US lawmakers to call for increased protection of America’s critical energy infrastructure from hackers. Commerce Secretary Gina Raimondo said pipeline repairs were a priority for the Biden administration and Washington was working to avoid more severe fuel supply disruptions by helping Colonial restart the road network. The tube is more than 5,500 miles (8,850 km) long. “Right now it’s an all-in-one effort,” Raimondo said on CBS’s “Face the Nation.” “We are working closely with company, state and local officials to ensure they return to normal operations as quickly as possible and without disruption to supplies,” Colonial said. The pipeline network was attacked – Photo: Reuters Their main fuel lines are still offline, but some of the smaller routes between the terminals and delivery points are now up and running. Neither Raimondo nor the company has given an estimate of a full reboot date. U.S. gasoline futures rose more than 3% to $2,217 a gallon, the highest since May 2018 as trading opened for the week and market participants reacted to pipeline closures. Colonial ships about 2.5 million barrels per day of gasoline and other fuels from refineries on the Gulf Coast to consumers. Its extensive pipeline network serves major US airports including Atlanta’s Hartsfield Jackson Airport, the world’s busiest airport by passenger traffic. A spokeswoman for Charlotte Douglas International Airport said the airport had supplies on hand and was “monitoring the situation closely”. Retail fuel experts including the American Automobile Association say outages lasting several days could have a significant impact on fuel supplies in the region, particularly in the southeastern US. Colonial Pipeline’s fuel tanks – Photo: Reuters While the US government investigation is in its early stages, a former official and three industry sources said the suspected hackers were a professional cybercrime group called DarkSide. DarkSide is one of many gangs that often use malware to extort victims. These groups gain access to private networks, encrypt files with software, and often steal data. They ask for money to decrypt the files and ask for more money to not publish the stolen content. During the Colonial attack, the hackers stole more than 100 gigabytes of data.

Colonial Pipeline had to shut down the entire network after a cyber attack. Photo: wsj.com The administration of President Joe Biden said it was making every effort to restore the company’s operations and avoid disruption to supply. Experts say gas prices will not be affected if the company resumes normal operations in the next few days. However, this cyberattack, rated as the worst ever for the US infrastructure system, should be a warning bell for other companies about the risk they will become the next target of similar attacks. According to Colonial Pipeline, the company’s pipeline carries gasoline and other fuels from Texas to the Northeast, providing nearly 45 percent of the fuel for the East Coast of the United States. Although Colonial Pipeline has not revealed who is responsible for the cyber attack, an unnamed person on the team investigating the incident confirmed that the culprit was a hacker group nicknamed Darkside. This group has been spreading ransomware since August 2020 and is classified as one of the most attackable groups. Over the past 3 years, Darkside has become more and more professional and has caused Western countries tens of billions of dollars in losses. Ransomware attacks are malicious code designed to lock down computer systems using encrypted data and demand a ransom to restore access. US Commerce Secretary Gina Raimondo on May 9 warned US businesses to be wary of ransomware attacks. The female minister affirmed that she would work closely with the Department of Homeland Security to handle the issue, considering this a top priority of the government. Reuters news agency, citing a notice from the White House, said the administration was working to help Colonial Pipeline company resume operations to avoid supply disruptions. According to sources, before activating ransomware, hackers often steal data, which is used to blackmail businesses or distort the truth. Sometimes stolen data is more valuable to hackers than the benefit they get by disrupting business operations. Security experts say the attack is a warning to operators and managers of essential infrastructure in the US such as electricity, water, energy and transportation facilities that have long been built. do not update the method to ensure security against the risk of being attacked. Mr. David Kennedy, a senior security consultant and founder of the security consulting firm TrustedSec, admitted that ransomware attacks have spiraled out of control in the US and are currently under development. is one of the greatest threats facing the United States. However, most American companies lack the ability to prepare for such threats.

Illustration. The breach at Alpharetta, Georgia-based Colonial Pipeline is the latest in a series of cybersecurity incidents confronting the administration of President Joe Biden – as well as a striking reminder that many companies Operators of the nation’s most basic infrastructure, from dams to power plants, are still unprepared to deal with the threats posed by toxic numbers. Here’s a summary of how a criminal gang managed to get into Colonial’s systems and why the tool they use – ransomware – is such a persistent threat. How can a hacker shut down a pipeline? On May 7, Colonial Pipeline said it learned that hackers had infected their computer networks with ransomware, malicious code used to take control of computers and extract payments from victims. The breach affected Colonial’s business network, which it uses for tasks like payroll management and data reporting to regulators. Colonial disabled those systems, but it also turned off the much more sensitive technology running its pipeline operations — a precaution meant to prevent hackers from accessing it if they hadn’t already. These systems monitor air flow for impurities and leaks, control power levels, and perform other automated tasks to keep pipelines running smoothly. What exactly was closed? Colonial shut down its entire main pipeline, more than 5,500 miles long from Houston, Texas, to Linden, New Jersey. The pipeline transports 45% of gasoline, jet fuel and diesel to the US East Coast, according to the company. The short-lived outage sent wholesale gas prices up on financial markets in the affected region, but that rally cooled slightly during trading on May 10. And while some gasoline retailers may try to add a few cents a gallon to the price at the pump, there have been no reports of shortages at suppliers serving those retail points. Market analysts say the pipeline shutdown will need to last through at least the middle of the week to start affecting supply in some parts of the Southeast, and Houston’s refineries won’t start. reduce production unless Colonial shuts down until next week. Overall, the US is stockpiling 235 million barrels of gasoline, enough to supply the whole country for nearly a month. However, retail gasoline prices have risen steadily in recent weeks and any anxiety could accelerate gains as the country approaches Memorial Day weekend, which the industry considers is the beginning of the “summer driving season” in high demand. How bad could this be? It depends on whether the outage turns into a protracted crisis for Colonial’s customers, which include busy airports and US military bases. Some customers can buy fuel from foreign suppliers, but they will face more financial pressure as Colonial’s pipeline network remains offline. Colonial said on May 10 that it has begun reactivating segments of the pipeline and anticipates “significantly restoring operational service by the end of the week”. However, they did not explain what “basically” means and did provide some other details about the attack investigation. What is Ransomware? Ransomware is software that hackers deploy to lock down victims’ data so they can’t access or use it – in the worst case scenario, essentially shutting down an entire company or government office. The hacker then demands a ransom in exchange for providing a digital key to unlock the files. Over the past few years, ransomware has grown from an occasional nuisance to a ubiquitous threat. Victims include the hospital system, the school district and the DC police department, as well as many small businesses. According to the FBI report, ransomware attacks increased by 37% from 2018-2019 and 20% from 2019-2020. According to one report, the pandemic has led to a significant increase in ransomware, with the number of attacks Attacks more than doubled year-on-year, with a particularly large increase in the healthcare sector. The Department of Justice recently launched a task force to explore new solutions to the problem. But in the meantime, the problem continues to get worse as criminal motives grow. Why aren’t pipelines and power plants better protected against ransomware? The private companies that operate much of America’s critical infrastructure — power plants, dams, natural gas pipelines, and other critical facilities — often neglect to implement safety protocols. government-recommended cybersecurity. While protecting against foreign government hackers sometimes requires complex technology that small critical infrastructure operators cannot afford, protecting against ransomware is are not. Use strong passwords, train employees not to click on suspicious links, and require employees to use multi-factor authentication – which involves entering a randomly generated number after entering one’s password – can prevent all but the most advanced types of hacks, including ransomware. Despite years of warnings from government officials and cybersecurity experts, most companies outside of the highly regulated financial sector have not taken many of these steps. And even organizations that try to take cybersecurity seriously can be covered by small holes. A long-neglected office worker or old computer in a closet is often the weak link that opens an organization’s doors to hackers. With so many companies leaving themselves with easy targets, many cybercriminals have started using ransomware to make money. By choosing victims they know there can be no downtime, these criminals virtually guarantee themselves an easy profit. Additionally, many ransomware operators have begun exploiting a secondary source of profit: reselling stolen data on the dark web, where sensitive personal information can fetch huge sums. Between victims and hackers is a burgeoning crypto ecosystem, consisting of unscrupulous payment facilitators ready to handle ransom transactions and rock wall law enforcement. How often do victims pay the ransom? The US government discourages ransomware victims from paying attackers to regain access to their data. While some ransomware operators honor their agreements and unlock victims’ files to foster trust and increase their chances of receiving a future ransom, many of these criminals simply take the money and disappear. Paying the ransom also encourages cybercriminals to continue their attacks. Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said: “We recognize that victims of cyberattacks often face very difficult situations and they must balance the cost-benefit when there is no other option about paying the ransom,” – told reporters on May 10 In the US, it is not illegal to pay a ransom to regain access to locked data. However, it is illegal to pay ransoms to entities on the Treasury’s sanctions list, and the Treasury Department has warned companies that assist ransomware victims to conduct due diligence on hackers. before making payment arrangements. DarkSide, what is the group behind the attack? The FBI has confirmed that the Colonial Pipeline hack was the work of the DarkSide ransomware gang. This group is a relatively newcomer to the ransomware ecosystem, but they are already well known for their professionalism, patience, and large ransom demand. Security firm Cybereason wrote in a report last month: “The team has a phone number and even a help desk to facilitate negotiations with the victim, and they are putting a lot of effort into gathering information. about their victims – not just technical information about their environment, but more general information about the company itself, like the size of the organization and estimated revenue.” DarkSide is based in Russia, but so far the US has said it does not believe the hackers acted on behalf of the government of Russian President Vladimir Putin. Mr. Biden said on the afternoon of May 10: “To date, there is no evidence … from our intelligence people that Russia is involved. However, he added: “There is evidence that the actor’s ransomware is in Russia. They have some responsibility to deal with this.” Like other ransomware gangs, DarkSide operates on a so-called “ransomware-as-a-service” model, in which it provides code to less sophisticated hackers and helps them carry out attacks enter in exchange for their share of the profits. After being closely watched by the Colonial Pipeline attack, DarkSide seems to be rethinking this model. On May 10, a purported statement from the DarkSide hackers announced the group’s intention to scrutinize the partners’ planned attacks in the future to “avoid social consequences.” festival”. “Our goal is to make money, and not create problems for society.” What is the US government doing with this attack? The White House has established a working group that includes the Department of Homeland Security’s Cybersecurity and Infrastructure Agency; The Department of Transport’s Pipeline and Hazardous Materials Safety Administration; FBI; and the Departments of Energy, Treasury and Defense. These agencies are working together to prepare for various scenarios should the pipeline remain shut, including planning for shortages and higher gas prices. In addition, the Department of Transportation waives regulations that limit the driving time without rest of fuel trucks in 17 states and Washington DC. That could make it easier to deliver to customers due to Colonial’s closure.

Illustration. The hack brought down the pipeline, now in its sixth day, and led to panic buying and gas shortages in the Southeastern United States. Colonial said it began reopening its pipeline late Wednesday afternoon, a process that could take days, but declined to comment on the ransom issue. Colonial is working closely with law enforcement, the Department of Energy, and US cybersecurity company FireEye to minimize damage and restore operations. Colonial and government responses to the breach are being closely watched following one of the most direct hacking attacks on US critical infrastructure after years of warnings. Ransomware attacks have increased in number and ransom prices, with hackers encrypting data and seeking cryptocurrency payments to unlock. Investigators in the Colonial case say the malware was distributed by a gang known as DarkSide, which consisted of Russian-speaking people and evaded attack targets in the former Soviet Union. DarkSide previously said that it has no intention of meddling in geopolitics and will be more careful about its affiliates going forward. On Wednesday, the group said on its website that it was “dropping” data from three other victims, including a technology company in Chicago. Officials have so far found no significant connection to the Russian government, concluding instead that the pipeline company that supplies 45% of the US East Coast’s oil was crippled by the attack. ransomware. DarkSide allows “affiliates” to infiltrate targets in different places, then handle ransom negotiation and data release. Two people involved in the Colonial investigation said the man linked in this case was a Russian criminal with no special ties to the government.

Experts say that in each attack, typically hackers will attack networks or systems, steal personal or sensitive information and then demand ransom to return or unlock them. that information. Although experts say that companies should not pay a ransom to hackers because this action helps to foster legal violations, according to Mimecast statistics, 54% of the companies have paid the ransom. Of these, 76% of the companies got their data back, while 24% couldn’t get it back. Prior to this report, since last year, many entities including major Australian companies have reported being attacked by hackers. The recent victim is Nine Network Television, which makes some programs unable to broadcast as usual. Previously, the Australian National Assembly’s computer network was also attacked a number of times. In response to this situation, Australia’s Cybersecurity Center issued recommendations and procedures to instruct entities on how to secure cyber security. At the same time, experts believe that regular software updates as well as the use of multi-factor authentication are also useful measures for security in a cyberspace environment./.

Quanta is headquartered in Taiwan (China), is the main MacBook manufacturing partner for Apple. The company is also a partner of HP, Facebook, and Alphabet (the parent company of Google). Accordingly, when the event just ended, REvil posted an article containing 15 pictures detailing a device that is supposed to be a MacBook designed in March 2021. Images include the part number, specific sizes and capacities, detailing many of the parts that work inside the Apple laptop. One of the images signed by designer John Andreadis. REvil has asked Apple to pay a ransom of $ 50 million by May 1. Previously, this group posted information on “Happy Blog” – where hackers announced their “victory”. REvil is said to have made an agreement with Quanta before but did not get the victim’s consent, then the new hacker group released the records on the day of the Apple event. Quanta, for its part, admitted the company had suffered a hacker attack but did not detail whether any data was stolen. The Apple partner also reported to law enforcement about the day-to-day attack and said it had immediately activated an information security defense system, upgraded its infrastructure to protect data. Whether. Apple representatives have not released any official comment on the incident. according to Bloomberg

One of the drawings was published by the Revil hacker group, threatening Apple. According to technology experts, it is likely that the group of hackers above got the data after they attacked the network on Quanta Computer, an Apple partner in the production of Macbook. Initially, Quanta Computer was targeted by the Revil team with a $ 50 million ransom request, but the deal broke down then made Apple the victim of hackers. To prove it, the hacker group has posted a few screenshots showing technical drawings of the MacBook Air and MacBook Pro and accompanied by a liquidity request before May 1. If Apple doesn’t respond, they’ll reveal more data after each day of transaction delay. It is known that, in addition to Apple, Quanta Computer is also a partner in manufacturing equipment for many other technology companies such as Dell, Hewlett-Packard, BlackBerry, Lenovo, LG … so it is likely that hackers will not stop at demanding. Apple ransom. Currently, the Revil hacker group has not given specific numbers on the ransom they demanded on Apple as well as Apple without any official response.

According to The Record, the hacker gang got this information after a data attack Quanta Computer, one of Apple’s main MacBook manufacturing partners. Several internal technical design drawings for Apple devices such as the MacBook and Apple Watch have been announced by REvil. (Photo: CryptoInsane) The hacker gang behind the ransomware REvil claims to have in-house technical blueprints for Apple devices like the MacBook and Apple Watch, which Quanta Computer uses to assemble products. The hacker group asked Quanta Computer to pay 50 million USD to keep the data confidential. However, due to the unsuccessful agreement, the hacker group asked Apple to pay this ransom. The technical drawings of the MacBook Air and MacBook Pro revealed by the hacker group. (Photo: CryptoInsane) (Photo: CryptoInsane) To prove it, the hacker group has posted a few screenshots showing technical drawings of the MacBook Air and MacBook Pro and included with the liquidity request before May 1. If Apple doesn’t respond, they’ll reveal more data after each day of transaction delay. According to Estrategia & Negocios, on the REvil website (where the gang publishes stolen data to threaten companies to comply with ransom demands), the hacker group said: “To not have to wait for these Apple’s next presentation, we, the REvil team, will make information about the company’s next upcoming products available to many. Tim Cook can thank Quanta. On our side, we have shown goodwill. Quanta has made it clear to us that they are not interested in customer and employee data, giving permission to publish and sell all the data we have. ” MacBook Pro 2021 image revealed by hacker group. (Photo: 9to5Mac) (Photo: CryptoInsane) 9to5Mac said that in some leaked images there are technical information of two unreleased MacBook Pro models, codenamed J314 and J316. Products equipped with Apple Silicon chip, MagSafe charging port, HDMI and SD card slot. These information are true to what analyst Ming-Chi Kuo revealed in January. According to Bloomberg, the codename J316 is the 16-inch MacBook Pro, while the J314 is the 14-inch version. In the image also appears codenamed J374 and J375, which are said to be the Mac mini with the new M1X processor chip. (Photo: CryptoInsane) The hacker gang also said that they are “negotiating to sell a large amount of confidential drawings, GB of personal data with some major brands”. This means, Apple is likely not the only data attack victim. At the moment, representatives from Apple and Quanta Computer said they are reviewing the matter.

In particular, the number of attacks on Vietnamese enterprises fell sharply, from 536.6 thousand cases in 2019, to 204.7 thousand cases in 2020. This pulled Vietnam’s ranking to 11 worldwide. , improved from the 7th place in 2019. In Southeast Asia, Singapore remains the country with the least number of detected attacks, ranking 78 globally. However, out of six Southeast Asian countries, Singapore is the only one experiencing an increase in the number of ransomware infection attempts. Number of detected cases increased from 2,275 in 2019 to 3,191 in 2020. Number of attacks on SMEs detected by Kaspersky in Southeast Asian countries. Although Indonesia still ranks 5th globally in terms of the number of ransomware incidents detected, the country has dropped from 1,158,837 cases in 2019 to 439,473 cases in 2020. This downtrend also coincides with export. currently in other countries in the region including the Philippines, Malaysia and Thailand. China remains at the top of the list for the number of ransomware cases globally in both 2019 and 2020. Meanwhile, Brazil and Russia have swapped the 2nd and 3rd place in the rankings, with Brazil currently ranked 2nd by 2020. Ransomware is designed to infect organizations and individuals’ computers, encrypt the internal data and block access to the computer. The attackers will then request a fee from the victim in exchange for re-activation of the system. Ransomware attacks may be on the decline, but Kaspersky has been warning businesses of all sizes in every sector about the growing activity of ‘Ransomware 2.0’, also known as software. targeted extortion. In the new method, the criminals do not ask for ransom to unlock the data, they threaten to publicly disclose the data they hold, adding pressure to the victims to pay the ransom to protect their reputation. .

In 1971, a man who claimed to be Dan Cooper stole a passenger plane from Oregon to Seattle, USA. In Seattle, he agreed to release 36 passengers in exchange for a cash amount of $ 200,000. After receiving the money, he asked the crew for the plane to take off south and then suddenly parachute with all the ransom money. Since then, no one has seen this man again, according New York Times.

After 45 years, in 2016, the US Federal Bureau of Investigation (FBI) decided not to pursue the search for Cooper anymore. Until now, his whereabouts are still a big question.

Portrait of DB Cooper. Photo: FBI.

Nobody knows who Cooper really is or someone who does, but refuses to speak. The FBI describes Cooper as an “information-free” object. At the time of the daring robbery, he seemed to be over 40 years old. If yes and now Cooper is still alive, then he is over 90 years old. In the media, he is often referred to as “DB Cooper”.

On November 24, 1971, “Dan Cooper” approached the Northwest Orient Airlines ticketing counter in Portland, Oregon, wearing a business suit and carrying a suitcase. The man paid for a one-way ticket on a flight numbered 305 to Seattle and this was the beginning of “one of the biggest unknown disappearances in the history of the FBI.”

Cooper was described by witnesses as a “quiet” man. He ordered a glass of bourbon and soda while he waited for the plane to take off. When the plane was in the air, after three o’clock in the afternoon, from seat 18C, he handed the flight attendant a small piece of paper saying he had a bomb in his suitcase. The hostess takes note of his request, 4 sets of parachutes and $ 200,000 in cash including $ 20 dollars, and then passes it to the captain.

In Seattle, Cooper releases passengers for money and parachutes. When the exchange ended, he made the crew take off again, heading for Mexico City. Cooper also ordered the aircraft not to fly more than 10,000 feet (3,048m).

After 8:00 pm, while the plane was somewhere between Seattle and Reno, he suddenly jumped off the tail of the plane with the ransom in a wooded area and disappeared. All that’s left is just his tie with a clip.

The mission to life of “Dan Cooper” is the subject of lucrative exploitation of American popular culture. It is so dramatic that it has become a source of writing inspiration for many authors, directors and composers. But unanswered questions must be patched up by guesswork.

In 1980, a boy found a rotten $ 20 bank on the Columbia River worth $ 5,800 matching the ransom serial number assigned to Cooper by the authorities. If measured in terms of inflation, the ransom of $ 200,000 in 1971 would be equivalent to about $ 1.2 million today. It is not clear what happened with the remaining money.

The FBI said it interviewed hundreds of people, followed countless leads across the country, and scrutinized the plane for evidence. Five years after the robbery, the FBI examined 800 suspects. Like newspaper New York Times reported in 2011, FBI files on the case to more than 12 meters long, cataloging more than 1,000 suspects.

At one point the FBI believed that the jump killed Cooper. At that time, snow covered the mountains in the area, which was unfavorable for any skydiving, especially at night. It was a cold night, the clothes Cooper wore was not warm enough and since then, no notes of money given to Cooper have been circulated by the authorities.

One of the suspects questioned is Richard Floyd McCoy. He committed a similar robbery and also escaped with even five months after Cooper’s flight. But McCoy was identified as not Cooper for not matching the descriptions provided by the flight attendant and for other undisclosed reasons.

The plane robbery carried out by DB Cooper is a prime example of the beginning of the era of hijacking. By the mid-1970s, at least 150 aircraft had been robbed in the US alone.

The FBI said that even if it no longer pursues the investigation, “countless items” that it has collected over the years will still be preserved for historic purposes at the agency’s headquarters. Residents can still contact the FBI if there are specific leads.