DIRS.INFO The most relevant business & tech news

LONDON/WASHINGTON, Feb 7 (Reuters) - A global ransomware outbreak has scrambled servers belonging to Florida's Supreme Court and several universities in the United States and Central Europe, according to a Reuters analysis of ransom notes posted online to stricken servers. Florida Supreme Court spokesman Paul Flemming told Reuters that the affected infrastructure had been used to administer other elements of the Florida state court system, and that it was segregated from the Supreme Court's main network. "Florida Supreme Court's network and data are secure," he said, adding that the rest of the state court system's integrity also was not affected. Because internet-facing servers were affected, researchers and tracking services like Ransomwhere or Onyphe could easily follow the criminals' trail. Digital safety officials in Italy said on Monday that there was no evidence pointing to "aggression by a state or hostile state-like entity."

☆ LockBit ransomware group threatens to publish stolen Royal Mail data - TechCrunch
▼ + stars: | 2023-02-07 | by ( ) www.reuters.com time to read: 1 min

Feb 7 (Reuters) - UK's Royal Mail, which has been grappling with a cyberattack for about a month now, was added to ransomware group LockBit's dark web leak site this week, TechCrunch reported on Tuesday. LockBit was threatening to publish "all available (Royal Mail) data" on Thursday, according to the report. Reporting by Aby Jose Koilparambil in Bengaluru; Editing by Shounak DasguptaOur Standards: The Thomson Reuters Trust Principles.

☆ ION starts to bring clients back online after ransomware attack - source
▼ + stars: | 2023-02-07 | by ( ) www.reuters.com time to read: +1 min

LONDON, Feb 7 (Reuters) - ION, the financial trading services group hit by a ransomware attack last week, started to bring clients back on to its cleared derivatives platform overnight, a person familiar with the matter told Reuters on Tuesday. Among the many ION clients whose operations were likely to have been affected by the attack and ensuing disruption were ABN Amro Clearing (ABNd.AS) and Intesa Sanpaolo (ISP.MI), Italy's biggest bank, according to messages to clients from both banks that were seen by Reuters last week. The hackers who claimed responsibility for the breach at ION said last week a ransom had been paid, declining to say how much it was, or offer any evidence that the money had been handed over. ION declined to comment on whether the ransom had been paid. Reporting by Harry Robertson; Editing by Amanda CooperOur Standards: The Thomson Reuters Trust Principles.

LONDON/WASHINGTON, Feb 7 (Reuters) - A global ransomware outbreak has scrambled servers belonging to Florida's Supreme Court and several universities in the U.S. and Central Europe, according to a Reuters analysis of ransom notes posted online to stricken servers. The Florida Supreme Court didn't respond to messages. Reuters contacted the hackers via an account advertised on their ransom notes but only received a payment demand in return. Because internet-facing servers were affected, researchers and tracking services like Ransomwhere or Onyphe could easily follow the criminals' trail. Reporting by James Pearson in London and Raphael Satter in Washington; Editing by Anna DriverOur Standards: The Thomson Reuters Trust Principles.

☆ Exclusive: Record-breaking 2022 for North Korea crypto theft, UN report says
▼ + stars: | 2023-02-06 | by ( Michelle Nichols | ) www.reuters.com time to read: +5 min

North Korea has previously denied allegations of hacking or other cyberattacks. The United States has long been warning that North Korea is ready to carry out a seventh nuclear test. They also said they have started an investigation into reports of ammunition exports by North Korea. North Korea has rejected the accusation as groundless and Wagner's owner, Yevgeny Prigozhin, denied getting arms from North Korea. Last May, China and Russia vetoed a U.S.-led push to impose more U.N. sanctions on North Korea.

☆ Chip equipment maker MKS Instruments says it is investigating ransomware attack
▼ + stars: | 2023-02-06 | by ( ) www.reuters.com time to read: +1 min

Feb 6 (Reuters) - MKS Instruments Inc (MKSI.O) said on Monday it was investigating a ransomware attack that occurred last week and affected the semiconductor equipment maker's production-related systems. The company said it was in the early stages of investigating the attack that it identified on Feb. 3, adding that costs related to the incident have not been determined. Ransomware is a form of malicious software deployed by criminals which works by encrypting data, with hackers offering the victim a key in return for payments. MKS said it would temporarily suspend operations at some of its facilities, as part of its containment efforts. Italy's National Cybersecurity Agency warned on Sunday that thousands of computer servers had been targeted by a global ransomware hacking attack targeting VMware (VMW.N) ESXi servers.

☆ Italy's govt: global cyber attack did not come from state entity
▼ + stars: | 2023-02-06 | by ( ) www.reuters.com time to read: 1 min

ROME, Feb 6 (Reuters) - The global ransomware hacking attack that targeted thousands of computer servers in Italy and other countries likely came from cybercriminals and not from a state or state-like entity, Italy's government said on Monday. "No evidence has emerged pointing to an aggression by a state or hostile state-like entity", the government said in a statement, adding that no major institution or company operating in critical sectors for national security had been affected. Reporting by Giuseppe Fonte, writing by Federico Maccioni, editing by Alvise ArmelliniOur Standards: The Thomson Reuters Trust Principles.

☆ Italy sounds alarm on large-scale computer hacking attack
▼ + stars: | 2023-02-05 | by ( ) www.reuters.com time to read: +1 min

ROME, Feb 5 (Reuters) - Thousands of computer servers around the world have been targeted by a ransomware hacking attack, Italy's National Cybersecurity Agency (ACN) said on Sunday, warning organisations to take action to protect their systems. The hacking attack sought to exploit a software vulnerability, ACN director general Roberto Baldoni told Reuters, adding it was on a massive scale. Italy's ANSA news agency, citing the ACN, reported that servers had been compromised in other European countries such as France and Finland as well as the United States and Canada. Telecom Italia customers reported internet problems earlier on Sunday, but the two issues were not believed to be related. Reporting by Elvira Pollina; Writing by Keith Weir; Editing by Jan HarveyOur Standards: The Thomson Reuters Trust Principles.

☆ U.S. CFTC traders report delayed by ransomware attack on data firm ION
▼ + stars: | 2023-02-03 | by ( ) www.reuters.com time to read: +1 min

ION Group, the financial data firm's parent company, said in a statement on its website the attack began on Tuesday. read more"The ongoing issue is impacting some clearing members’ ability to provide the CFTC with timely and accurate data," the CFTC said in a statement. It said the Commitments of Traders report that is produced by CFTC staff will be delayed until all trades can be reported. "A report will be published upon receipt and validation of data from those firms," the CFTC said. CFTC reports provide a snapshot of investor positioning on various assets.

☆ Hackers who breached ION say ransom paid; company declines comment
▼ + stars: | 2023-02-03 | by ( Raphael Satter | ) www.reuters.com time to read: +3 min

WASHINGTON, Feb 3 (Reuters) - The hackers who claimed responsibility for the disruptive breach at financial data firm ION say a ransom has been paid, although they declined to say how much it was or offer any evidence that the money had been handed over. Britain's National Cyber Security Agency (NCSC), part of Britain's GCHQ eavesdropping intelligence agency, told Reuters it had no comment. ABN told clients on Wednesday that due to "technical disruption" from ION, some applications were unavailable and were expected to remain so for a "number of days." ION was removed from Lockbit's extortion website, where victim companies are named and shamed in a bid to force a payout. As of late Friday, Lockbit's extortion website alone counted 54 victims who were being shaken down, including a television station in California, a school in Brooklyn and a city in Michigan.

ION Group, the financial data firm's parent company, said in a statement on its website that the attack began on Tuesday. "The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," ION Group said, declining requests for further comment. ABN told clients on Wednesday that due to "technical disruption" from ION, some applications were unavailable and were expected to remain so for a "number of days". It added that its staff had to process trades directly with the exchange. Intesa Sanpaolo told clients that its brokerage and clearing operations on exchange-traded derivatives had been "severely hampered" by IT problems at ION and that it was not able to handle orders.

☆ Gen Z doesn't think anyone can keep them safe online, and one of their biggest concerns is photos getting leaked
▼ + stars: | 2023-01-31 | by ( Amanda Goh | ) www.businessinsider.com time to read: +2 min

Gen Z has little faith that anyone can keep them safe online, according to a Dell Technologies study. 18% of respondents said they trust the government to protect their data, while 17% trust private sector companies. Gen Z's main cyber threat concern relates to having their personal data or photos shared. The findings indicate that Gen Z doesn't trust any entity, public or private, to keep their data safe online. Having their personal data or photos shared without permission.

☆ FBI Disrupts ‘Hive’ Ransomware Group
▼ + stars: | 2023-01-26 | by ( Aruna Viswanatha | Dustin Volz | ) www.wsj.com time to read: 1 min

WASHINGTON—U.S. authorities seized the servers of the notorious Hive ransomware group after entering its networks and capturing keys to decrypt its software, the Justice Department said on Thursday, calling its effort a “21st-century cyber stakeout.”The group linked to Hive ransomware is widely seen by authorities and cybersecurity experts as one of the most prolific and dangerous cybercriminal actors in recent years. They have been linked to attacks on more than 1,500 victims including hospitals and schools—and have extorted more than $100 million in ransom payments, the Justice Department said.

☆ U.S. Disrupts ‘Hive’ Ransomware Group
▼ + stars: | 2023-01-26 | by ( Aruna Viswanatha | Dustin Volz | ) www.wsj.com time to read: 1 min

☆ U.S. Disrupts ‘Hive’ Ransomware Group, Seizes Its Servers
▼ + stars: | 2023-01-26 | by ( Aruna Viswanatha | Dustin Volz | ) www.wsj.com time to read: 1 min

WASHINGTON–U.S. authorities seized the servers of the notorious Hive ransomware group after entering its networks and capturing keys to decrypt its software, the Justice Department said on Thursday, calling its effort a “21st-century stakeout.”(This article will be updated as news develops))

The FBI has infiltrated and disrupted a major cybercriminal group that extorted schools, hospitals and critical infrastructure around the world, a law enforcement official told NBC News. As of Thursday morning, its website on the dark web showed a message saying it had been seized by an international law enforcement coalition, including the FBI and Justice Department. The FBI had secretly gained access to Hive’s network for months and provided victims keys to unlock their data, the law enforcement official said. Previous ransomware attacks have resulted in the release of sensitive information about law enforcement officers and schoolchildren. But as is often the case with such groups, Hive’s core group spoke Russian, said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future.

☆ Hive: FBI, DOJ seize notorious ransomware group's website
▼ + stars: | 2023-01-26 | by ( ) www.cnbc.com time to read: 1 min

Share Share Article via Facebook Share Article via Twitter Share Article via LinkedIn Share Article via EmailHive: FBI, DOJ seize notorious ransomware group's websiteCNBC's Eamon Javers reports on the shutting down of the Hive ransomware operation.

WASHINGTON, Jan 26 (Reuters) - The FBI revealed on Thursday it had secretly hacked and disrupted a prolific ransomware gang called Hive, a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands from more than 300 victims. They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded the payments. In that case, the Justice Department seized some $2.3 million in cryptocurrency ransom after the company had already paid the hackers. The Justice Department said that over the years, Hive has targeted more than 1,500 victims in 80 different countries, and has collected more than $100 million in ransomware payments. Attorney General Merrick Garland said the FBI's operation helped a wide range of victims, including a Texas school district.

WASHINGTON, Jan 26 (Reuters) - The Hive ransomware gang has been disrupted by international law enforcement action, according to a person familiar with the matter and an announcement posted to the group's website. A flashing message posted to Hive's page said: "The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware." The Federal Bureau of Investigation and the European law enforcement organization Europol did not immediately return messages seeking comment but the person familiar with the matter said a Department of Justice announcement was coming imminently. Hive is one of a wide range of cybercriminal groups that extort international businesses by encrypting their data and demanding massive cryptocurrency payments in return. "Hive is one of the most active groups around, if not the most active," he said in an email.

On a larger exchange like Binance or Coinbase , for example, many customers opt to let the platform custody their crypto tokens. In the four years that Bitzlato operated, only $52 million moved directly from the exchange to Binance, the same dataset shows. CNBC reviewed transaction data for the ten largest recipients of Bitzlato outflows, which collected over $45 million in Bitzlato-originated funds. Those wallets also received millions more in funds from other exchanges, including Huobi, FTX, Poloniex, Nexo, and WhiteBIT, a Ukrainian exchange. We also asked whether Binance was aware that Bitzlato was allegedly used to launder money and, if so, why funds from Bitzlato were custodied on its platform.

☆ Yum Brands says nearly 300 restaurants in UK impacted due to cyber attack
▼ + stars: | 2023-01-19 | by ( ) www.reuters.com time to read: +1 min

Jan 19 (Reuters) - Yum Brands Inc (YUM.N) said late on Wednesday a ransomware attack impacted certain information technology systems of the company which led to the closure of nearly 300 restaurants in the United Kingdom for a day. The company added all the stores were now operational and it had initiated response protocols detection of the incident. Yum, which also owns the Pizza Hut chain and Taco Bell, did not specify which restaurants were impacted by the attack. The company said the event was not expected to have a material adverse impact on its business, operations or financial results. Reporting by Ananya Mariam Rajesh in Bengaluru; Editing by Krishna Chandra EluriOur Standards: The Thomson Reuters Trust Principles.

☆ Crypto Platform Bitzlato Charged With Laundering More Than $700 Million of Illicit Money
▼ + stars: | 2023-01-18 | by ( Mengqi Sun | ) www.wsj.com time to read: +2 min

U.S. authorities designated cryptocurrency exchange Bitzlato Ltd. as a primary money-laundering concern and charged its founder for allegedly facilitating money laundering for criminals. The Treasury Department designated Bitzlato under a section of the USA Patriot Act, a law used to combat money laundering and terrorist financing, for allegedly laundering illicit funds for ransomware actors based in Russia. Newsletter Sign-up WSJ | Risk and Compliance Journal Our Morning Risk Report features insights and news on governance, risk and compliance. Bitzlato also received more than $15 million of ransomware proceeds, the Justice Department said. “Today the Department of Justice dealt a significant blow to the cryptocrime ecosystem,” Deputy Attorney General Lisa Monaco said Wednesday.

WASHINGTON, Jan 18 (Reuters) - U.S. authorities said on Wednesday they have arrested the majority shareholder and cofounder of Hong Kong-registered virtual currency exchange Bitzlato Ltd for allegedly processing $700 million in illicit funds. It also broke rules requiring significant vetting of customers and failed to meet requirements aimed at preventing money laundering, authorities said. REUTERS/Dado Ruvic/Illustration 1 2Prosecutors said Bitzlato knowingly serviced U.S. customers and conducted transactions with U.S.-based exchanges using U.S. online infrastructure. "Identifying Bitzlato as a primary money laundering concern effectively renders the exchange an international pariah," Deputy Treasury Secretary Wally Adeyemo said at the news conference. "None of the mainstream financial institutions will deal with an entity identified as a primary money laundering concern," she said.

The U.S. has arrested a Russian national and founder of a cryptocurrency exchange on charges of allegedly laundering more than $700 million, the Department of Justice said Wednesday. Anatoly Legkodymov, the founder of Bitzlato, a Hong Kong-registered cryptocurrency exchange that touted its lax approach to verifying customers’ identity, was arrested in Miami Tuesday night. The Treasury Department also declared Bitzlato a “Primary Money Laundering Concern,” an extreme measure rarely used against financial institutions. “If the U.S. Treasury Department designates a financial institution as a ‘Primary Money Laundering Concern,’ the goal is to isolate them,” Redbord said. “Being cut off from the U.S. financial system, not being able to transact in U.S. dollars, is essentially a death sentence.”

☆ Britain's Royal Mail begins moving some export parcels after cyber incident
▼ + stars: | 2023-01-18 | by ( ) www.reuters.com time to read: +1 min

LONDON, Jan 18 (Reuters) - Britain's Royal Mail said on Wednesday it had begun moving limited volumes of export parcels as it trials "operational workarounds", after a cyber incident severely disrupted its international export services last week. However it said that while it trials the workarounds, it was continuing to ask customers not to submit new export parcels. "Our initial focus will be to clear mail that has already been processed and is waiting to be despatched," Royal Mail said in a statement. Royal Mail, one of the world's largest post and parcel firms, said it was still working with external experts, security authorities and regulators to mitigate the impact of the incident. Royal Mail declined to comment on the report.

Search resuls for: "Ransomware"

25 mentions found