Results 1 to 8 of 8
  1. #1
    Retired 10,000+ Posts slimslob's Avatar
    Join Date
    May 2013
    Location
    Bakersfield, CA
    Posts
    13,533
    Rep Power
    349

    News from protection software companies

    Arrests have been made of individuals involved in one of the world’s most sophisticated ransomware operations.

    Egregor ransomware hit by arrests - Malwarebytes Labs | Malwarebytes Labs
    Last edited by slimslob; 1 Week Ago at 03:21 AM.

  2. #2
    Service Manager 1,000+ Posts
    News from protestion software companies

    copiertec's Avatar
    Join Date
    Jan 2016
    Location
    Centereach, L.I. New York
    Posts
    1,051
    Rep Power
    43

    Re: News from protestion software companies

    It's about time some arrests were made with ransomware makers and their affiliates.

  3. #3
    Service Manager 10,000+ Posts
    News from protestion software companies

    Phil B.'s Avatar
    Join Date
    Jul 2016
    Location
    Raleigh NC
    Posts
    11,604
    Rep Power
    281

    Re: News from protestion software companies

    Quote Originally Posted by slimslob View Post
    Arrests have been made of individuals involved in one of the world’s most sophisticated ransomware operations.

    https://blog.malwarebytes.com/ransom...BX_BBZrku78Jvk
    Never (knock on my head News from protestion software companies) had ransomwear buti know a few that did on personal computers, cost them between 300 to 650 usd to get them unlocked.

    Sent from my SM-G960U using Tapatalk

  4. #4
    Geek Extraordinaire 2,500+ Posts KenB's Avatar
    Join Date
    Dec 2007
    Location
    Cleveland, Ohio
    Posts
    3,398
    Rep Power
    95

    Re: News from protestion software companies

    About 5 years ago one of my customers got hit with it.

    No idea what it cost them, but it was quite the sore subject.

    I’m just happy it happened before I got involved with them.
    Some days you’re the dog, some days you’re the fire hydrant.

  5. #5
    Retired 10,000+ Posts slimslob's Avatar
    Join Date
    May 2013
    Location
    Bakersfield, CA
    Posts
    13,533
    Rep Power
    349

    Re: News from protestion software companies

    Quote Originally Posted by Phil B. View Post
    Never (knock on my head News from protestion software companies) had ransomwear buti know a few that did on personal computers, cost them between 300 to 650 usd to get them unlocked.

    Sent from my SM-G960U using Tapatalk
    I had a dispensing optician get hit once. The only thing they had on their computers was their optical software package that gets backed up daily plus did bnot have any of the file types that it affected and Quickbooks which she backed after doing any entries. So the only thing lost were the various word documents that Quickbooks includes which she didn't use any way.

  6. #6
    Service Manager 2,500+ Posts
    News from protestion software companies

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    3,592
    Rep Power
    110

    Re: News from protestion software companies

    Posted: January 27, 2021 by Malwarebytes Labs
    Last updated: January 28, 2021

    In a coordinated action, multiple law enforcement agencies have seized control of the
    Emotet botnet. Agencies from eight countries worked together to deliver what they hope will be a decisive blow against one of the world’s most dangerous and sophisticated computer security threats.

    The Emotet threat

    In a statement announcing the action, Europol described Emotet as “one of the most significant botnets of the past decade” and the world’s “most dangerous” malware.

    The malware has been a significant thorn in the side of victims, malware researchers and law enforcement since it first emerged in 2014. Originally designed as a banking Trojan, the software became notorious for its frequent shapeshifting and its ability to cause problems for people trying to detect it. This lead to it being used as a gateway for other kinds of malware. Emotet’s criminal operators succeeded in infiltrating millions of Windows machines, and then sold access to those machines to other malware operators.

    Taking down Emotet’s infrastructure not only hobbles Emotet, it also disrupts an important pillar of the malware delivery ecosystem.


    The takedown

    Successful botnets are typically highly distributed and very resilient to takedown attempts. Effective law enforcement cooperation is therefore vital, so that all parts of the system are tackled at the same time, ensuring the botnet can’t reemerge from any remnants that go untouched.

    In this case, that meant tackling hundreds of servers simultaneously. Describing the level of cooperation required, Malwarebytes’ Director of Threat Intelligence, Jerome Segura said:

    Going after any botnet is always a challenging task, but the stakes were even higher with Emotet. Law Enforcement agencies had to neutralize Emotet’s three different botnets and their respective controllers.

    Although it gives few details, the Europol press release hints that a novel and sophisticated approach was used in the action, stating that the Emotet botnet was compromised “from the inside”. According to the agency, “This is a unique and new approach to effectively disrupt the activities of the facilitators of cybercrime.”

    Segura added:
    Unlike the recent and short-lived attempt to take down TrickBot, authorities have made actual arrests in Ukraine and have also identified several other individuals that were customers of the Emotet botnet. This is a very impactful action that likely will result in the prolonged success of this global takedown.

    It remains to be seen if this is the final chapter of the Emotet story, but even if it is, we aren’t at the end of the story just yet.

    This action removes the threat posed by Emotet, by preventing it from contacting the infrastructure it uses to update itself and deliver malware. However, the infections remain, albeit in an inert state. To complete the eradication of Emotet, those infections will need to be cleaned up too.

    The knockout?

    In a highly unusual step, it looks as if the clean up isn’t going to be left to chance. A few hours after the takedown was announced, ZDNet broke the news that law enforcement in the Netherlands are in the process of deploying an Emotet update, and that will remove any remaining infections on March 25th, 2021.

    Malwarebyes Threat Intelligence has since pointed out that the actual removal date is April 25th, 2021, because, as any programmer can tell you, the first item in an array is zero, not one.

  7. #7
    Service Manager 2,500+ Posts
    News from protestion software companies

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    3,592
    Rep Power
    110

    Re: News from protestion software companies

    Quote Originally Posted by slimslob View Post
    I had a dispensing optician get hit once. The only thing they had on their computers was their optical software package that gets backed up daily plus did bnot have any of the file types that it affected and Quickbooks which she backed after doing any entries. So the only thing lost were the various word documents that Quickbooks includes which she didn't use any way.
    I have had two cities, one municipal gov't and two retirement care homes who are customer's of mine attacked by ransomware in the last 12 months.

  8. #8
    Service Manager 2,500+ Posts
    News from protestion software companies

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    3,592
    Rep Power
    110

    Re: News from protestion software companies

    Fonix ransomware gives up life of crime, apologizes

    Posted: February 1, 2021 by Malwarebytes Labs

    Ransomware gangs deciding to pack their bags and leave their life of crime is not new, but it is a rare thing to see indeed.
    And the Fonix ransomware (also known as FonixCrypter and Xinof), one of those ransomware-as-a-service (RaaS) offerings, is the latest to join the club.

    Fonix was first observed in mid-2020, but it only started turning heads around September-October of that year. Believed to be of Iranian origin, it is known to use four methods of encryption—AES, Salsa20, ChaCha, and RSA—but because it encrypts all non-critical system files, it’s slower compared to other RaaS offerings.


    This isn’t the first time a ransomware group has displayed a conscience—that is assuming we take their word they will continue to “use our abilities in positive ways”. In 2018, developers of the GandCrab ransomware, another RaaS that also made a public announcement of shutting down its operations in mid-2019, made a U-turn and released decryption keys for all its victims in Syria after a Syrian father took to Twitter to plead with them. GandCrab had infected his system and encrypted photos of his two sons who had been taken by the war.

    In 2016, when TeslaCrypt made an exit from the RaaS scene, a security researcher reached out to its developers and asked if they would release the encryption keys. They did release the master key that helps decrypt affected systems for free.

    It remains to be seen if the Fonix gang will keep their word. If some or all of them change their minds and go back to a life of crime, they wouldn’t be the first ransomware gang to do so. Any ransomware group packing up and leaving is good news. However, while Fonix appears to have left the building, it was only one small player in a vast criminal ecosystem. The threat of ransomware remains.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here