Weekly Dark Web Trends / Advisory
Thorsten Czerwinski
Markenmacher@Prianto I Co-founder@SayNoToTheHungerVirus I Co-founder@BraveKidsAcademy l Blogger@Markenleitfaden I Autor des Fachbuchs #MarkenentwicklungundMarkenführungfürGründer
Every week, CYFIRMA Intelligence and Research Team will highlight additional high-level information gathered while monitoring various dark web forums. This information encompasses various industries across multiple countries which could be directly/indirectly related and relevant to your organization.
Ransomware
Detailed below are the three most prolific ransomware. Additional information as to victims has been obtained from the Data Leak Sites (DLS) of each ransomware strain.
RANSOMWARE UPDATE
1) Conti Ransomware Group
Conti ransomware stands out as one of the most ruthless of the dozens of ransomware groups. The group has spent more than a year attacking organizations where IT outages can have life-threatening consequences. Ireland has yet to recover from an attack in mid-May 2021 that prompted the shutdown of the entire information technology network of the nation's healthcare system.
Conti News:
New Victims:
2) BlackCat – ALPHV Ransomware Group
The first “professional” ransomware written in the RUST coding language, was reported to be promoted on Russian hacking forums. Like many other ransomware groups, ALPHV is believed to use the Ransomware-as-a-Service (RaaS) model. It is confirmed to be an offshoot of the BlackMatter ransomware group.
Recommended by LinkedIn
Given the above points, BlackCat should be seen as a significant threat moving forward. It is likely to grow fast and lead the way in terms of new techniques in evading detection and analysis.
New Victims:
Hacktivism:
Following the invasion of Ukraine there has been several incidents of hacktivism, largely in support of Ukraine and against Russian or Belarussian targets.
On the Ukrainian side, it is suspected that these groups - IT Army of Ukraine, Anonymous, Cyber Partisans of Belarus, AgainstTheWest, GhostSe, The Black Rabbit World, and NB65 or Network Battalion 65 group are in support of Ukraine, and willing to target Russia.
News:
It is seen that Anonymous and the IT ARMY of Ukraine are continuously targeting Russian government entities and private businesses. The groups have claimed to hacked into multiple private firms and shared the leaked data with Distributed Denial of Secrets (DDoSecrets) platform. The hacktivists leaked a large number of Russian companies data including Aerogas (oil and gas industry), Forest (manufacturing firm), Petrofort (office spaces and business centers), and many more.
The Anonymous-linked group ‘NB65’ hacked and leaked 900,000 sensitive documents from All-Russia State Television and Radio Broadcasting Company (VGTRK). NB65 has been targeting Russian organizations with ransomware attacks for the past month. It is observed that the group is using ransomware leaked from pro-Russian ransomware group ' Conti ' by modifying it. Upon analysis of NB65's modified Conti executable available on VirusTotal, it was revealed that it shares 66% of the code with the normal Conti ransomware samples. It was discovered that NB65 version appends the .NB65 extension to the encrypted file’s names and a ransom note is dropped that levelled accusations against the Russian President Vladimir Putin. While the encryptor is based on the Conti source code, the group had modified it in such a way as to evade all versions of Conti's decryptor.
NB65 said that it will stop attacking Russian entities when Russia will end all hostilities in Ukraine and finish the war.
Stay informed and learn more about the possibilities and benefits that CYFIRMA offers with its product DeCYFIR to predict planned cyber attacks, understand the plan behind them and thus prevent them in good time.