A highlight from Cyber Security Today, May 17, 2021 - The latest on ransomware gangs and their strategies


Were also taken by someone from the gangs payment server which is where victims nayed ransomware payments. Now all of this came after. Us president joe biden urged moscow to take action against the reportedly russia-based group for its attack on the colonial pipeline in the us and biden. Promise the us would disrupt the gang on top of this one. Russian cybercrime forum suddenly banned all discussion threads about ransomware saying the topic is now toxic and the are evil gang has been quoted as saying it will keep a closer eye on affiliate who want to use his ransomware platform can make sure they stay away from attacking what it called the social sector and governments so our ransomware gangs disbanding area afraid of aggressive law enforcement or is this smoke and mirrors first of all note that are evil is merely saying. It's going to be more. Selective in targets apparently thinks that will cool things off as regards side. Perhaps some of its money is gone but the gang still has its expertise and source code and besides many expert think dark side is linked to our evil. There's too much money in ransomware for security professionals to think these attacks are going away. Organizations need to ensure if they allow access to their corporate network through windows remote desktop protocol or through a virtual private network that access is tightly controlled. These are entry points recently favored by any attacker and multi factor. Authentication must be added to deny access to attackers who only have a username and password. Bread callo based threat researcher. For 'em soft told me why dark side went dark isn't clear and there's no confirmation that any law enforcement agency seized it cites or it's money callo suspects that dark side merely got cold feet with the bad publicity of the colonial pipeline attack and set up an exit scam so they don't have to split money owed to their partners in crime unfortunately callo ads. They'll likely be back under a different name. He also notes. A new posting from ransomware. Gang called the book. It says it's setting up a new platform where crooks who don't have their own leak. Websites can post and sell data. That they have stolen from corporate victims is another sign. Cybercrime isn't going away. More thoughts on the colonial pipeline attack. If as the company says the operational network overseeing the pipeline is separated from the it side and that was the side that was hit by ransomware. Why did the company temporarily shut the pipeline. The new york times quoted an expert saying that if colonial had confidence the ot and it networks were separated there was no reason shot the pipeline however an analyst at the sans institute has a theory the billing system of the pipeline company was affected by the attack if colonial couldn't bill for transporting gasoline than the pipeline. Couldn't run there are many lessons to be learned from this attack and we still don't know how it started or how long the attackers were in the colonial network before the ransomware was launched. Meanwhile ireland's health service executive continues trying to recover from a ransomware attack last week. It shut down. Its it system affecting other things. Medical systems needed for ordering tests according to the bleeping computer news. Service the conti ransomware gang is demanding twenty million dollars for the

Coming up next