Latest news with #StopRansomware
Time of India
20 hours ago
- Business
- Time of India
FBI warns of 'dangerous' hacking campaign linked to North Korean attack group
The Federal Bureau of Investigation (FBI), in collaboration with the US Cybersecurity and Infrastructure Security Agency (CISA), has issued a joint cybersecurity advisory following a surge in confirmed victims of Play ransomware attacks in May. The FBI reports that these threat actors have impacted over 900 organisations across North and South America, as well as Europe, including businesses and critical infrastructure providers. The updated advisory, released as part of the ongoing Stop Ransomware campaign, includes findings from new investigations this year that reveal an evolution in the cybercriminal group's tactics, techniques and procedures (TTPs). The advisory aims to inform organisations on how to defend against these attacks. Who are the hackers, why this is dangerous and more details According to FBI (via Forbes) advisory, Play a closed ransomware group, operating independently to "guarantee the secrecy of deals" regarding exfiltrated data. Play ransomware is believed to be linked to Andariel, a North Korean state-sponsored attack group associated with the Democratic People's Republic of Korea's "Reconnaissance General Bureau." Researchers suggest Play is an "integral part" of Andariel's cyberattack arsenal, distributed by threat groups such as Balloonfly. The hackers leave ransom notes with victims that do not include an initial demand or payment instructions. Instead, victims are directed to contact the attackers via email, often using unique German email domains. The FBI noted that some victims are contacted by telephone and threatened with data release to compel ransom payment. Balloonfly has been implicated in multiple incidents involving Play ransomware deployment, primarily against businesses in the US and Europe, often using a malware backdoor to infect Windows systems. Microsoft Threat Intelligence Center and Microsoft Security Response Center previously observed Play ransomware being deployed after attackers exploited a zero-day vulnerability in the Windows Common Log File System. This flaw was mitigated in April. The FBI emphasizes that the Play ransomware campaign shows no signs of abating and urges organisations to enhance their defenses immediately. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Forbes
2 days ago
- Business
- Forbes
FBI Issues Critical Cyberattack Alert — Act Now As Victims Skyrocket
FBI issues Play ransomware warning as attacks multiply. The Federal Bureau of Investigation has issued a joint cybersecurity advisory in conjunction with the U.S. Cybersecurity and Infrastructure Security Agency, as the number of confirmed observed victims of Play ransomware attacks skyrocketed in May. The threat actors have, the FBI warned, impacted victims covering a broad spectrum of organisations, including businesses as well as critical infrastructure providers, in both North and South America, as well as across Europe. Here's what you need to know and, more importantly, do to mitigate the chances of your organisation becoming the next on the list. As part of a joint effort between the FBI, CISA and the Australian Cyber Security Centre, the latest update to the Play ransomware cybersecurity advisory comes as result of new investigations this year that have uncovered an evolution of the cybercriminal group's tactics, techniques and procedures. In May, the FBI confirmed that it had become aware of 900 organizations that had been exploited by the crime gang and had fallen victim to the Play ransomware attacks. To put that in some perspective, it is three times the number when the FBI last released such information. The joint critical cybersecurity advisory, which forms part of the ongoing Stop Ransomware campaign, aims to help organizations best defend themselves against attacks by keeping them informed of changes to the aforementioned tactics, techniques, and procedures, as well as new indicators of compromise that can be useful in attack detection efforts. Advisory AA23-352A warned that Play is thought to be what is known as a closed ransomware group actor, acting alone to 'guarantee the secrecy of deals' when it comes to the exfiltrated data that is held to ransom. The ransom notes that are left with the victim do not, the advisory stated, 'include an initial ransom demand or payment instructions; rather, victims are instructed to contact the threat actors via email.' Those emails have one of two German email domains, but the actual email address is unique in every case. 'A portion of victims are contacted via telephone,' the FBI said, 'and are threatened with the release of the stolen data and encouraged to pay the ransom.' These tactics are designed to lead the victim straight onto a negotiation footing where the attacker has the upper hand. Thought to be linked to a North Korean state-sponsored attack group, one that is known to be part of the Democratic People's Republic of Korea's 'Reconnaissance General Bureau,' the Play ransomware campaign shows no sign of slowing down. For that to happen, organizations need to up their game and get their defenses in order. Erecting mitigation barricades is the only answer to such determined ransomware actors. The FBI has recommended the following mitigating actions to be taken as a matter of some urgency:
