Connect with us

Press Release

Member of the REvil ransomware extradited to the United States to face trial for the Kaseya attack

Published

on

Member of the REvil ransomware extradited to the United States to face trial for the Kaseya attack

Member of the REvil ransomware extradited to the United States to face trial for the Kaseya attack
Vasinkyi is thought to be an affiliate of the REvil ransomware, charged with breaking into corporate networks around the world, stealing unencrypted data, and then encrypting every device connected to the network.
The DOJ revealed shortly after Vasinkyi’s arrest that he was behind the ransomware attack against managed services provider Kaseya, which affected thousands of businesses all across the world.

The release from the U.S. DoJ stated that during the alleged attack on Kaseya, Vasinskyi “enabled the deployment of malicious Sodinokibi/REvil code throughout a Kaseya product that allowed the Kaseya production feature to deploy REvil ransomware to “endpoints” on Kaseya client networks.”

Data on PCs belonging to companies using Kaseya software worldwide were encrypted after remote access to Kaseya endpoints was achieved and ransomware was installed on those computers.

In order to decrypt every one of Kaseya’s impacted customers, the REvil operation (also known as Sodinokibi) wanted $70 million. But once a law enforcement operation managed to access the ransomware business’s servers, the FBI was given the decryption key.

Vasinskyi is thought to be one of REvil’s long-term associates and has been involved in at least nine ransomware operations against American businesses that have been verified.

Eleven counts are supported by the indictment, which was revealed after his detention and links them to separate attacks on North American businesses.

The accusations against Vasinskyi for his acts are as follows:

conspiracy to commit fraud and similar computer-related behaviour
intentional harm to systems behind a firewall
collaborating to launder money
Vasinskyi will be imprisoned for a total of 115 years if found guilty on all counts. He will also lose all of his possessions and financial resources.

In order to remotely manage their clients’ networks, such as pushing out patches, providing remote help, and controlling the Windows domain, managed service providers utilise specialised software.

Since the beginning of the GandCrab and REvil ransomware operations, an affiliate has continuously demonstrated proficiency with MSP platforms by leveraging them to encrypt the clients of targeted MSPs.

With the help of the specific software that managed service providers employ, such as the Kaseya, ConnectWise, and WebRoot MSP platforms, successful attacks against these providers have been made possible.

The Kaseya assault may have been carried out by the same affiliate since it made use of previously undiscovered zero-day vulnerabilities and deep system knowledge.

Vasinskyi’s arrest and potential imprisonment, if he is this affiliate, will be advantageous to the MSP sector because there will be one less threat player to be concerned about.

REvil in suspense
Given that Ukraine and the United States do not currently have an extradition agreement, the Vasinkyi case is a victory for American law enforcement and the judiciary.

He is not, however, a fundamental member of the famed RaaS (ransomware as a service) group, but rather one of the countless REvil affiliates.

Two alleged REvil associates were detained on November 4, 2021, in Romania and Kuwait as part of a global law enforcement operation orchestrated by Europol and Interpol.

The Federal Security Service (FSB) announced the arrest of fourteen alleged REvil members on January 15, 2022, but the group’s top operatives are still believed to remain at large.

Even if the REvil ransomware organisation has been shut down, it wouldn’t be unexpected if some of its core members or affiliates later rebranded as a new operation.

 

Continue Reading

Press Release

Angry IT administrator destroys employer’s databases; sentenced to 7 years in prison

Published

on

Angry IT administrator destroys employer's databases; sentenced to 7 years in prison

Han Bing, a former database manager for Lianjia, a major Chinese real estate agency, was given a 7-year prison term for breaking into company computers and erasing data.

Bing is accused of carrying out the conduct in June 2018, when he reportedly accessed the company’s finance system using his administrator rights and “root” account and deleted all previously saved data from two database servers and two application servers.

Large elements of Lianjia’s operations were immediately crippled as a result, leaving tens of thousands of workers without pay for an extended length of time and necessitating a data restoration effort that cost about $30,000.

However, because Lianjia has thousands of offices, employs over 120,000 brokers, owns 51 companies, and has an estimated $6 billion market value, the indirect costs from the firm’s economic disruption were significantly more detrimental.

examination of the staff
H. Bing was one of the five primary suspects in the event involving the data deletion, according to records made public by the court of the People’s Procuratorate of Haidian District, Beijing.

When the administrator refused to reveal his laptop password to the company’s inspectors, suspicions were quickly aroused.

Chinese media outlets who reprinted portions of the disclosed documents explain that “Han Bing stated that his computer had confidential data and the password could only be handed to official authorities, or would only accept entering it personally and being present during the checks.”

The checks were solely carried out to evaluate the response of the five employees who had access to the system because, as the investigators testified in court, they knew that such an operation wouldn’t leave any records on the laptops.

Finally, the experts were able to pinpoint the activity to particular internal IPs and MAC addresses after retrieving access records from the servers. The inspectors even collected WiFi network logs and timestamps, which they afterwards compared against CCTV footage to validate their suspicions.

The forensic expert hired by the company concluded that Bing had wiped the databases using the “shred” and “rm” commands. Rm deletes the files’ symbolic links, whereas shred overwrites the data three times with different patterns to make it unrecoverable.

Unhappy employee?
Unexpectedly, Bing had regularly warned his employer and superiors about security flaws in the finance system, even emailing other administrators to express his concerns.

He was mostly disregarded, nevertheless, as the departmental administrators never gave their approval for the security project he wanted to oversee.

This was supported by the testimony of the director of ethics at Lianjia, who told the court that Han Bing frequently argued with his superiors because he believed his organisational suggestions weren’t valued.

A similar incident occurred in September 2021 when a former employee of a credit union in New York deleted approximately 21.3GB of records in a 40-minute rampage as retaliation for her managers terminating her.

Continue Reading

Press Release

Internet Explorer 11 support will no longer be offered by WordPress.

Published

on

Internet Explorer 11 support will no longer be offered by WordPress.

WordPress, the most well-known and widely used blogging platform, is thinking about removing support for Internet Explorer 11 when its usage falls below 1%.

WordPress has discovered that the cumulative usage of IE 11 is less than 1% using the following three metrics:

according to StatCounter’s GlobalStats, 0.71%.
from W3 Counter, 1.2%
from WordPress.com, 0.46%
When WordPress stopped supporting Internet Explorer 8, 9, and 10 in 2017, these usage figures were comparable.

WordPress plans to discontinue support for Internet Explorer 11 in the future due to the low number of users and the significant expense of maintaining the browser.

“Regarding the present WordPress user experience, the majority of WordPress users ought to be aware by now that a flag was introduced to BrowseHappy around 13 months ago to not recommend IE. In connection with this, the entire IE11 experience is subpar and comes with a significant maintenance cost for developers “Last week, WordPress clarified in a blog post.

WordPress is requesting feedback from individuals and organisations that still use the browser by March 18th in order to formulate their strategies for ceasing support.

WordPress is not the only platform to stop supporting IE 11.

Microsoft Teams’ web app will no longer be supported by Internet Explorer, and Microsoft 365 would stop supporting it on August 17, 2021, according to a 2020 August Microsoft announcement.

Continue Reading

Press Release

Major Canadian banks experience a bizarre, hours-long outage

Published

on

Major Canadian banks experience a bizarre, hours-long outage

Major Canadian banks fell unavailable for several hours, denying consumers access to e-transfers, online and mobile banking, and other services.

The Canadian Imperial Bank of Commerce, Scotiabank, Bank of Montreal, and Royal Bank of Canada (RBC) are among the institutions apparently affected by the outage (CIBC).

For many, online banking and e-Transfers are not working.
Yesterday, the main banks in Canada went offline, making it difficult for many people to access e-Transfers, online, and mobile banking services.

The number of reports of people experiencing problems accessing their online banking peaked on Wednesday between 5 and 6 p.m. Eastern time, while BleepingComputer is still receiving an influx of these reports today:

 

An RBC spokesman acknowledged that “we are currently having technical challenges with our online and mobile banking, as well as our phone services.”

“We have no ETA to offer at this time, but our specialists are looking into it and striving to fix it as soon as they can. We value your tolerance.”

Customers continued to report problems a few hours later, within 30 minutes of RBC declaring that all systems were operating normally:

Andrew Currie, an RBC client, stated that the disruption left him without “access to my money at the grocery store” and forced him to wait in line for the cash register for 30 minutes.

Customers of BMO also noticed that the bank’s “Global Money Transfer service” was unavailable “all day” and that transfers were being automatically denied without any apparent cause. Such customers were advised to contact customer care by a BMO representative.

Inconsistencies with their internet banking were not acknowledged by CIBC.

Customers were apparently locked out of the TD Bank mobile banking app, and customer support agents said they “haven’t been told of recent concerns with our online service through EasyWeb.”

According to a TD Bank representative speaking to BleepingComputer, the bank had no significant system issues or outages.

It’s unclear at this moment whether some people’s difficulties at the ATMs were caused by the outage. According to an RBC staffer, the customer experiencing ATM problems is using an old debit card:

Some transfers are subject to rules under the Emergencies Act.

Although the reason for the outage is unknown, its timing is very intriguing because it comes only a few days after Canadian Prime Minister Justin Trudeau used the Emergencies Act in the midst of ongoing “Freedom Convoy” rallies.

Deputy Prime Minister Chrystia Freeland detailed the new rules that payment service providers must follow in accordance with the recently implemented Emergencies Act on Monday during a press briefing on Parliament Hill.

Additionally, without a court ruling and without risking civil liability, the Emergencies Act gives banks the power to freeze the accounts of people and companies they believe to be connected to the illegal blockades.

However, as the Deputy PM notes, since banks are currently required to report to FINTRAC, it is still unclear how new legislation will cause a planned or unanticipated outage.

Continue Reading

Trending