Ne’er-Do-Well News – Page 14 – Computer Security Articles

Conti Ransomware Group Diaries, Part III: Weaponry

March 4, 2022 admin A Little Sunshine, alarm, bentley, bio, bloodrush, chainalysis, cobalt strike, conti, grant, kaktus, lemans corporation, Ne'er-Do-Well News, pin, ransomware, reshaev, revers, salamandra, skippy, the spaniard, tramp, trickbotleaks, Trump

Credit to Author: BrianKrebs| Date: Fri, 04 Mar 2022 20:20:29 +0000

Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it’s like to be an employee of Conti’s sprawling organization. Today’s Part III looks at how Conti abused a panoply of popular commercial security services to undermine the security of their targets, as well as how the team’s leaders strategized for the upper hand in ransom negotiations with victims.

Independent Krebs

Conti Ransomware Group Diaries, Part II: The Office

March 2, 2022 admin A Little Sunshine, bentley, Bleeping Computer, conti, emotet, hof, Lawrence Abrams, mango, Ne'er-Do-Well News, Palo Alto Networks, ransomware, reverse, ryuk, stern, The Coming Storm, trickbot

Credit to Author: BrianKrebs| Date: Wed, 02 Mar 2022 17:49:52 +0000

Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesday’s story examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series we’ll explore what it’s like to work for Conti, as described by the Conti employees themselves.

Independent Krebs

Conti Ransomware Group Diaries, Part I: Evasion

March 1, 2022 admin alex holden, alla witte, conti, conti breach, conti ransomware, contileaks, emercoin, emerdns, hof, Hold Security, Ne'er-Do-Well News, ransomware, revil ransomware, stern, The Coming Storm, trickbot, Ukraine

Credit to Author: BrianKrebs| Date: Tue, 01 Mar 2022 20:50:30 +0000

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees. The records also provide insight into how Conti has dealt with its own internal breaches and attacks from private security firms and foreign governments.

Independent Krebs

Red Cross Hack Linked to Iranian Influence Operation?

February 16, 2022 admin data breaches, FBI, FireEye, icrc hack, international committee for the red cross, kela, kelvinmiddelkoop@hotmail.com, Ne'er-Do-Well News, RaidForums, ransomware, red cross and red crescent movement, restoring family links, sheriff, threat_actor, unindicted

Credit to Author: BrianKrebs| Date: Wed, 16 Feb 2022 16:44:19 +0000

A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.

Independent Krebs

Wazawaka Goes Waka Waka

February 14, 2022 admin #babuk, A Little Sunshine, babuk ransomware, biba99, boriselcin, Cisco Talos, cve-2021-20028, dmitry smilyanets, groove ransom, mikhail pavlovich matveev, Ne'er-Do-Well News, orange, RaidForums, ramp, ransomware, sonicwall vpn, teresacox19963@gmail.com, tox, verified, washington metropolitan police department, wazawaka

Credit to Author: BrianKrebs| Date: Mon, 14 Feb 2022 18:22:38 +0000

In January, KrebsOnSecurity examined clues left behind by “Wazawaka,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. In last month’s story, we explored clues that led from Wazawaka’s multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev. This post concerns itself with the other half of Wazawaka’s identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became “Orange,” the founder of the ransomware-focused Dark Web forum known as “RAMP.”

Independent Krebs

Russian Govt. Continues Carding Shop Crackdown

February 9, 2022 admin alexander kovalev, artem bystrykh, denis pachevsky, department k, ferum shop, Flashpoint, Gemini Advisory, get-net llc, Infraud, Ne'er-Do-Well News, saratovfilm film company llc, sky-fraud, Stas Alforov, tass, transtekhkom llc, Trump's-Dumps, Unicc, vladislav gilev, Web Fraud 2.0, yaroslav solovyov

Credit to Author: BrianKrebs| Date: Thu, 10 Feb 2022 01:34:48 +0000

Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown — the second closure of major card fraud shops by Russian authorities in as many weeks — comes closely behind Russia’s arrest of 14 alleged affiliates of the REvil ransomware gang, and has many in the cybercrime underground asking who might be next.

Independent Krebs

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

February 2, 2022 admin A Little Sunshine, freidig shipping, guy devos, harald berglihn, harald vanvik, inside knowledge, john bernard, john clifton davies, Ne'er-Do-Well News, nils-odd tønnevold, the weeknd, Uber, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Sat, 29 Jan 2022 18:05:52 +0000

Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who’s tricked dozens of start-ups into giving him tens of millions of dollars. Bernard’s latest victim — a Norwegian startup hoping to build a fleet of environmentally friendly shipping vessels — is now embroiled in a lawsuit over a deal gone bad, in which Bernard falsely claimed to have secured $100 million from six other wealthy investors, including the founder of Uber and the artist Abel Makkonen Tesfaye, better known as The Weeknd.

Independent Krebs

Who Wrote the ALPHV/BlackCat Ransomware Strain?

February 2, 2022 admin @cookiedays, A Little Sunshine, alphv ransomware, binrs, blackcat ransomware, blackmatter, Breadcrumbs, Catalin Cimpanu, darkside, duckerman, duckermanit, Flashpoint, jason hill, Ne'er-Do-Well News, paul roberts, ramp, Recorded Future, reversinglabs, rEvil, sergey duck, sergey kryakov, sergey penchikov, smiseo, the record, tox, varonis, ybcat

Credit to Author: BrianKrebs| Date: Fri, 28 Jan 2022 13:18:36 +0000

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat”), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we’ll explore some of the clues left behind by the developer who was reputedly hired to code the ransomware variant.