[Fallout 3 Where Is Underworldl
Oludare Padilla
LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.
On May 12, 2021, US President Biden issued an Executive Order on Improving the Nation's Cybersecurity. The Order emphasized the current cyberattack landscape targeting the public and private sectors and the need to heighten efforts and increase resources to defend against this threat environment.
The Order comes following recent high-profile cyber incidents, such as the Colonial Pipeline ransomware, the SolarWinds attack, and the exploitation of Microsoft Exchange zero-day vulnerabilities. Ransomware gangs faced blowback after the Colonial Pipeline cyber-attack.
Many of the ransomware groups shut down their operations temporarily or permanently fearing increased law enforcement activity. On May 13, 2021, the administrator of the top-tier Russian-language dark web forum XSS banned ransomware groups on the forum.
Later on, May 14, 2021 other dark web forums Exploit, and Raid followed suit in banning ransomware. They claimed that while they were "glad to see pen testers, specialists, and coders on the forum, ransomware attracts "a lot of attention" and would be banned.
January 12, 2021 - DarkMarket, the world's largest illegal marketplace on the dark web, has been taken offline in an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the United Kingdom (the National Crime Agency), and the USA (DEA, FBI, and IRS). Europol supported the takedown with specialist operational analysis and coordinated the cross-border collaborative effort of the countries involved. Authorities say the darknet platform had half a million users, where drugs, counterfeit money, stolen credit card data, anonymous SIM cards and malware were traded.
The NetWalker ransomware has targeted a variety of victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Since the onset of the COVID-19 pandemic, attackers using NetWalker increasingly have targeted the healthcare sector.
In a January 27, 2021 statement, the Department of Justice said that as part of the action it has brought charges against Sebastien Vachon-Desjardins, a Canadian national, in connection NetWalker ransomware attacks where tens of millions of dollars were allegedly stolen.
Vachon-Desjardins is alleged to have obtained more than $27.6 million as a result of the offenses charged in the indictment. Additionally, the DoJ has seized roughly $454,530.19 in cryptocurrency from ransom payments and has disabled a dark web hidden resource used to communicate with NetWalker ransomware victims.
In February 1, 2021, FonixCrypter hacker group shut down their operations and released the master decryption key. "The FonixCrypter gang also closed its Telegram channel that was used to advertise the malware in the cybercrime underground," the report said.
The decryption key provided by the actors behind the Fonix ransomware appears to be legitimate, though it requires each file to be decrypted individually. The important thing is that they included the master key, which should enable someone to build a much better decryption tool.
February 6th, 2021 - The Ziggy ransomware operation has shut down and released the victims' decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims. Ziggy Ransomware admin announced on Telegram that they were shutting down their operation and would be releasing all of the decryption keys. After feeling guilty about their actions and concerns over recent law enforcement operations against Emotet and Netwalker ransomware, the admin decided to shut down and release all of the keys.
February 12th, 2021 - Three alleged members of the Egregor ransomware group were arrested, and their victim leak site was taken down through a joint operation between the French and Ukrainian police. The Egregor ransomware group operated as a RaaS and had over 200 public victims.
Egregor is a ransomware-as-a-service (RaaS) operation with multiple affiliates. A great number of Egregor affiliates were formerly tied to the Maze ransomware. Many believe Egregor is a follow up to Maze, because of:
May 2021 - After its blog and website went offline, DarkSide ransomware group announced it would be shutting down. Following the attack on Colonial Pipeline, DarkSide ransomware operators clearly knew the magnitude of fallout from the attack could spiral back toward the cybercrime group.
A couple of days after the incident, it apologized for the consequences of its attack and claimed it was just trying to make money, not create a gas shortage. "Hey, we're not that bad," the group seemed to be saying on its blog:
"Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."
June 16, 2021- Multiple suspects believed to be linked to the Clop (aka Cl0p) ransomware gang have been detained in Ukraine after a joint operation from law enforcement agencies in Ukraine, South Korea, and the United States.
The Clop ransomware gang has been operating since March 2019, when it first began targeting the enterprise using a variant of the CryptoMix ransomware. Clop will gain an initial foothold on a corporate computer to perform their attacks and then slowly spread throughout the network while stealing data and documents. When they have harvested everything of value, they will deploy the ransomware on the network to encrypt its devices.
The file had decryption keys for 2,934 victims of the Avaddon ransomware. The startling figure is another example of how many organizations never disclose attacks, as some reports have previously attributed just 88 attacks to Avaddon.
Avaddon is a relatively new ransomware-as-a-service operation which started up in March 2020. The threat group behind the operation recruited affiliates to conduct attacks and provided them with a portal through which they could generate copies of the ransomware to conduct their own attacks. All ransoms generated were then shared between the affiliate and the RaaS operator.
It is not uncommon for RaaS operations to suddenly stop and release the keys for victims that have not yet paid, but the timing of the shutdown suggests the RaaS operator may have got nervous with the increased focus of governments and law enforcement agencies on ransomware gangs.
795a8134c1