Getting your Trinity Audio player ready...
|
The Federal Bureau of Investigation (FBI), together with the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a joint statement warning residents in the United States of the threat of a ransomware criminal enterprise.
The warning is part of the #StopRansomware campaign that sheds light on the activity of Vice Society, a hacking group using ransomware to attack systems. According to the joint cybersecurity Advisory (CSA) details, the three agencies warn that Vice Society has earned a fearsome reputation for targeting schools in the country.
“Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to and theft of personal information regarding students and staff,” the CSA warns.
To combat the threat of Vice Society, the FBI calls on residents to report any information leading to the arrest of the perpetrators. The CSA notes that information such as BTC wallet information, IP addresses, and other details like ransom notes will help track down the bad actors.
Vice Society gains access to systems through compromised credentials “by exploiting internet-facing applications,” according to the joint statement. Before the strike, the criminals probe potential victims for soft spots and use various tools like PowerShell Empire, SystemBC, and Cobalt Strike.
Other modes of operation include masking their tools as legitimate files, leveraging scheduled tasks, and running scripts to change victims’ passwords. Citizens have been warned to maintain offline backups of data, scrutinize the status of all third-party vendors, and utilize phishing-resistant multi-factor authentication for services.
Law enforcement following the trail
Law enforcement agencies are hot on the trail of malware groups and have scored some wins over them, including the recovery of around $2.3 million out of the $4.4 million ransom paid to the hackers of Colonial Pipeline. Wall Street Journal reports that the FBI followed the money trail as the hackers moved funds across six different addresses after receiving the ransom.
In the Netherlands, law enforcement agents recovered the ransom paid by Maastricht University (UM) in 2019. A hack froze the university’s data and library resources, forcing it to disburse $200,000 to recover the stolen data. Against all odds, the Netherlands Public Prosecution Service successfully recovered the funds, proving that law enforcement is catching up with bad actors.
Watch: The BSV Global Blockchain Convention presentation, Sentinel Node: Blockchain Tools to Improve Cybersecurity