Discover and read the best of Twitter Threads about #Ransomware
Most recents (24)
Backup and Replication License Agreement goes brrr
I ACCEPT
I ACCEPT
Now here is the default config
ok let's #ransomware some servers! (in a lab of mine not for real coz it's NASTY!)
VMs go BRRRRR
But wait... we are gonna look at how we can PROTECT, RESPOND and RECOVER! I'm going to deploy @Veeam to help me (coz I like the product, it rocks!)
VMs go BRRRRR
But wait... we are gonna look at how we can PROTECT, RESPOND and RECOVER! I'm going to deploy @Veeam to help me (coz I like the product, it rocks!)
to start with I'm going to just do some PREP. We are going to need to think about Initial Access then Escalation to Domain Admin and then RAMPAGE!
I'm gonna thread some stuff whilst I build.. I'm going to start with using @VMware workstation PRO. I might do some stuff with the RACK mounted servers but let's see.
🛡️|| La Alcaldía de Medellín, Colombia, es víctima de Lockbit.
Entre los datos robados por el grupo de #ransomware, están reportes de homicidios y suicidios, además de información personal de funcionarios.
Repasemos como cuidarse de estos ataques digitales.
Va #CiberHilo 🧵
Entre los datos robados por el grupo de #ransomware, están reportes de homicidios y suicidios, además de información personal de funcionarios.
Repasemos como cuidarse de estos ataques digitales.
Va #CiberHilo 🧵
¿Qué es LockBit?
Es un grupo de ransomware que opera bajo el esquema ‘Secuestro de Datos como Servicio’, o RaaS.
Es decir, vender kits a otros para que puedan cometer ciberataques.
Operan desde 2019, y entre sus cientos de víctimas están organizaciones de México.
Es un grupo de ransomware que opera bajo el esquema ‘Secuestro de Datos como Servicio’, o RaaS.
Es decir, vender kits a otros para que puedan cometer ciberataques.
Operan desde 2019, y entre sus cientos de víctimas están organizaciones de México.
El pasado 11 de febrero, la Secretaría de Seguridad y Convivencia de Medellín sufrió un ataque de ransomware.
Se estiman 99 gigabytes de información que el grupo de ransomware amenaza con hacer públicas si la Alcaldía no accede a sus requerimientos.
Se estiman 99 gigabytes de información que el grupo de ransomware amenaza con hacer públicas si la Alcaldía no accede a sus requerimientos.
Das @BSI_Bund hat zum 1. Mal in seiner Geschichte eine Chefin! Herzlichen Glückwunsch an #ClaudiaPlattner (bisher CIO der EZB, davor CIO DBSystel), die Beweis dafür ist, dass man hochqualifizierte Frauen findet, in jedem Fachgebiet, wenn man es wirklich will. /1
Ich wünsche #ClaudiaPlattner im neuen Amt von Herzen viel Erfolg und bin schon sehr gespannt auf einen Kennenlerntermin im #Digitalausschuss des Bundestages. Ihre Aufgabe ist komplex, die Herausforderung groß, sowohl wg internat. als auch wg. nat. Rahmenbedingungen./2
#ClaudiaPlattner muss es schaffen, das @BSI_Bund in eine stärkere Unabhängigkeit vom @BMI_Bund zu führen u die Behörde als potenzielle Zentralstelle auszurichten, die Länder dabei ins Boot zu holen, um zB Kommunen besser unterstützen zu können. Das ist ein sehr dickes Brett./3
🚨 "Il Computer Security Incident Response Team Italia (Csirt-IT) dell’Agenzia per la Cybersicurezza Nazionale (ACN), ha rilevato un massiccio attacco" #hacker "tramite ransomware già in circolazione che prende di mira i server VMware ESXi".
2/n
Secondo l'agenzia, l'attacco è in corso in tutto il mondo e riguarda "qualche migliaio di server compromessi", da "Paesi europei come Francia – paese più colpito - Finlandia e Italia, fino al Nord America, in Canada e negli Stati Uniti".
Secondo l'agenzia, l'attacco è in corso in tutto il mondo e riguarda "qualche migliaio di server compromessi", da "Paesi europei come Francia – paese più colpito - Finlandia e Italia, fino al Nord America, in Canada e negli Stati Uniti".
3/n
I tecnici dell'Acn hanno già censito "diverse decine di sistemi nazionali verosimilmente compromessi e allertato numerosi soggetti i cui sistemi sono esposti ma non ancora compromessi".
I tecnici dell'Acn hanno già censito "diverse decine di sistemi nazionali verosimilmente compromessi e allertato numerosi soggetti i cui sistemi sono esposti ma non ancora compromessi".
#LOPMI et cybercriminalité
quelques nouveautés:
1/ Création d'une infraction spécifique visant les market place sur le #Darkweb et les plateformes d'Escrow (+ intégration dans les techniques spéciales d'enquête)👇
quelques nouveautés:
1/ Création d'une infraction spécifique visant les market place sur le #Darkweb et les plateformes d'Escrow (+ intégration dans les techniques spéciales d'enquête)👇
2/ Encadrement du paiement des rançons suite à une cyber attaque (notamment par #ransomware)
(entrée en vigueur dans 3 mois)
(entrée en vigueur dans 3 mois)
3/ Augmentation du quantum de peines encourues pour les atteintes aux STAD (piratage, etc)
1/8 A few months back, we stopped a #ransomware attack by the group #BlackBasta. We spent a lot of time studying their backend servers, malware and more.
If you're interested in #ransomware, then you'll want to read this story...
If you're interested in #ransomware, then you'll want to read this story...
2/8 It ends up that the #BlackBasta gang uses victims networks to log back into their own network! The leads to some interesting monitor opportunities.
This allowed us to monitor _them_.
On the victims servers, we deploy "clip board" monitoring.
This allowed us to monitor _them_.
On the victims servers, we deploy "clip board" monitoring.
3/8 This means we could see everything the attacker "cuts and pastes" within the victims environment. This includes passwords, commands, Russian comments, etc.
We are publishing it all.
We are publishing it all.
Here is how #platforms die: first, they are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. 1/
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
pluralistic.net/2023/01/21/pot… 2/
pluralistic.net/2023/01/21/pot… 2/
I call this #enshittification, and it is a seemingly inevitable consequence arising from the combination of the ease of changing how a platform allocates value, combined with the nature of a "two sided market." 3/
Thread zur aktuellen Recherche (€): @ReneReh1 und ich haben den Unis und Hochschulen auf den Zahn gefühlt. Das Ergebnis ist erschreckend: Wir haben viele kritische Sicherheitslücken gefunden. Und Daten, die wirklich niemand zu Gesicht bekommen sollte. zeit.de/2023/04/it-sic…
Wir haben 73 Hochschulen getestet - die Wikipedia-Liste aller dt Hochschulen, sortiert nach Größe. Eine erste kühne Idee war, alle 421 zu testen. Aber die Recherche lief völlig aus dem Ruder, weil 15 der ersten 73 (jede fünfte Uni!) schon teils massive Sicherheitslücken aufwiesen
Bei mindestens drei Unis fanden wir potentielle Einfallstore für #Ransomware-Banden mit teils unverschlüsselt abgelegten Passwörtern etc. Viele Unis hatten massive Datenlecks. Die Daten zu sichten und vor allem die Lücken zu melden, war extrem zeitaufwendig. Und schockierend.
Did the #ransomware attack at @HaverAnalytics result in an inadvertent #FOMC projection error?
🧵
1/5
#FOMC presser (12/14) contained a statement by #Powell that seemed at odds with incoming data
- #Powell said “we’re going into next year with higher inflation” vs Sept FOMC
🧵
1/5
#FOMC presser (12/14) contained a statement by #Powell that seemed at odds with incoming data
- #Powell said “we’re going into next year with higher inflation” vs Sept FOMC
2/5
As their SEP (survey of economic projections) shows:
- ‘22 raised 4.8% vs 4.5%
- this raised 2023 inflation
- and added to “higher for longer”
As their SEP (survey of economic projections) shows:
- ‘22 raised 4.8% vs 4.5%
- this raised 2023 inflation
- and added to “higher for longer”
3/5
But here is what is at ‘odds’
- the MoM% chg in inflation
- would have to be staggeringly high to get to #Fed 4.8%
But here is what is at ‘odds’
- the MoM% chg in inflation
- would have to be staggeringly high to get to #Fed 4.8%
🚨 NEW REPORT ALERT
FIN7 UNVEILED: A deep dive into notorious cybercrime gang
The big day is finally here! 🎊After months of tireless research and analyses, we can present you with the most insightful information: an extensive report on the notorious #cybercrime gang #FIN7.
FIN7 UNVEILED: A deep dive into notorious cybercrime gang
The big day is finally here! 🎊After months of tireless research and analyses, we can present you with the most insightful information: an extensive report on the notorious #cybercrime gang #FIN7.
Thanks to the PTI team, we obtained never-seen-before information about FIN7’s inner workings. We got a deeper understanding of their organizational structures, identities, attack vectors, and proof-supported affiliations with other ransomware groups, among others.
The most enticing remarks of the report are:
🔹 Unveiling FIN7’s development of an auto attack system to exploit the most profitable targets based on their revenue, employee count, headquarters’ location, and website information
Read more👇
🔹 Unveiling FIN7’s development of an auto attack system to exploit the most profitable targets based on their revenue, employee count, headquarters’ location, and website information
Read more👇
🚨New #MicrosoftExchange #vulnerabilities were disclosed, including CVE-2022-41040 and CVE-2022-41082. Threat actors can easily exploit the new vulnerabilities, and bypass #ProxyNotShell URL rewrite mitigations, resulting in many companies facing further #ransomware #attacks.
An example of what such an exploit can do is shown in the picture below, where the #threat actor #FIN7 developed tailored systems to quickly discover and infiltrate the high-value targets by performing mass scans using #Microsoft #exchange #vulnerabilities.
Our PTI team has already observed activities involving recent vulnerabilities in the wild. Therefore, #PRODAFT recommends that companies fix the vulnerabilities as soon as possible to avoid serious consequences.
553 days ago, Steve Morgan's astronomically large yet unexplained #guesstimate for "the cost of cybercrime" exceeded the entire U.S. national debt.
Morgan has bragged that his wild-ass guess is already larger "than the global drug trade":
Morgan has bragged that his wild-ass guess is already larger "than the global drug trade":
1/🧵
"Staggering" is ✌️right✌️ — it amazes me how often Steve Morgan's absurdities #dupe cyber experts like @dralissajay, @WaleMicaiah, @lhmphaphuli, @KenBeattyJr, @eSentire, @LilyLopate, etc.
So, let's chart him against the GLOBAL GROSS DOMESTIC PRODUCT
"Staggering" is ✌️right✌️ — it amazes me how often Steve Morgan's absurdities #dupe cyber experts like @dralissajay, @WaleMicaiah, @lhmphaphuli, @KenBeattyJr, @eSentire, @LilyLopate, etc.
So, let's chart him against the GLOBAL GROSS DOMESTIC PRODUCT
2/🧵
This chart plots Steve Morgan's asinine #guesstimates against WorldBank.org's figures for the 2015-2021 Global Gross Domestic Product with projections up to 2024. For 2025 onward, these charts show a 2.5% increase from an acceptable 2-3% for a healthy global GDP.
This chart plots Steve Morgan's asinine #guesstimates against WorldBank.org's figures for the 2015-2021 Global Gross Domestic Product with projections up to 2024. For 2025 onward, these charts show a 2.5% increase from an acceptable 2-3% for a healthy global GDP.
👇🧵Here are 10 reliable tools we use for research and discovery in the darkweb. A thread >> 🧵 1/12
Fresh Onions 🧅 - long-standing, ultra-reliable spider/scraper. Updates every few hours. Shows the Up/Down status of each site and its age. Many mirrors, #opensource 2/12 …hdrww7wnt5qmkoertwxmcuvm4woo4ad.onion
Ahmia Search - probably the closest you will get to “Google” on the Dark Web. Ahmia is stable, with reliably interesting results. Results can also be filtered by age, which not all engines allow for. 3/12
…ldy2hlmovfu2epvl5ankdibsot4csyd.onion
…ldy2hlmovfu2epvl5ankdibsot4csyd.onion
Vu que le sujet #cybersécurité arrive chez les avocats (c'est très bien), quelques conseils pour les avocat(e)s qui me suivent:
- pas de boite mail en Gmail, Outlook, etc (Cloud Act)
- choisissez un hébergeur 🇫🇷 et faites votre propre serveur de messagerie / site web
👇
- pas de boite mail en Gmail, Outlook, etc (Cloud Act)
- choisissez un hébergeur 🇫🇷 et faites votre propre serveur de messagerie / site web
👇
- pas de double emploi des téléphones / ordinateurs:
-> un téléphone / ordinateur pour le travail
-> un téléphone / ordinateur pour la vie privée
- Attention à la SSI des cabinets (wifi notamment).
En déplacement, usage d'un VPN impératif
👇
-> un téléphone / ordinateur pour le travail
-> un téléphone / ordinateur pour la vie privée
- Attention à la SSI des cabinets (wifi notamment).
En déplacement, usage d'un VPN impératif
👇
- Sauvegardes impératives et régulières des données pour anticiper le risque #ransomware
- ne pas utiliser une session administrateur sur vos ordinateurs, en particulier sur Windows. 👇
- ne pas utiliser une session administrateur sur vos ordinateurs, en particulier sur Windows. 👇
👇Here are the top #macOS malware we saw in 2022, a thread 🧵👇
1. #Shlayer malware is one of the top macOS malware discoveries in 2022. It's known for disguising itself as a legitimate Adobe Flash Player update.
2. #EvilQuest #ransomware has made its way onto macOS systems, encrypting user files and demanding a ransom to restore access.
Here's a list of 5 FREE Cybersecurity trainings.
🧵👇
.
.
.
#bugbounty #cybersecurity #infosec #hacking #tech #learninig #datasecurity #linux #ransomware #ethicalhacking #cybersecuritytraining #cybersecurityawareness #malware #informationsecurity #isecurity
🧵👇
.
.
.
#bugbounty #cybersecurity #infosec #hacking #tech #learninig #datasecurity #linux #ransomware #ethicalhacking #cybersecuritytraining #cybersecurityawareness #malware #informationsecurity #isecurity
🛡️Cuba Ransomware, un grupo de cibercriminales que ha robado más de 60 millones de dólares en el mundo.
¿Sabías que el secuestro de datos es una de las mayores amenazas digitales en el mundo?
Veamos de que trata y como protegerte.
🖥️
¿Sabías que el secuestro de datos es una de las mayores amenazas digitales en el mundo?
Veamos de que trata y como protegerte.
🖥️
El @FBI y la @CISAgov lanzaron un comunicado conjunto sobre la amenaza de #Cuba #Ransomware.
En agosto recaudó más de $ 60 millones en rescates después de atacar a más de 100 entidades en todo el mundo.
En diciembre, logró vulnerar a la infraestructura 49 organizaciones de 🇺🇸.
En agosto recaudó más de $ 60 millones en rescates después de atacar a más de 100 entidades en todo el mundo.
En diciembre, logró vulnerar a la infraestructura 49 organizaciones de 🇺🇸.
El FBI y CISA agregaron que la banda de ransomware ha ampliado sus tácticas, técnicas y procedimientos (TTP) desde principios de año.
También se han relaciones con cibercriminales como RomCom RAT (troyano de acceso remoto) y el grupo de ransomware Industrial Spy.
También se han relaciones con cibercriminales como RomCom RAT (troyano de acceso remoto) y el grupo de ransomware Industrial Spy.
NEW: "The greatest long-term threat to out nation's ideas, innovation & economic security, our national security, is that from #China" @FBI Dir Christopher Wray tells House Homeland Security Committee
"The Chinese gvt aspires to equal or surpass the US as a global superpower & influence the world w/a value system shaped by undemocratic authoritarian ideals" per @FBI's Wray "We are confronting that threat head-on"
Der #Digitalausschuss des Bundestages besucht mit 1 Delegation Japan u Südkorea. heute früh: Besuch Vizeminister im Min. für Inneres u Telekommunikation Takeuchi Yoshiaki. Glasfaser gibts in Japan in 2027 für 99.9% der Haushalte, zZ haben < 170.000 HH keine Glasfaser.
#btADiJpKor
#btADiJpKor
Unsere (demokratischen) Delegationsmitglieder des #btADi aus dem Bundestag sind: @maik_aussendorf @CatarinaDosSa @Hansjoerg_Durz @JensZSPD @max_fksr #btADiJpKor
Anschließend Besuch bei @NTTDocomoNews Tokio, Infos u Austausch zu #5G u #6G. Fotos posten aus dem Lab war leider verboten. 6G erwartet man in Japan kommerziell spätestens 2030, 5G ist hier schon fast überall verfügbar. 6G ist noch 100mal schneller als 5G! #btADiJpKor
NEW: #Russia's war in #Ukraine & #cyber - "We have learned a tremendous amount" @CYBERCOM_DIRNSA Gen. Paul Nakasone tells @CFR_org
Says #Ukraine has hardened its networks & has been a step ahead of the Russians in #cyberspace
Says #Ukraine has hardened its networks & has been a step ahead of the Russians in #cyberspace
"Having 10 folks on the ground that are tied back to our command & our agency, that's power I think is really helpful" per @CYBERCOM_DIRNSA re US #cyber aid to #Ukraine
Says US "surged to well over 30...we flooded the zone" to help #Kyiv in #cyber
Says US "surged to well over 30...we flooded the zone" to help #Kyiv in #cyber
📢 📖 C’est avec un immense plaisir que je vous annonce la sortie de mon livre "Cyberattaques, les dessous d’une menace mondiale" ! Tous les détails dans le fil 🧵 /1
Cet ouvrage, c’est plus d’un an de travail visant à décrypter pour le grand public les affrontements entre les attaquants et les défenseurs de notre monde numérique. /2
🖐 Au-delà des classiques listes d’attaques et de bonnes pratiques de sécurisation, j’ai souhaité donner une dimension humaine à ce livre. /3
1/ So, site impersonating @Fortinet downloads signed MSI that uses Powershell to run #BatLoader, if the user is connected to a domain (corporate network) it deploys:
1) #Ursnif (Bot)
2) #Vidar (Stealer)
3) #Syncro RMM (C2)
4) #CobaltStrike
And possibly
5) #Ransomware 💥
1) #Ursnif (Bot)
2) #Vidar (Stealer)
3) #Syncro RMM (C2)
4) #CobaltStrike
And possibly
5) #Ransomware 💥
2/ For initial deployment they use NirCmd, NSudo and GnuPG (to encrypt payloads) among other utilities.
* Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}" -Recurse
* Remove-Encryption -FolderPath $env:APPDATA -Password '105b'
* Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}" -Recurse
* Remove-Encryption -FolderPath $env:APPDATA -Password '105b'
3/ The websites are boosted through SEO poisoning and impersonate brands such as @Zoom, @TeamViewer, @anydesk, @LogMeIn, @CCleaner, #FileZilla and #Winrar among others.
/teamviewclouds.com
/zoomcloudcomputing.tech
/logmein-cloud.com
/teamcloudcomputing.com
/anydeskos.com
/teamviewclouds.com
/zoomcloudcomputing.tech
/logmein-cloud.com
/teamcloudcomputing.com
/anydeskos.com
New: #Ukraine bracing for new round of #Russia|n cyber attacks targeting its energy, financial sectors, Deputy Minister of Digital Transformation Georgii Dubynskyi tells reporters
"We saw this scenario before-before the winter they [#Russia] are trying to find a way how to undermine, how to defeat our energy system & how to make circumstances even more severe for Ukrainians" per Dubynskyi
#Russia also trying to employ "precision" #cyberattacks
"Using social engineering & using some traitors...so it's also possible #hybrid attacks as well" per Dubynskyi
"Using social engineering & using some traitors...so it's also possible #hybrid attacks as well" per Dubynskyi
