ransomware

Ransomware criminals are dumping kids’ private files online after school hacks

Frank Articles , , ,

BY FRANK BAJAK, HEATHER HOLLINGSWORTH AND LARRY FENN

July 5, 2023

The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.

Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Other exposed data included medical records, discrimination complaints, Social Security numbers and contact information of district employees.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. “In this case, everybody has a key,” said cybersecurity expert Ian Coldwater, whose son attends a Minneapolis high school.

MORE

Review: The digital sleuths who demystified cryptocurrency

Frank Articles , , , , , , , , ,

By FRANK BAJAK
December 5, 2022

“Tracers In The Dark” by Andy Greenberg (Doubleday)

The year was 2011. Cryptocurrency was a little-understood novelty, and Sen. Chuck Schumer called a news conference to vent outrage over a one-stop online shop for illegal drugs whose technology made sellers “virtually untraceable.”

The New York lawmaker’s description of Silk Road helped seed a persisting myth that technology reporter Andy Greenberg exhaustively dispels in “Tracers in the Dark,” that transactions of Bitcoin and other cryptocurrencies can’t be tracked.

Greenberg sketches the evolution of a wholly new discipline in the surprisingly lively real-life police procedural, following law officers and programmers who invent and deploy cryptocurrency-tracking tools to catch a new breed of criminal. They take down Silk Road and other “dark web” markets and merchants, finger crypto money launderers and snare the sysadmin and users of Welcome to Video, a major South-Korea-based distributor of child sexual abuse material.

Best of the action are two takedown dramas. A young Quebecois behind the AlphaBay dark web market, Alexandre Cazes, lives large in Thailand, rocketing around in a Lamborghini, running up $12,000 restaurant bills and boasting of adulterous sexploits online. The other takedown is of a DEA agent and a Secret Service agent who illegally enriched themselves off Silk Road while investigating it – each wholly on their own.

MORE

In crosshairs of ransomware crooks, cyber insurers struggle

Frank Articles , , ,

By FRANK BAJAK

July 5, 2021

BOSTON (AP) — In the past few weeks, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered.

Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much cyber insurance coverage the victims have. Knowing what victims can afford to pay can give them an edge in ransom negotiations. The cyber insurance industry, too, is a prime target for crooks seeking its customers’ identities and scope of coverage.

FILE - In this Feb. 21, 2019, file photo, people stand in front of the logo of AXA Group prior to the company's 2018 annual results presentation, in Paris. The cyber insurance industry, once a profitable niche, is now in the crosshairs of ransomware criminals. Pressure is building on the industry to stop reimbursing for ransoms, but so far only one major cyber insurer, AXA, is doing so — and only with new policies in France. To try to absorb the growing onslaught and stay profitable, insurers are retooling coverage, demanding clients up their security. (AP Photo/Thibault Camus, File)

Before ransomware evolved into a full-scale global epidemic plaguing businesses, hospitals, schools and local governments, cyber insurance was a profitable niche industry. It was accused of fueling the criminal feeding frenzy by routinely recommending that victims pay up, but kept many from going bankrupt.

Now, the sector isn’t just in the criminals’ crosshairs. It’s teetering on the edge of profitability, upended by a more than 400% rise last year in ransomware cases and skyrocketing extortion demands. As a percentage of premiums collected, cyber insurance payouts now top 70%, the break-even point.

FULL STORY

EXPLAINER: No ransomware silver bullet, crooks out of reach

Frank Articles ,

By FRANK BAJAK

April 29, 2021

BOSTON (AP) — Political hand-wringing in Washington over Russia’s hacking of federal agencies and interference in U.S. politics has mostly overshadowed a worsening digital scourge with a far broader wallop: crippling and dispiriting extortionary ransomware attacks by cybercriminal mafias that mostly operate in foreign safe havens out of the reach of Western law enforcement.

Stricken in the United States alone last year were more than 100 federal, state and municipal agencies, upwards of 500 health care centers, 1,680 educational institutions and untold thousands of businesses, according to the cybersecurity firm Emsisoft. Dollar losses are in the tens of billions. Accurate numbers are elusive. Many victims shun reporting, fearing the reputational blight.

All the while, ransomware gangsters have become more brazen and cocky as they put more and more lives and livelihoods at risk. This week, one syndicate threatened to make available to local criminal gangs data they say they stole from the Washington, D.C., metro police on informants. Another recently offered to share data purloined from corporate victims with Wall Street inside traders. Cybercriminals have even reached out directly to people whose personal info was harvested from third parties to pressure victims to pay up.

“In general, the ransomware actors have gotten more bold and more ruthless,” said Allan Liska, an analyst with the cybersecurity firm Recorded Future.

On Thursday, a public-private task force including Microsoft, Amazon, the National Governors Association, the FBI, Secret Service and Britain and Canada’s elite crime agencies delivered to the White House an 81-page urgent action plan for an aggressive and comprehensive whole-of-government assault on ransomware.

FULL STORY

Tech audit of Colonial Pipeline found ‘glaring’ problems

Frank Articles , , ,

By FRANK BAJAK

May 12, 2021

BOSTON (AP) — An outside audit three years ago of the major East Coast pipeline company hit by a cyberattack found “atrocious” information management practices and “a patchwork of poorly connected and secured systems,” its author told The Associated Press.

“We found glaring deficiencies and big problems,” said Robert F. Smallwood, whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. “I mean an eighth-grader could have hacked into that system.”

How far the company, Colonial Pipeline, went to address the vulnerabilities isn’t clear. Colonial said Wednesday that since 2017, it has hired four independent firms for cybersecurity risk assessments and increased its overall IT spending by more than 50%. While it did not specify an amount, it said it has spent tens of millions of dollars.

FULL STORY

How the Kremlin provides a safe harbor for ransomware

Frank Articles

By FRANK BAJAK
April 16, 2021

BOSTON (AP) — A global epidemic of digital extortion known as ransomware is crippling local governments, hospitals, school districts and businesses by scrambling their data files until they pay up. Law enforcement has been largely powerless to stop it.

One big reason: Ransomware rackets are dominated by Russian-speaking cybercriminals who are shielded — and sometimes employed — by Russian intelligence agencies, according to security researchers, U.S. law enforcement, and now the Biden administration.

On Thursday, as the U.S. slapped sanctions on Russia for malign activities including state-backed hacking, the Treasury Department said Russian intelligence has enabled ransomware attacks by cultivating and co-opting criminal hackers and giving them safe harbor. With ransomware damages now well into the tens of billions of dollars, former British intelligence cyber chief Marcus Willett recently deemed the scourge “arguably more strategically damaging than state cyber-spying.”

Convicted money-launderer Aleksander Vinnik

The value of Kremlin protection isn’t lost on the cybercriminals themselves. Earlier this year, a Russian-language dark-web forum lit up with criticism of a ransomware purveyor known only as “Bugatti,” whose gang had been caught in a rare U.S.-Europol sting. The assembled posters accused him of inviting the crackdown with technical sloppiness and by recruiting non-Russian affiliates who might be snitches or undercover cops.

READ MORE