Loading...

FBI Warns of Ransomware Attackers Using Sophisticated Program

April 26, 2022 by Tom Ramstack
FBI Warns of Ransomware Attackers Using Sophisticated Program
FBI Headquarters. (Photo by Dan McCue)

WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations since last month with a new generation of a sophisticated programming language. 

The targets of the ransomware attacks have included a Swiss airport management company and two German oil suppliers.

About 30% of the attacks with the Rust programming language have infiltrated U.S. organizations. Rust is considered a secure programming language that is difficult for the victims to deactivate.

The FBI accuses the malware group BlackCat, sometimes known as DarkSide, of the attacks. 

DarkSide is blamed for the May 2021 Colonial Pipeline ransomware incident.

The sophistication of the attacks shows the BlackCat gang is affiliated with other money launderers and data thieves, indicating “they have extensive networks and experience with ransomware operations,” the FBI advisory says. 

Their “ransomware leverages previously compromised user credentials to gain initial access to the victim system. Once the malware establishes access, it compromises Active Directory user and administrator accounts,” the FBI said.

Even if the network owners restore their service, the gangs represent an ongoing threat from the data they steal.

The gang “steals victim data prior to the execution of the ransomware, including from cloud providers where company or client data was stored,” the FBI reported.

The U.S. Justice Department says the ransomware gangs are most likely based in Russia but do not have official government sponsorship. Nevertheless, the Russian government has made almost no effort to shut them down.

In DarkSide’s most infamous attack, it shut down Colonial Pipeline Company’s 5,500-mile pipeline that carries 45% of the fuel used on the East Coast of the United States from its source in Texas.

Service was restored after five days on May 12, 2021, but not before the company paid a $4.4 million ransom in bitcoin. The Justice Department later recovered $2.3 million of the ransom from an account in California.

The FBI did not say in its recent advisory how much damage was done by BlackCat to U.S. computer networks. It also did not name the victims.

Instead, it gave a list of suggested security measures for network owners.

Tom can be reached at tom@thewellnews.com

In The News

Health

Voting

Cybercrime

September 9, 2022
by Madeline Hughes
CISA Looking to Change Cybercrime Reporting Rules

WASHINGTON — As cybercrimes are on the rise, the Cybersecurity and Infrastructure Security Agency is asking people, businesses and other... Read More

WASHINGTON — As cybercrimes are on the rise, the Cybersecurity and Infrastructure Security Agency is asking people, businesses and other organizations for feedback on what its new reporting rules should look like. The agency released the eight-page request for information Friday asking people how the agency... Read More

July 28, 2022
by Dan McCue
$10M Award Offered for Info on Foreign Interference in US Elections

WASHINGTON — The State Department is offering a reward of up to $10 million for information on foreign interference in... Read More

WASHINGTON — The State Department is offering a reward of up to $10 million for information on foreign interference in U.S. elections.  The effort, which is being administered by the department’s Rewards for Justice program, is seeking information leading to the identification or location of any... Read More

May 18, 2022
by Dan McCue
Federal Agencies Told to Act Quickly to Turn Back Cyberthreat

WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning... Read More

WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning they should quickly take steps to protect themselves from vulnerabilities found in VMware. VMware is a cloud computing and virtualization technology company headquartered in Palo Alto,... Read More

May 6, 2022
by Madeline Hughes
Cybercrime Tracking Bill Signed Into Law

WASHINGTON — The Department of Justice can now get a handle on the number of cybercrimes happening in the U.S.... Read More

WASHINGTON — The Department of Justice can now get a handle on the number of cybercrimes happening in the U.S. after President Joe Biden signed a bill into law Thursday granting the department the ability to track crimes that have become increasingly prevalent in recent years.... Read More

May 4, 2022
by Tom Ramstack
Russian Cyberthreats Create Alarms at Senate Homeland Security Hearing

WASHINGTON — Lawmakers at a Senate hearing renewed warnings Wednesday that Russian cyberattacks remain a serious threat as the United... Read More

WASHINGTON — Lawmakers at a Senate hearing renewed warnings Wednesday that Russian cyberattacks remain a serious threat as the United States and allies continue their support for Ukraine. In the latest move, the European Union announced Tuesday it would end all oil imports from Russia in... Read More

April 26, 2022
by Tom Ramstack
FBI Warns of Ransomware Attackers Using Sophisticated Program

WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations... Read More

WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations since last month with a new generation of a sophisticated programming language.  The targets of the ransomware attacks have included a Swiss airport management company and... Read More

News From The Well