A federal indictment unsealed today charges three North Korean computer programmers with participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently…
Category: Of Note
Jones Day disputes claimed breach; points to hacked vendor; hacker points back to them (UPDATE2)
Although Jones Day failed to respond to multiple inquiries sent to it by this site about a ransomware attack claimed by CLOP threat actors*, the giant law firm apparently responded to inquiries by the Wall Street Journal. Their statement, however, omits important information and has been disputed by the threat actors. WSJ reports, in part:…
Conti ransomware: Evasive by nature
In part of a three-part series, Andrew Brandt and Anand Ajjan of Sophos write: For the past several months, both SophosLabs and the Sophos Rapid Response team have been collaborating on detection and behavioral analysis of a ransomware that emerged last year and has undergone rapid growth. The ransomware, which calls itself Conti, is delivered…
Will this Utah proposal quash lawsuits from victims of data breaches?
Art Raymond reports: Should consumers have the right to sue a company that allows their personal information to be stolen by data thieves? Under a proposal moving quietly through the 2021 Utah legislative session, the bar for filing such a lawsuit would be raised considerably in the event that a company has taken at least…
Egregor ransomware operators arrested in Ukraine
Catalin Cimpanu reports: Members of the Egregor ransomware cartel have been arrested this week in Ukraine, French radio station France Inter reported on Friday, citing law enforcement sources. […] According to the France Inter report, the arrested suspects are believed to some of these “affiliates” (or partners) of the Egregor gang, which help prop up…
What makes us human: countering the accidental insider cyber threat
Philip Bridge writes: […] The Information Commissioner’s Office (ICO) has been keen to change the perception that a data breach can only occur through the actions of someone outside the organisation. Instead, it defines a breach as “any event that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal…