Image source Pexels

Germany, France and the UK also experienced more ransomware attacks, but at a lower rate than the US. The report lists 48 different ransomware gangs attacking U.S. companies, government agencies, and ordinary consumers during this time period, and to make matters worse, healthcare and educational institutions were disproportionately affected. Dental insurer Managed Care of North America (MCNA), for example, suffered a data breach in March, and the New York City Department of Education was hacked in June.

It’s worth noting that Malwarebytes’ research only shows incidents that have been reported, so the actual number of attacks could be much higher than 1,900. The whole point of a ransomware attack is to demand a ransom, so some organizations pay the ransom and keep silent.

Note: A ransomware attack is a type of malware specifically designed to prevent users and organizations from accessing files on their computers. The software locks all files and gives the victim a decryption key after paying a ransom to regain access to the files.

The post Global Ransomware Attacks Hit Record High, U.S. a Top Target appeared first on TechGoing.

Image Source Pexels

Deputy Attorney General Lisa Monaco said at a news conference, “Simply put, we hacked the hackers, using legal means.”

The FBI claims to have quietly gotten its hands on more than 300 decryption keys by secretly hacking into Hive servers and passing them back to victims whose data was locked up by the organization. In his statement, U.S. Attorney General Merrick Garland said that in the past few months, the FBI used the decryption keys to “rescue” a Texas school district facing a $5 million ransom, a Louisiana hospital that was asked to pay $3 million, and an unnamed food service company facing a $10 million ransom. unnamed food service company.

We turned the tables on Hive and broke their business model,” said Monaco, who was once considered one of the top five ransomware threats by the FBI. According to the Department of Justice, Hive has received more than $100 million in ransom payments from victims since June 2021.”

Hive’s “Ransomware as a Service (RaaS)” model is to create and sell ransomware, then recruit “affiliates” to go out and deploy it, with Hive administrators taking 20 percent of all proceeds, and if someone refuses to pay, the ransomware is distributed on If someone refuses to pay, the stolen data is published on the “HiveLeaks” website. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the methods used by these affiliates included email phishing, exploiting a FortiToken authentication vulnerability, and gaining access to the company’s VPN and remote desktops (using RDP), which can only be protected by single-factor logins.

Hive is the largest ransomware group taken down by the FBI since REvil in 2021, which had leaked the Apple vendor’s MacBook schematics.

While conducting surveillance on Hive, the FBI found more than 1,000 encryption keys associated with the group’s previous victims, and FBI Director Christopher Wray noted that only 20 percent of the discovered victims reached out to the FBI for help. Many victims of ransomware attacks do not contact the FBI because they fear backlash from hackers and scrutiny of their industry for failing to protect themselves.

The FBI hopes to convince more victims to come forward and cooperate with them rather than give in to the hackers’ demands.

The post FBI Successfully “Hacks” Ransomware Group Hive Servers appeared first on TechGoing.

Microsoft analyzed anonymous data on real threat activity, and according to the report, Microsoft found that more than 80 percent of ransomware attacks can be traced to common configuration errors in software and devices. These errors include: applications being in a default state that allows access to users across the network; security tools being untested or improperly configured; cloud applications being set up in a way that makes it easy for unauthorized intruders to gain access; and organizations not applying Microsoft’s attack surface reduction rules, which allows attackers to use macros and scripts to run malicious code.

Ransomware attackers are looking for exactly these misconfigurations as they seek out vulnerable targets for ransomware attacks and often the threat of double ransom attacks, in which cybercriminals steal sensitive data and threaten to publish it if they don’t pay.

Microsoft warns that the attacks are made more severe by the growth of the ransomware-as-a-service (RaaS) ecosystem, which allows attackers lacking the technical expertise to create and develop their own ransomware to carry out attacks and extort ransoms. RaaS kits are relatively easy to find on underground forums and some include customer support, providing criminals with all the help they need. Some of these ransomware kits are sold through a subscription model, while others are based on an affiliate model in which the developer takes a portion of the profits from each ransom payment for the decryption key.

To prevent cybercriminals from taking advantage of common mistakes and misconfigurations, Microsoft detailed several recommendations for improving cybersecurity. These recommendations include closing security blind spots by verifying that cybersecurity tools and programs are properly configured in a way that protects the system while disabling macros and other scripts commonly utilized by cybercriminals to execute malicious code.

The report also recommends improving the security of people, networks and cloud services through the use of multi-factor authentication, which can prevent cybercriminals from using stolen usernames and passwords to carry out attacks. Organizations should also apply security patches and updates as soon as possible to prevent attackers from being able to exploit known vulnerabilities.

The post Microsoft: Most ransomware attacks take advantage of common cybersecurity mistakes appeared first on TechGoing.