TronWeekly

Crypto World News

You are here: Home / Archives for Crypto Ransom

Crypto Ransom

Cryptocurrency Ransom Escalated by 200% in 2019

by

According to a report published by digital forensics firm, Crypsis Group, the already operational surging trend in demand of ransoms by criminals is growing. As per the data, cryptocurrency ransom Escalated sharply by 200 percent from 2018 to 2019.

The 2020 Incident Response and Data Breach Report published by Crypsis Group indicates that it’s not astonishing that cyber criminals have demanded outrageous cryptocurrency ransoms over the last three years. According to the firm, the average amount demanded by cyber criminals was $115,123.

Cryptocurrency ransom demands on the rise

Moreover, the digital forensics firm noted that cyber criminals are changing their strategies to focus on enterprises in their ransomware attacks. As per the report, the attackers cautiously select their victims, so as to target those with the capability to pay huge amounts. Tactics used by criminals are gradually advancing over time.

Indeed, these new strategies have also manifestly adjusted pretty well, to conquer defense strategies put in place by the unfortunate victims. Additionally, the report highlighted that last year saw the rise of ransomware alterations like Phobos, Sodinokibi (or “REvil”) and Ryuk claiming that their strategies are “highly effective.”

Ryuk ransomware was the most widespread variant back in 2019 according to the digital forensics company. The report notes that cyber criminals depend on a banking trojan called TrickBot, to deploy their scam and criminal activities to the victims. 

Common ransomware attacks

Back in Q4 2019, the most common type of ransomware was Sodinokibi on incidents count. In fact, Sodinokibi is a ransomware-as-a-Service but only facilitates a fixed amount of ransomware affiliates to spread the ransomware.

Furthermore, Ryuk was also prevalent in terrorizing large enterprises during Q4 of 2019. Additionally, it was the second most popular after Sodinokibi. The median amount of ransomware demand by Ryuk skyrocketed sharply which was responsible for the majority of the hike in the average ransom payment doubling in Q4 2019.

Monero Mining Malware has Infected 1000 Corporate Computers 

by

Since December 2019, more than 1,000 corporate computer systems have been infected with Blue Mockingbird malware by cyber criminals. The global spread of Monero mining malware was reported by Red Canary Cloud Security Company on May 26.

According to the report, monero mining malware attacks servers running ASP.NET applications and is most vulnerable to installing a web shell on the attack system. This inturn gives the administrator level of malware access to change the server settings.

Furthermore, the attackers are installing the XMRRig application to exploit the resources of the hacked system. According to Red Canary, the majority of the computer systems used are owned by big corporations, but the cloud security firm did not reveal names.

Remote Desktop Protocol’s weaknesses exploited by Monero mining malware

The cybercriminals utilized the weaknesses in the Remote Desktop Protocol in Windows operating system to access the computer systems. The report notes that although the attacks happened within a short period of time, it is hard to evaluate the total number of attacks. Indeed, this approach has been used before in the recent Trojan ransomware attacks.

Additionally, Red Canary has cautioned the firms that have not yet been infected to be at a higher risk of their system being breached by the Monero mining malware. According to the threat analyst at Emsisoft malware lab:

“Cybercriminals specifically seek out weaknesses in the internet-facing systems and, when found, exploit them. Companies can significantly reduce their risk factor by following well-established best practices such as timely patching, using MFA, disabling PowerShell when not needed, etc.”

Rise in ransomware attacks

The use of  XMRRig app for illegal mining of cryptocurrencies has been a common practice by various groups of hackers. Back in 2019, cybersecurity companies Symantec and BlackBerry Cylance cautioned on the penetration of the XMRRig app through music files.

Furthermore, in November of the same year, malware attacked weak Docker occasions to install the crypto-jacking software.

Hackers Demand Crypto from Law Firm Representing Madonna and Le Bron

by

A recent report suggested that the notorious hackers known by the name REvil or Sodinokibi, hacked into the website of a law firm based in New York. The hackers demand crypto ransom from the law firm that represents popular individuals such as Elton John, Lady Gaga, Madonna, Rob Stewart, The Weeknd, U2, LeBron James, Mike Tyson, Robert De Niro, and Sony Corporation.

Initially, the hacking group demanded ransom in Bitcoin, before later switching to Monero. Monero is known for its privacy orientation, making it more efficient for making under the radar transactions.

REvil hackers demand crypto from Grubman Shire Meiselas & Sacks Law Firm

The report by media giants BBC, indicated that the REvil hackers had taken down the website of popular New York-based law firm dubbed Grubman Shire Meiselas & Sacks. Moreover, the attackers assert they are in possession of 750 gigabytes worth of data from the website, including contracts, agreements and personal emails. A statement by the law firm reads:

“We can confirm that we have been victimized by a cyber-attack. We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.” 

At press time, the firm’s official website was only displaying the firm’s logo. In fact, the REvil attackers had allegedly released a screenshot indicating artist Madonna’s contract. As per Brett Callow, a threat analyst at Emisoft, such ransomware attacks are on the rise lately, which is worrying.

Additionally, he states that firms that are faced with such a threat, do not have lots of options since if they decline to fulfill the demands, confidential information may be published. Payment of the ransom will give them hope that the attackers will not share the information.

REvil’s cybercrime record

The report does not specify the amount of money the hackers are demanding. In particular, REvil hacking group has a good record of similar cyber attacks. Early into the year, the attackers hacked Travelex exchange firm based in the U.K.

The firm’s network was infected with malware infiltration, forcing them to give in to the demands of the attackers amounting to $2.3 million in Bitcoin. Furthermore, the hackers used to demand ransom in bitcoin before opting for Monero  to cover their money trails. 

Interestingly, the perpetrators highlighted that potential victims should learn more on how the privacy coin works; how to buy, and how to transfer it when the time comes.

Bitcoin Used As a Ransom Tool in Mumbai Hotel Threats; LeT Suspected

by

The cryptocurrency world is no stranger to disputes and scams. As each day passes, it has become evident that some community members will continue to use digital assets for nefarious purposes.

According to recent reports, hotels in the city of Mumbai have received threats that Bitcoin is being demanded as ransom. Four high-end hotels in Mumbai were searched from top to bottom over the past couple of days after emails claiming to be from Lashkar-e-Taiba threatened to blow up these places. The emails demanded that they be paid 100 Bitcoin ransoms if the authorities did not want a task on their hands.

The perpetrators mentioned in the mail that they needed the 100 Bitcoin to be transferred 24 hours before they were forced to take drastic action. In addition, the letter also stated that the attackers intended to abduct and kill the employees ‘ families if they were unable to blow up the hotel.

The management of the Seven-Eleven Club at Mira Road was in shock when they received the attack. The club is currently owned by former BJP MLA Narendra Mehta and stretches over 10 acres. The staff confirmed that the hotel had received an e-mail at 4 a.m. and instructions on how to transfer the ransom.

Sources indicate that the 100 Bitcoin had to be transferred discreetly within a set timeframe. Bitcoin’s fungible property allows it to be sent and received without anyone being able to track the transaction. Deven Bharti, Chief of the State Anti-Terrorism Force, stated that the search was equally as intense in the other suspected locations. They were not able to get an exact lock on the email location as the addresses used were fake.

Shantaram Walvi, the deputy superintendent of police revealed that the ATS and the bomb squad were on full alert across the length and bread of the premises. To ensure that the proceedings adhere to the legal frameworks, the general manager of Seven Miles has registered multiple FIRs with the police. This includes IPC 505 [intent to incite], IPC 384 [extortion] and IPC 387 [putting persons in fear of death in order to commit extortion].

Bitcoin being used as a weapon in ransomware cases is nothing new as several culprits around the world have done it before. It might be hard to locate the real attackers in this case because India has no strong relationship with cryptocurrency and blockchain technology. Despite this, the authorities have been out to ensure that such an incident does not happen again and that they are always prepared.

International Foreign Exchange Travelex Faces Cyber-Attack, Hackers Demanding Ransom in Crypto

by

Travelex, the international foreign exchange firm is experiencing a global blackout on its online currency exchange services following the cyber attack. The firm is currently unable to serve its services to thousands of its customers efficiently and meantime hackers are demanding ransom in cryptocurrencies.

Hackers are likely fond of Cryptocurrencies

The incident was identified on January 2nd and hackers are reportedly holding Travelex’s system and demanding cryptocurrency to return the access. Consequently, the staff at Travelex is currently using paper and pen to perform certain activities. It is stated that the firm offers its foreign exchange services for customers of leading banks including Barclays, HSBC, Virgin Money and other banking avenues of British retailers Tesco and Sainsbury.

However, it isn’t the only or the first incident in the crypto industry, perhaps, this is a new case in 2020. In another report, it was disclosed that the intrusion was discovered on December 31 and upon discovery, the company took all systems offline as a part of a precautionary measure. More so, the company said that;

“To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated,”

The irony is that attackers claimed they have downloaded 5 GB of sensitive customer data including customer’s date of birth, national insurance numbers alongside their credit card information. Furthermore, the hacker notes that as soon as they receive the payment they will delete the data and restore them the entire network.

“The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base, said hackers”

In contrast, on the part of Travelex, there is no evidence of the breach of customer data. Besides, customer’s travel money is in limbo due to cyber-attack. Consequently, banking partners including Royal Bank of Scotland (RBS), Lloyds and Barclays are issuing the statement, stating that they are unable to accept any travel money. An RBS representative issued an apology statement, noting that;

“We are currently unable to accept any travel money orders either online, in branch or by telephone due to issues with our travel-money supplier, Travelex”

In a nutshell, the employees of Travelex who requested to be anonymous told reporters that the entire incident is partly caused by the lack of real leadership and communication within the internal management.

EXCLUSIVE: Nigerian Politician Pays $15000 in Bitcoin in Ransom to a Kidnapper

by

Dr. Umar Ardo, who is the chieftain of the Peoples Democratic Party (PDP), reportedly paid $15000 in Bitcoin in ransom to a kidnapper who kidnapped his 24-year-old daughter, Aisha.

Fondly known Ummi, Aisha was kidnapped on Sept 14, 2019, at a shopping mall and Kidnapper released her on Sept 15 after receiving the ransom in the Bitcoin. The value of one BTC is currently worth $10222 against USD.

Bitcoin in Ransom

Since Bitcoin is on the limelight as the leading financial instruments these days, kidnappers demanding bitcoin in ransom is no more a surprise. However, in this case, Dr. Umar Ardo (father of abducted girl) paid $15000 in bitcoin – even if we consider one bitcoin as $10000, the kidnappers have roughly amassed 1.5 BTC within 24Hrs.

However, According to the local media, Dr.Ardo said he wasn’t familiar with the bitcoin and the way to make the payment to get his daughter back from the kidnapper. The father said;

“I told them I don’t know how to do this bit payment but the caller insisted I must learn. I got somebody who paid the money through the wallet account. Within an hour we sent the money and it generated payment evidence which I texted to him.

Fortunately, Kidnapper didn’t harm Aisha. It’s worth noting that the kidnapper targeted the daughter of Mr.Ardo as he appears to possess a high public figure in Nigeria. Notably, Dr.Ardo is a cousin to Atiku Abubakar, who is the Former Vice President of Nigeria.

However the name of the kidnapper wasn’t revealed yet, but the late Sunday night, FCT Police Command states that they began hunting for the kidnappers of Miss Ardo.

Although it is not the first case where Kidnappers demanded ransom in Bitcoin – the most beguiling reason behind bitcoin as Kidnapper’s new choice is ‘the anonymity feature that it bears.’ The transactions via bitcoin will hide the identity parties involved; it is online and decentralized – means that it doesn’t require any central authority to rule or operate the amount transferred between two parties.

It remains to see whether or not police arrested the kidnapper of Miss Ardo.

Disclaimer: The presented information is subjected to market condition and may include the very own opinion of the author. Please do your ‘very own’ market research before making any investment in cryptocurrencies. Neither the writer nor the publication (TronWeekly.com) holds any responsibility for your financial loss.

Never miss our daily cryptocurrency news, price analysis, tips, and stories. Join us on Telegram | Twitter or subscribe to our weekly Newsletter.