Morrissey Technology

Loading

Ransomware Cyber ​​Attack

2 Russian Citizens Involved in Global Ransomware Cyber ​​Attack

Morrissey Technology – Two Russian citizens admitted to being involved in a number of LockBit ransomware attacks targeting victims in a number of countries. According to a Department of Justice press release, Russian citizen Ruslan Magomedovich Astamirov and Canadian/Russian citizen Mikhail Vasiliev are affiliates of LockBit’s ransomware-as-a-service operation. LockBit affiliates such as Vasiliev and Astamirov would identify and breach vulnerable systems on victims’ networks, steal sensitive stored data, and help deploy ransomware payloads to encrypt files.

Next, they will demand a ransom from the victims in exchange for deleting and not leaking the stolen data online and decrypting the victim’s data. If victims do not pay the ransom, LockBit will leave their data permanently encrypted and publish the stolen files, including highly sensitive information, on the gang’s dark web leak sites. According to court documents, Astamirov (aka BETTERPAY, offtitan, and Eastfarmer) used LockBit between 2020 and 2023 against at least a dozen victims, including businesses in Virginia, Japan, France, Scotland, and Kenya. He collected at least US$1.9 million (equivalent to Rp. 30.8 billion) in ransom money from the cyber attack.

Meanwhile, Vasiliev (aka Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99, and Newwave110) also used LockBit ransomware in at least 12 attacks against victims around the world, including businesses in New Jersey, Michigan, England, and Switzerland between the years 2021 to 2023. The attack caused damage and losses of at least US$500,000. Astamirov was arrested in Arizona in June 2023 and charged with spreading LockBit ransomware. Vasiliev, who was extradited to the United States in June, has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. According to Bleeping Computer, Astamirov faces a maximum sentence of 25 years in prison, while Vasiliev faces a maximum sentence of 45 years in prison. Until now there is no information on the timetable for the verdict for the two Russian cybercriminals.

LockBit’s lunge

LockBit 3.0 is an organized crime ransomware that is motivated by financial gain. It is known that they used Multi-Extortion tactics, to manage and disclose data to the public as well as coordinating the sale of victim data. Palo Alto Networks, a cybersecurity company, also stated that the Lockbit 3.0 ransomware group was the most dominant globally and in Asia Pacific for this ransomware mode. They accounted for 928 leak site posts or 23 percent of all global attacks.

In February, this ransomware group was busted by law enforcement through ‘Operation Kronos’ involving 10 countries, including the US and UK. The result, for example, was that two Russian citizens were arrested in the US. Apart from that, control of the Lockbit website was taken over. LockBit emerged in September 2019 as ABCD and has since claimed and been linked to attacks on many well-known companies and organizations, including Boeing, automotive giant Continental, ank of America, Italy’s Internal Revenue Service, and Britain’s Royal Mail.

In February 2024, law enforcement conducted Operation Cronos, crippling LockBit’s infrastructure and seizing 34 servers. These servers contain over 2,500 decryption keys that are used to create the free LockBit 3.0 Black Ransomware decryptor. The US Department of Justice and the UK’s National Crime Agency estimate that the gang extorted between $500 million and $1 billion after carrying out at least 7,000 attacks between June 2022 and February 2024. The LockBit 3.0 group was also recently mentioned in the case of hacking the Temporary National Data Center (PDNS) 2 in Surabaya using ransomware mode.

https://www.symposiumgeorgia.org/

iCIO Community

iCIO Community Reminds the Importance of Mitigating Ransomware Threats in RI

Morrissey TechnologyThe ransomware that attacked the Temporary National Data Center (PDNS) 2 caught the attention of many parties, including the iCIO Community. They emphasized the importance of mitigating ransomware threats for organizations in Indonesia. iCIO Community is a community of Chief Information Officers and Executives in the ICT sector of companies and organizations in the country. This community is designed as a means of sharing practices and leadership in the ICT field.

“It is important for every organization to develop a comprehensive and proactive cybersecurity strategy. In a world that is increasingly connected and vulnerable to cyberattacks, data protection and collaboration between companies is not only important, but urgent. Let’s unite, share experiences, and strengthen organizational defenses Together, we can protect Indonesia’s digital future from growing threats,” said Iskak Hendrawan, Deputy Chair of the iCIO Community.

Moreover, the personal data protection law will complete its trial period in October this year.

“In the current digital era, ransomware attacks cannot be taken lightly. With the implementation of the Personal Data Protection Law in Indonesia, companies are required to be more serious in protecting users’ personal data. We from the iCIO Community hope that the government and public services can adopt this technology adequate and implementing good data governance procedures. This is not just about technology, but also about the responsibility to protect and manage information that is vital for the country and society,” said Harry Surjanto, Advisor to the iCIO Community.

While it is difficult to completely prevent ransomware attacks, proper mitigation measures can minimize their impact. Last year, this community admitted to having held a closed focus group discussion among its members to discuss the ransomware threat they faced. iCIO Community assesses the need for strict operational discipline to ensure rapid recovery in the face of cyber attacks. This covers several important aspects. First, securing infrastructure in the data center. All infrastructure in the organization must always be hardened and updated with critical security patches at the operating system and device firmware level.

“All data must be backed up regularly and stored securely and strictly,” said the iCIO Community representative.

Second, strict monitoring. Monitoring system health and security through the command center and security operation center 7×24 hours is very important. Organizations must have a rapid reaction unit for recovery and dealing with hacking attacks. The three Disaster Recovery Centers (DRC). Organizations must have a DRC and regularly conduct disaster recovery drills. System recovery training activities for disasters must also be monitored and reported to the regulator

Basic security hygiene is a major concern and discipline that should not be ignored. According to the iCIO Community, this is the primary foundation for protecting organizations from ever-evolving threats. Cases such as the attack on PDN show how important it is to have a fast and effective response strategy. We hope the government can design and implement a comprehensive emergency plan to address ransomware attacks. Cross-sector collaboration and sharing information about new threats and attack tactics are crucial in strengthening national cyber threat defenses.

With these steps, the iCIO Community is confident that we can mitigate the negative impact of ransomware attacks and ensure the security of data that is critical to the national interest. And thanks to the adoption of adequate technology and good data governance, mitigation and recovery procedures, governments and public services can provide better services, increase public trust and protect the important information they hold.

https://bluewaysglobal.com/-/for4d/

Ransomware National Data Center

National Data Center Down, Cyber ​​Expert Says Suspected of Being Attacked by Ransomeware

Morrissey TechnologyThe National Data Center (PDN) experienced disruption from Thursday (20/6/2024) until today there are no signs of progress towards returning to normal operations. Cyber ​​experts suspect that PDN suffered a Ransomeware cyber attack. As a result, PDN experienced problems resulting in long queues carrying out the immigration process not only at Soekarno-Hatta Airport, but at all Immigration Offices throughout the country.

Chairman of the CISSReC Cyber ​​Security Research Institute, Pratama Persadha, revealed several things that could cause total disruption like this, including electricity supply disruption, server damage, internet connection disruption, as well as cyber attacks such as DDoS or Ransomware.

“If the disruption occurs due to a cyber attack, then the risk is even greater because it not only disrupts services but can also result in personal data being leaked,” said Pratama in his written statement.

Previously there had also been a cyber attack on Immigration which resulted in the leak of personal data, namely the leak of 34 million passport data. What’s even more dangerous, said Pratama, is if hackers can access the servers at the National Data Center, of course the data leak that occurs will not only affect the Directorate General of Immigration but also other institutions that use PDN to store citizen data.

If we look at the pattern of disturbances that occur, Pratama believes that there is a possibility that the problems that occurred at PDN were caused by cyber attacks using the ransomware method, as was the case that happened to Bank Syariah Indonesia previously.

“If the problem faced by PDN is a technical problem, it certainly won’t take that long. The electricity supply problem can be resolved immediately by using electricity supply from another substation or using a generator for temporary supply,” he said.

Likewise, if the problem is an internet connection, such as a break in the fiber optic cable entering the PDN, it can still be resolved quickly using a Point-to-Point radio connection which has a large bandwidth and doesn’t take long to install.

“Similarly, if you are hit by a cyber attack using the DDoS method, the response time required will not be that long because it can be easily resolved by utilizing Anti-DDoS devices and collaborating with ISPs to increase bandwidth capacity and help overcome DDoS from the ISP side,” he explained. .

By seeing this incident, Pratama said that using PDN could endanger the country if it is not equipped with strong security, so that each government agency hosting PDN must create a strong Business Continuity Plan (BCP) so that it does not depend 100 ℅ on PDN infrastructure.

He said that with the PDN down incident, the government must clearly explain what happened and from the start explain BCP from this kind of risk. It should be noted that the PDN currently being built only provides the infrastructure to store data from each agency that owns the SPBE.

“The cyber security factor also still needs special attention because what PDN managers currently guarantee is the cyber security of the PDN infrastructure itself, while the cyber security of each SPBE application is still the responsibility of the agency that owns the SPBE,” he concluded.

https://jakartautara.imigrasi.go.id/js/sdemo/

http://nem-lb.com/web/-/togelonline/

https://smkwalisongojakarta.sch.id/-/togelonline/

https://gidapp.bangkok.go.th/cibma/-/togelonline/