vlog

NOWCAST vlog News at 6am Weekday Mornings
Live Now
Advertisement

Breaking down ransomware and its role in supply chain attacks
The Associated Press
Breaking down ransomware and its role in supply chain attacks
This is where all of our cyber operations are conducted as acting director, Brandon Wales leads the cyber security and infrastructure security agency at DH S. It's an agency inundated lately with reports of ransomware attacks on pipelines, meat packing plants, public transportation and more. Are we on defense right now? Well, ransomware is *** scourge that, that's been affecting American businesses and American governments. It is an epidemic that needs to be aggressive action needs to be taken on. We want to make the US law enforcement community have better ability to go after, find them, track the money and get it back. But right now, it doesn't sound like you've made it that hard. It's hitting companies more than ever. Now, we recognize that the US government needs to do more and private sector needs to do more, especially if it doesn't pay to pay *** new report out this week. By cyber reason. *** Boston based Cyber analytics firm finds 80% of businesses that paid *** ransom demand were attacked yet again later. Should companies be banned from paying ransom? I I'm not prepared to answer that question today, but what I can say is we want to make it much harder for ransomware operators to be successful. Two members of the Senate Intelligence Committee, Mark Warner Democrat Roy Blunt from Missouri Republican want greater regulation of Cryptocurrency, ransomware payments. Do you support their efforts to restrict Cryptocurrency from being used in ransomware payments? What I can say today is that the US government is taking aggressive action to be able to better track money, better identify ransomware operators so that we can go after them. Whale says consumers and businesses must take aggressive action as well. First, make sure that your systems are backed up the backup. Is it critical that it is not connected to your computer? Absolutely. Second use multi factor identification. It's going to prompt me for *** second password or *** pin code. Exactly. Third update and patch your systems just make sure that those automatic patches are turned on. Fourth. Make sure your security solutions are up to date. Everyone should be using some baseline anti virus basic defense to take as ransomware demands doubled in just one year in Washington. I'm chief, national investigative correspondent, Mark Albert.
Advertisement
Breaking down ransomware and its role in supply chain attacks
The Associated Press
Another day, another ransomware attack. This time it's affecting an untold number of small and big companies that use IT software from a company called Kaseya.High-profile ransomware attacks in May hit the world's largest meat-packing company and the biggest U.S. fuel pipeline, underscoring how gangs of extortionist hackers can disrupt the economy and put lives and livelihoods at risk.What is ransomware? How does it work?Ransomware scrambles the target organization's data with encryption. The criminals leave instructions on infected computers for negotiating ransom payments. Once paid, they provide decryption keys for unlocking those files.Ransomware crooks have also expanded into data-theft blackmail. Before triggering encryption, they sometimes quietly copy sensitive files and threaten to post them publicly unless they get their ransom payments. What's a supply chain attack?The latest attack affecting Kaseya customers combines a ransomware operation with what's known as a supply-chain attack, which typically involves sneaking malicious code into a software update automatically pushed out to thousands of organizations. Kaseya says the ransomware affected its product for remotely monitoring networks; but because many of its clients are providers of broader IT management services, a large number of organizations is likely to be affected."What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business," said John Hammond of the security firm Huntress Labs. "Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business."Until now, the best-known recent supply-chain attack was attributed to elite Russian hackers and targeted software provider SolarWinds. But the motive was different; it was a massive intelligence operation targeting government agencies and others, not an attempt to extort money.How do ransomware gangs operate?The criminal syndicates that dominate the ransomware business are mostly Russian-speaking and operate with near impunity out of Russia and allied countries. Though barely a blip three years ago, the syndicates have grown in sophistication and skill. They leverage dark web forums to organize and recruit while hiding their identities and movements with sophisticated tools and cryptocurrencies like Bitcoin that make payments — and their laundering — harder to track.Most experts have tied the Kaseya attack to a group known as REvil, the same ransomware provider that the FBI linked to an attack on JBS SA, a major global meat processor, amid the Memorial Day holiday weekend. Active since April 2019, the group provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion's share of ransoms.Who is affected?The scale of the attack affecting Kaseya is not yet clear, but it's already been blamed for closing stores across a grocery chain in Sweden because their cash registers weren't working.Last year alone in the U.S., ransomware gangs hit more than 100 federal, state and municipal agencies, upwards of 500 health care centers, 1,680 educational institutions and untold thousands of businesses, according to the cybersecurity firm Emsisoft. Dollar losses are in the tens of billions. Accurate numbers are elusive. Many victims shun reporting, fearing the reputational blight.

Another day, another ransomware attack. This time it's affecting an untold number of small and big companies that use IT software from a company called Kaseya.

High-profile ransomware attacks in May hit the world's largest meat-packing company and the biggest U.S. fuel pipeline, underscoring how gangs of extortionist hackers can disrupt the economy and put lives and livelihoods at risk.

Advertisement

What is ransomware? How does it work?

Ransomware scrambles the target organization's data with encryption. The criminals leave instructions on infected computers for negotiating ransom payments. Once paid, they provide decryption keys for unlocking those files.

Ransomware crooks have also expanded into data-theft blackmail. Before triggering encryption, they sometimes quietly copy sensitive files and threaten to post them publicly unless they get their ransom payments.

What's a supply chain attack?

The latest attack affecting Kaseya customers combines a ransomware operation with what's known as a supply-chain attack, which typically involves sneaking malicious code into a software update automatically pushed out to thousands of organizations.

Kaseya says the ransomware affected its product for remotely monitoring networks; but because many of its clients are providers of broader IT management services, a large number of organizations is likely to be affected.

"What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business," said John Hammond of the security firm Huntress Labs. "Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business."

Until now, the best-known recent supply-chain attack was attributed to elite Russian hackers and targeted software provider SolarWinds. But the motive was different; it was a massive intelligence operation targeting government agencies and others, not an attempt to extort money.

How do ransomware gangs operate?

The criminal syndicates that dominate the ransomware business are mostly Russian-speaking and operate with near impunity out of Russia and allied countries. Though barely a blip three years ago, the syndicates have grown in sophistication and skill. They leverage dark web forums to organize and recruit while hiding their identities and movements with sophisticated tools and cryptocurrencies like Bitcoin that make payments — and their laundering — harder to track.

Most experts have tied the Kaseya attack to a group known as REvil, the same ransomware provider that the FBI linked to an attack on JBS SA, a major global meat processor, amid the Memorial Day holiday weekend.

Active since April 2019, the group provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion's share of ransoms.

Who is affected?

The scale of the attack affecting Kaseya is not yet clear, but it's already been blamed for closing stores across a grocery chain in Sweden because their cash registers weren't working.

Last year alone in the U.S., ransomware gangs hit more than 100 federal, state and municipal agencies, upwards of 500 health care centers, 1,680 educational institutions and untold thousands of businesses, according to the cybersecurity firm Emsisoft. Dollar losses are in the tens of billions. Accurate numbers are elusive. Many victims shun reporting, fearing the reputational blight.

Top Picks

Read the text of the announcement of the death of Pope Francis
How long Pope Francis and his predecessors served as pontiff
It's a girl! Shohei Ohtani of the Dodgers is now a father
'Tatooine-like' exoplanet may orbit 2 failed stars, scientists say