A recent spate of ransomware attacks estimated to have earned hackers 705.08 Bitcoin likely came from Russian cybercriminals, not North Korean state-sponsored actors as initially thought.
Hard Fork cites evidence from cybersecurity research teams McAfee Labs and Crowdstrike, which have analyzed the strategies used in developing and disseminating the Ryuk ransomware strain, and concluded that the identity and motivations of its masterminds have most likely until now been misreported.
The Ryuk campaign notably attracted wide attention following its targeting of major United States media group Tribune Publishing over Christmas.
As McAfee notes, Ryuk is a fictional manga character who spreads lethal death notes as an evil distraction from his own boredom - an analogy for the ransom notes reported to have accompanied Ryuk once the ransomware had encrypted victims' drives.
Ryuk was reportedly initially spread via a banking Trojan dubbed TrickBot, which was concealed in email spam sent to tens of thousands of victims, with the attackers then reported to have graduated to targeting select larger enterprises.
The allegedly mistaken attribution to North Korea appears to have been spurred by code similarities between Ryuk and Hermes - a ransomware that was previously allegedly used by North Korean state actors as an intrigue to distract from a compromise of the SWIFT network of the Far Eastern International Bank in Taiwan.
Crowdstrike, and others argue, Ryuk is likely a modified version of Hermes 2.1., which was available as a commodity malware kit for sale in underground forums.
"With the recent decline in BTC to USD value, it is likely GRIM SPIDER has netted more."
Crowdstrike further claims that GRIM SPIDER is a cell of e-criminals that forms part of the larger threat group WIZARD SPIDER, identified as the Russia-based operator of the TrickBot banking malware.
In a report published last October, cybercrime firm Group-IB identified the allegedly North Korean state-sponsored hacker group Lazarus as responsible for $571 million of the $882 million total in cryptocurrencies that was stolen from online exchanges during from 2017 to 18..
Research Suggests Russian-Based Hackers Behind Ryuk Ransomware's $2.5 Million Gains
Publicado en Jan 14, 2019
by Cointele | Publicado en Coinage
Coinage
Noticias recientes
Ver todo
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.