The ransomware group known as REvil or Sodinokibi has adopted two new strategies to guarantee success in extorting ransom money from its victims, including conducting DDoS attacks and voice calling victims and their business partners, according to Bleeping Computer. The group in February announced a recruitment drive for hackers with knowledge of these procedures, which include Layer 3 and Layer 7 DDoS attacks and voice scrambled VOIP calls to journalists and victims’ partners, with the intent of putting more pressure on victims to pay the ransom, and the operation officially announced plans to use these tactics last week. REvil is providing the voice calls as a free service to affiliates and the DDoS attacks as a paid service. REvil’s ransomware-as-a-service attacks typically earn the group between 20-30% of the ransom money, while the remaining 70-80% go to affiliates. Several other ransomware operations have started to conduct DDoS attacks against victims as part of their operations, including SunCrypt and Ragnar Locker, and the ransomware group Avaddon in January.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Intrusions hijacking the eScan antivirus software's updating mechanism have been conducted by threat actors suspected to be linked to North Korean advanced persistent threat operation Kimsuky to facilitate the delivery of the sophisticated GuptiMiner malware that would then distribute cryptocurrency mining payloads, according to BleepingComputer.
BleepingComputer reports that U.S., Germany, Japan, and UK systems have been subjected to ongoing attacks by suspected Vietnamese hacking group CoralRaider leveraging a content delivery network cache to facilitate the deployment of information-stealing payloads.
The U.S. State Department has subjected more than a dozen individuals allegedly involved in spyware development and distribution, as well as their immediate family members, to visa prohibitions as part of the country's efforts to crack down on spyware misuse, according to The Hacker News.