The post How the FBI fights ransomware appeared first on CyberScoop.

This is Safe Mode, your weekly guide to everything cybersecurity and digital privacy, brought to you by CyberScoop.

The post Why pig butchering is the worst kind of online scam appeared first on CyberScoop.

Safe Mode is your guide to the murky, often bizarre, always fascinating world of cyberspace. Every week we break down the most pressing issues in technology, provide you the knowledge and tools to stay ahead of the latest threats and take you behind the scenes of the biggest stories in cybersecurity.

Our sources are the hackers poking at your systems, the technologists working at the cutting edge, and the researchers and policy makers trying to understand this strange world. Together, we’ll help you navigate what’s happening in the online world and maybe figure out how to make it a bit better.

This is Safe Mode, your weekly guide to everything cybersecurity and digital privacy, brought to you by CyberScoop.

The post Safe Mode Trailer appeared first on CyberScoop.

The DoppelPaymer ransomware, blamed for hundreds attacks globally, is also linked to the death of a patient at the University Hospital in Düsseldorf in Germany after hackers infected the hospital’s computer systems with malware — an incident believed to be the first death directly caused by ransomware.

The joint operation in late February involved police in Germany, Ukraine and the Netherlands, along with Europol and the FBI, according to a release issued Monday by Europol. “The individuals were interrogated, while electronic equipment was seized and is currently being analysed. Further investigative activities are on-going,” a Europol spokesperson told CyberScoop.

The raid follows a push by the White House to intensify efforts to take down ransomware operations, including by increasing cooperation with law enforcement agencies abroad. In one such high-profile operation, the FBI took down the infrastructure that the Hive ransomware group, one of the world’s most prolific cybercrime syndicates, used to carry out operations globally.

In the operation against DoppelPaymer, Euopol said police in Germany raided the home of a German national who they believe is a key player in the ransomware operation. “Investigators are currently analysing the seized equipment to determine the suspect’s exact role in the structure of the ransomware group.” Additionally, Ukrainian police “interrogated a Ukrainian national who is also believed to be a member of the core DoppelPaymer group. The Ukrainian officers searched two locations, one in Kiev and one in Kharkiv. During the searches, they seized electronic equipment, which is currently under forensic examination.”

According to Europol, the DoppelPaymer ransomware began surfacing in 2019 and targeted various organizations, including critical infrastructure operators. “The criminal group behind this ransomware relied on a double extortion scheme, using a leak website launched by the criminal actors in early 2020. German authorities are aware of 37 victims of this ransomware group, all of them companies.”

The FBI did not immediately respond to a request for comment.

The post European raid targeted notorious ransomware gang DoppelPaymer appeared first on CyberScoop.

Denis Mihaqlovic Dubnikov received the illicit funds, which resulted from Ryuk ransomware attacks on unnamed U.S. individuals and organizations, in exchange for bitcoin from criminal hackers, the Justice Department said Tuesday in a press release. He was extradited to the U.S. in August 2022 and pleaded guilty Monday to one charge of conspiracy to commit money laundering.

Dubnikov’s guilty plea in a federal court in Oregon comes two weeks after the Justice Department announced it took down the infrastructure of the Hive ransomware gang, one of the world’s most prolific ransomware operators. It also follows a year in which illicit cryptocurrency activity hit $20.1 billion, an all-time high, and officials around the world touting new get-tough approaches to combating the scourge or ransomware attacks.

One of the most common types of ransomware, Ryuk is often tied to the Russian hacking group known as Wizard Spider. In its release, the DOJ noted that “Ryuk has been used to target thousands of victims worldwide across a variety of sectors. In October 2020, law enforcement officials specifically identified Ryuk as an imminent and increasing cybercrime threat to hospitals and healthcare providers in the United States.”

Law enforcement officials did not identify the specific hacking group that worked with Dubnikov to launder ransom payments. The DOJ said that “between at least August 2018 and August 2021, Dubnikov and his co-conspirators laundered the proceeds of Ryuk ransomware attacks on individuals and organizations throughout the United States and abroad.”

In July 2019, according to the DOJ, a U.S. company paid 250 Bitcoin ransom to regain access to files encrypted by Ryuk. Later that month, Dubnikov accepted 35 Bitcoin from that ransom payment in exchange for $400,000.

The post Russian ransomware money launderer pleads guilty to funneling Ryuk payments appeared first on CyberScoop.