Hackers claim to have obtained 327,268 files from law enforcement and are holding the data ransom

us-marshall-hacker-top-secret

Important Takeaways:

  • A ransomware gang claims it hacked the U.S. Marshals Service and is threatening to release data that includes “Top Secret” documents.
  • In a recent post to its site on the dark web, the cybercrime group known as Hunters International added the law enforcement agency to its list of alleged victims, alongside a countdown timer set for roughly two days.
  • The posting, as viewed by the Daily Dot, claims that 386 GB of data, made up of 327,268 files, were obtained in the breach. Screenshots of the purported data suggest the leak includes dossiers on gang members and their mugshots, files marked “Confidential” and “Top Secret,” as well as files from the FBI.
  • One such top-secret document appears to be a report from the Organized Crime Drug Enforcement Task Group. A document under the FBI label is listed as a white paper on Instagram from the National Domestic Communications Assistance Center, a hub containing collective technical knowledge and resources of law enforcement.
  • Other screenshots reference electronic surveillance, ongoing cases, and documents related to “Operation Turnbuckle,” the name of a law enforcement effort that saw the takedown of alleged drug traffickers in 2022.
  • The posting does not indicate that the criminal organization encrypted any files belonging to the U.S. Marshals Service, but instead, based on the countdown timer, is seeking a ransom from the government entity in order to not leak or sell the data.

Read the original article by clicking here.

FBI warns of Potential Ransomware attacks on Food and Agriculture sector

Rev 6:6 NAS “And I heard something like a voice in the center of the four living creatures saying, “A quart of wheat for a denarius, and three quarts of barley for a denarius; and do not damage the oil and the wine.”

Important Takeaways:

  • Ransomware Attacks on Agricultural Cooperatives, Potentially Timed to Critical Seasons
  • The Federal Bureau of Investigation (FBI) is informing Food and Agriculture (FA) sector partners that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss, and negatively impacting the food supply chain.

Read the original article by clicking here.

US to fill gap in cyber security jobs with over half a million open positions

Important Takeaways:

  • Amid Heightened Risk of Cyber Attack, US Scrambles to Fill Nearly 600,000 Open Cyber Security Jobs
  • Cyber protection is no longer optional. The future is now, and the war in Ukraine has escalated the threat of destructive ransomware attacks to an all-time high.
  • The intelligence community says it’s focused on four potential scenarios.
  • “We’re very, very focused on ransomware actors that might conduct attacks against our allies or our nation. We’re very, very focused on some type of cyber activity that’s designed for perhaps Ukraine that spreads more broadly into other countries. Third, is any type of attack that an adversary would conduct on an ally. And finally, certainly our critical infrastructure,” said NSA Director Gen. Paul Nakasone.
  • “In today’s society, everything is connected, everything is interdependent, and therefore, everything is potentially vulnerable,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA)
  • “In 2019 in the U.S., you had about a bit less than 50,000 people who…graduated from a master’s in computer science
  • The numbers just don’t add up: 50,000 people to fill nearly 600,000 jobs. So the tech industry is trying to help fill the void.

Read the original article by clicking here.

U.S. Treasury puts crypto industry on notice over rising ransomware attacks

By Daphne Psaledakis

WASHINGTON (Reuters) – Suspected ransomware payments totaling $590 million were made in the first six months of this year, more than the $416 million reported for the whole of 2020, U.S. authorities said on Friday, as Washington put the cryptocurrency industry on alert about its role in combating ransomware attacks.

The U.S. Treasury Department said the average amount of reported ransomware transactions per month in 2021 was $102.3 million, with REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos the most prevalent ransomware strains reported.

President Joe Biden has made the government’s cybersecurity response a top priority for the most senior levels of his administration following a series of attacks this year that threatened to destabilize U.S. energy and food supplies.

Seeking to stop the use of crypto currencies in the payment of ransomware demands, Treasury told members of the crypto community they are responsible for making sure they do not “directly or indirectly” help facilitate deals prohibited by U.S. sanctions.

Its new guidance said the virtual currency industry plays an increasingly critical role in preventing those blacklisted from exploiting virtual currencies to evade sanctions.

“Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity,” Deputy Treasury Secretary Wally Adeyemo said in a statement.

The new guidance also advised virtual currency exchanges to use geolocation tools to block access from countries under U.S. sanctions.

Hackers use ransomware to take down systems that control everything from hospital billing to manufacturing. They stop only after receiving hefty payments, typically in cryptocurrency.

This year, gangs have hit numerous U.S. companies in large scale hacks. One such attack on pipeline operator Colonial Pipeline led to temporary fuel supply shortages on the U.S. East Coast. Hackers also targeted an Iowa-based agricultural company, sparking fears of disruptions to grain harvesting in the Midwest.

The Biden administration last month unveiled sanctions against cryptocurrency exchange Suex OTC, S.R.O. over its alleged role in enabling illegal payments from ransomware attacks, officials said, in the Treasury’s first such move against a virtual currency exchange over ransomware activity.

(Reporting by Chris Sanders, Chris Bing and Daphne Psaledakis; Editing by Chizu Nomiyama and Daniel Wallis)

Stung by pandemic and JBS cyberattack, U.S. ranchers build new beef plants

By Tom Polansek

CHICAGO (Reuters) – U.S. cattle ranchers and investors are sinking hundreds of millions of dollars into new beef plants after temporary closures of massive slaughterhouses at the start of the COVID-19 pandemic left farmers with nowhere to send animals destined to be turned into meat.

A cyberattack against the U.S. unit of Brazilian meatpacking giant JBS SA that idled nearly a quarter of America’s beef production earlier this month again highlighted vulnerabilities in the country’s meat supply chain and caused more headaches for farmers.

Ranchers, as well as the U.S. Agriculture Department (USDA), say the sector is too consolidated and therefore reliant on a handful of large processors and their industrial meatpacking plants.

Four industry behemoths – JBS USA, Tyson Foods Inc, Cargill Inc and National Beef Packing Company – slaughter 85% of grain-fattened cattle carved into steaks, ribs and roasts for consumers.

Smaller startup meat plants are aiming to provide local ranchers with more places to slaughter cattle, particularly those raised to produce higher-quality beef. They say adding plants can ensure some meat production continues if large facilities close.

When large meat plants close, meat supplies tighten while ranchers get stuck with cattle that would otherwise have been slaughtered. That means the price of cattle generally falls, while the price of meat in supermarkets rises.

Extended shutdowns of some of the biggest U.S. slaughterhouses due to COVID-19 outbreaks hobbled meat production in spring 2020, leading to limits on consumers’ purchases at grocery stores and a decline in frozen inventories that processors have yet to replenish.

Rusty Kemp saw the need for more processing capacity after a 2019 fire at a Tyson Foods plant in Holcomb, Kansas, left meat buyers scrambling for supplies and cattle producers with nowhere to sell their cattle. Then, the pandemic and ransomware attack on JBS hit.

Kemp is now planning to break ground on a $300 million beef plant in Nebraska this fall.

“We thought the Holcomb fire was an absolute train wreck and then COVID came along and Holcomb didn’t seem that bad,” he said.

Kemp’s plant, named Sustainable Beef, will kill 1,500 cattle a day and use blockchain technology so consumers can track a piece of meat all the way back to the ranch, he said.

Sustainable Beef is co-owned by cattle producers who will provide animals for slaughter to the plant, instead of to major packers, Kemp said. He hired former executives of one of the biggest processors, Cargill, as consultants because of their expertise.

But Kemp said he is not trying to pick a fight with the four major processors and that bigger plants are still needed to produce large volumes of meat.

“We absolutely need more capacity and more players,” Kemp said.

MORE ROOM TO SLAUGHTER

Nationwide, at least five new processing facilities of varying sizes have opened or are planned following supply shocks early in the pandemic. Combined with expansions at existing plants, including one owned by JBS, daily U.S. slaughter capacity is set to increase by about 5%, according to a Reuters calculation and data from industry group the North American Meat Institute.

Market conditions are favorable for new entrants. Cattle supplies are ample, while beef prices and profit margins for packers have soared due to strong exports and demand from U.S. consumers.

In Butler, Missouri, Todd Hertzog and his family opened Hertzog Meat Company this month after considering the project for five years.

Though the $3.75 million plant is only slaughtering about 20 cattle a day, it serves nearby ranchers who want to produce higher-quality beef, said Hertzog, who manages the operation.

“The pandemic opened our eyes to the needs of local producers,” he said.

Production disruptions during the pandemic pushed Cliff Welch to begin construction on a meat processing plant near Central City, Kentucky, at a price tag of more than $1.2 million. The cyberattack on JBS then reinforced Welch’s decision to build the facility, slated to open in late 2021, he said.

Welch aims to slaughter 75 cattle a week to start, with the capability to eventually kill 300 head a week. He said he will produce custom cuts of meat using “old-style butchery” and plans to sell it locally.

“I’m starting from ground zero,” Welch said. “It’s a big undertaking.”

Welch said he received a $250,000 grant from Kentucky for the project.

The U.S. Agriculture Department has pledged to support increased processing as part of a $4 billion initiative to strengthen the country’s food system.

“The hope would be that by spreading out, by creating diversity in size and diversity of ownership and diversity of operations, we create greater resilience,” USDA Secretary Tom Vilsack told reporters after the JBS attack.

Missouri last year paid about $17 million in grants to meat processors with fewer than 200 employees that wanted to expand or build new facilities, state agriculture director Chris Chinn said. The payments doubled the amount of red meat inspected by the state in a program sparked by the pandemic, she said.

“It added stability to our local communities and our rural areas,” Chinn said. “They didn’t have to depend on one local source to get their food.”

SMALLER PLANTS, SAME PROBLEMS

Small facilities are finding they face some of the same challenges as larger outfits, notably a labor shortage, without the benefit of a big corporation behind them.

After opening in March, Missouri Prime Beef Packers struggled to find workers for a plant in Pleasant Hope, Missouri, that now kills about 200 cattle a day, despite putting ads in newspapers and on radio, said Dallen Davies, director of company culture.

The facility is slaughtering cattle raised under special guidelines, such as being grass-fed or certified for humane handling, as a way to add value for ranchers and provide a better product for consumers, Davies said.

Plants need to differentiate themselves because they cannot compete with industry titans on volume or on low prices achieved with mass production lines.

Former President Donald Trump last year said he urged the Justice Department to look into allegations the meatpacking industry broke antitrust law because the price that slaughterhouses pay farmers for animals dropped even as meat prices climbed. U.S. governors and lawmakers are pushing the department to keep probing.

Those involved in slaughterhouse expansion say they still need to do something to give ranchers more options in the meantime.

“We really don’t want to wait around and see if the government is going to solve this problem,” Kemp said. “We decided to take matters into our own hands and do this.”

(Reporting by Tom Polansek in Chicago; Editing by Caroline Stauffer and Matthew Lewis)

Colonial Pipeline CEO tells Senate cyber defenses were compromised ahead of hack

By Stephanie Kelly and Jessica Resnick-Ault

NEW YORK (Reuters) -Colonial Pipeline Chief Executive Joseph Blount told a U.S. Senate committee on Tuesday that the company’s cyber defenses were in place, but were compromised ahead of an attack last month.

The hearing was convened to examine threats to critical infrastructure and the Colonial Pipeline cyber attack that shut the company’s major fuel conduits last month.

The hack, attributed by the FBI to a gang called DarkSide, caused a days-long shutdown that led to a spike in gasoline prices, panic buying and localized fuel shortages. It posed a major political headache for President Joe Biden as the U.S. economy was starting to emerge from the COVID-19 pandemic.

Senators questioned whether Colonial was sufficiently prepared for a ransomware attack and the company’s timeline for responding to the attack. Some suggested Colonial had not sufficiently consulted with the U.S. government before paying the ransom against federal guidelines.

Colonial did not specifically have a plan for a ransomware attack, but did have an emergency response plan, Blount said. The company reached out to the FBI within hours of the cyber attack, he said.

“We take cybersecurity very seriously,” Blount said. Still, he said the attack occurred using a legacy VPN (Virtual Private Network) system that did not have multifactor authentication in place.

He said the system was protected with a complex password. “It wasn’t just Colonial123,” he said.

Blount said he made the decision to pay ransom, made the decision to keep the payment as confidential as possible because of concern for security.

“It was our understanding that the decision was solely ours to make about whether to pay the ransom,” he said.

However, he said even after getting the key, the company is still continuing to recover from the attack and is currently bringing back seven finance systems that have been offline since May 7, he said.

The Justice Department on Monday said it had recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline.

Colonial Pipeline previously had said it paid the hackers nearly $5 million to regain access. The value of the cryptocurrency bitcoin has dropped to below $35,000 in recent weeks after hitting a high of $63,000 in April.

Bitcoin seizures are rare, but authorities have stepped up their expertise in tracking the flow of digital money as ransomware has become a growing national security threat and put a further strain on relations between the United States and Russia, where many of the gangs are based.

(Reporting By Stephanie Kelly and Jessica Resnick-AultEditing by Marguerita Choy)

Microsoft says group behind SolarWinds hack now targeting government agencies, NGOs

By Kanishka Singh and Raphael Satter

WASHINGTON (Reuters) -The group behind the SolarWinds cyber attack identified late last year is now targeting government agencies, think tanks, consultants, and non-governmental organizations, Microsoft Corp said on Thursday.

“This week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations,” Microsoft said in a blog.

Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020, according to Microsoft.

The comments come weeks after a May 7 ransomware attack on Colonial Pipeline shut the United States’ largest fuel pipeline network for several days, disrupting the country’s supply.

“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,” Microsoft said on Thursday.

While organizations in the United States received the largest share of attacks, targeted victims came from at least 24 countries, Microsoft said.

At least a quarter of the targeted organizations were involved in international development, humanitarian issues and human rights work, Microsoft said in the blog.

Nobelium launched this week’s attacks by breaking into an email marketing account used by the United States Agency For International Development (USAID) and from there launching phishing attacks on many other organizations, Microsoft said.

In statements issued Friday, the Department of Homeland Security and USAID both said they were aware of the hacking and were investigating.

The hack of information technology company SolarWinds, which was identified in December, gave access to thousands of companies and government offices that used its products. Microsoft President Brad Smith described the attack as “the largest and most sophisticated attack the world has ever seen”.

This month, Russia’s spy chief denied responsibility for the SolarWinds cyber attack but said he was “flattered” by the accusations from the United States and Britain that Russian foreign intelligence was behind such a sophisticated hack.

The United States and Britain have blamed Russia’s Foreign Intelligence Service (SVR), successor to the foreign spying operations of the KGB, for the hack which compromised nine U.S. federal agencies and hundreds of private sector companies.

The attacks disclosed by Microsoft on Thursday appeared to be a continuation of multiple efforts to target government agencies involved in foreign policy as part of intelligence gathering efforts, Microsoft said.

The company said it was in the process of notifying all of its targeted customers and had “no reason to believe” these attacks involved any exploitation or vulnerability in Microsoft’s products or services.

(Reporting by Kanishka Singh and Sabahatjahan Contractor in Bengaluru; additional reporting by Raphael Satter in Washington; Editing by Robert Birsel and Clarence Fernandez)

U.S. to boost pipeline cyber protections in wake of Colonial hack

WASHINGTON (Reuters) -The Biden administration is working with pipeline companies to strengthen protections against cyberattacks following the Colonial Pipeline hack and will announce actions in coming days, the Department of Homeland Security (DHS) said on Tuesday.

The Transportation Security Administration (TSA), a unit of the DHS, “is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems,” the agency said.

TSA is collaborating with another branch of DHS, the Cybersecurity and Infrastructure Security Agency. DHS said it will release more details “in the days ahead” without providing particulars.

The Washington Post reported DHS is preparing to issue its first mandatory cybersecurity regulations on pipelines, citing senior officials.

In the past TSA has provided voluntary guidelines on cybersecurity for pipelines. The agency only had six full-time employees in its pipeline security branch through 2018, which limited the office’s reviews of cybersecurity practices, a General Accountability Office report said in 2019. The TSA said this month it has since expanded that staff to 34 positions.

The TSA would require pipeline companies to report cyber incidents to the federal government, senior DHS officials told the newspaper.

After a ransomware attack forced Colonial to shut its entire network for 11 days this month, thousands of gas stations across the U.S. Southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.

The closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.

The new regulations were discussed after DHS Secretary Alejandro Mayorkas and other top officials considered how they could use existing TSA powers to bring change to the industry, the Post said.

Representative Bennie Thompson, chair of the Homeland Security Committee in the House of Representatives, called the move “a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately.”

(Reporting by Doina Chiacu and Timothy Gardner; Editing by Howard Goller and Grant McCool)

Companies may be punished for paying ransoms to sanctioned hackers – U.S. Treasury

By Raphael Satter

WASHINGTON (Reuters) – Facilitating ransomware payments to sanctioned hackers may be illegal, the U.S. Treasury said on Thursday, signaling a crackdown on the fast-growing market for consultants who help organizations pay off cybercriminals.

In a pair of advisories, the Treasury’s Office of Foreign Assets Control and its Financial Crimes Enforcement Network warned that facilitators could be prosecuted even if they or the victims did not know that the hackers demanding the ransom were subject to U.S. sanctions.

Ransomware works by encrypting computers, holding a company’s data hostage until a payment is made. Organizations have often ponied up ransoms to liberate their data.

“It is a game changer,” said Alon Gal, chief technology officer of Hudson Rock, which works to head off ransomware attacks before they happen.

Before, companies could decide whether or not to pay cybercriminals off, he said. Now that those decisions are being brought under government oversight “we are going to see a much tougher handling of these incidents.”

The Enforcement Network’s advisory also warned that cybersecurity firms may need to register as money services businesses if they help make ransomware payments. That would impose a new reporting requirement on a previously little-regulated corner of the cybersecurity industry.

Ransomware has become an increasingly visible threat in the United States and abroad. Cybercriminals have long used the software to loot their victims. Some countries, notably North Korea, are also accused of deploying ransomware to earn cash.

(Reporting by Raphael Satter; Editing by Chizu Nomiyama and Richard Chang)

U.S. to indict North Koreans over WannaCry, Sony cyber attacks

FILE PHOTO: A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, U.S. May 15, 2017. Courtesy of Symantec/Handout via REUTERS

By Christopher Bing

WASHINGTON (Reuters) – The U.S. Justice Department is poised to charge North Korean hackers over the 2017 global WannaCry ransomware attack and the 2014 cyber attack on Sony Corp, a U.S. official told Reuters on Thursday.

The charges, part of a strategy by the U.S. government to deter future cyber attacks by naming and shaming the alleged perpetrators, will also allege that the North Korean hackers broke into the central bank of Bangladesh in 2016, according to the official.

In 2014, U.S. officials said unnamed North Korean hackers were responsible for a major cyber intrusion into Sony, which resulted in leaked internal documents and data being destroyed.

The attacks came after Pyongyang sent a letter to the United Nations, demanding that Sony not move forward with a movie comedy that portrayed the U.S.-backed assassination of a character made to look like North Korean leader Kim Jong Un.

The FBI said at the time it had recovered evidence connecting North Korea to the attack and others in South Korea.

Last year, the WannaCry ransomware attack affected thousands of businesses across the globe through a computer virus that encrypted files on affected systems, including Britain’s National Health Service, where nonfunctional computer systems forced the cancellation of thousands of appointments.

(Reporting by Christopher Bing; Additional writing by Susan Heavey; Editing by Chizu Nomiyama and Jeffrey Benkoe)