How Ransomware Kills in Real Life. Latest Cyber Crime News
Breaking news and latest cyber crime stories discussed behind-scenes. Don't Miss Video Episode: https://youtu.be/Jd4jvtW77uM
Topics: how ransomware kills in real life, latest cyber crime news, top cyber crime news, when ransomware kills in real life, best ways to keep up to date on security news, best ways to protect business from cyber crime, breaking cyber crime news, breaking cyber crime news to know, cyber crime global news today, cyber crime news we all need to know, cyber crime real life cases, cyber security news this week, cyber crime podcast, latest cyber crime news we all need to know, most recent top cyber security news, new cyber crime news, newest cyber crime news, real cyber crime stories, security news weekly update, top cyber security news recently, top cyber security news stories, top cybersecurity news stories, top data breaches in healthcare, top data breaches law firms, top data breaches ransomware, top new ways to protect your identity online today, top recent cyber security stories, top security news this week, top true cyber crime stories in the news
Hosts David Mauro and Mark Mosher present.
[00:00:00] Howdy to Cyber Crime Junkies podcast. I'm your host, David Morrow. And in the studio with me is my illustrious co host, Mark Mosher. Mark, how are you today? We've got a lot of things to talk about. Doing good. Yeah. This is, this is a little bit difficult for us, right? We want to go over there. So much in the news, right?
In place in the cybersecurity vector.
We really just, we needed an episode just to let people know what's going on. Yeah, absolutely. So the first thing we're going to talk about is the, initiative that's been going on from the CLOP Russian based ransomware gang. It's been in the news and for those that may not be following the cybersecurity news, this is a massive breach involving the move it software program that so many institutions have been using.
Right, Mark. A widely used [00:01:00] file transfer protocol that many, many large organizations use. And this thing was able to exploit a vulnerability and hit dozens and dozens of major corporations and organizations. Yeah. The last count, they are actually keeping track. It's something about, over 270 different organizations worldwide have been, succumbed to this, massive attack.
The FBI and CISA have issued a massive alert. There is this global breach of this widely known, software called move it and move it launched, you know, 20 some years ago, back in 2002. And it's managed today by a U. S. Based company called progress software. And they added antivirus a few years after they launched it.
Because what was happening is it allows software to allows organizations to transfer [00:02:00] confidential information in an encrypted way. Think of lawyers needing it. Think of accountants needing it, healthcare, government agencies, right? And this software was really popular. And there was hundreds and hundreds of state, local, and federal Agencies all using it.
Yep. And CLOP came in and exploited it, so move it. Just, just for record, here's some of the, the people that, fell victim to this. You got like the bbc, British Airways, the California Public Employees Retirement System. Yeah. John Hopkins University, New York City Public Schools. Shell, Siemens.
UCLA, and then it gets into the heavy, the federal government side, the U. S. Department of Energy, the U. S. Department of Health and Human Services, that's some pretty big victims. It [00:03:00] is. And part of the issue is that it was really used for handing over and transferring really confidential information.
It arose when there was a zero day exploit. So what that means for those that aren't technical is a zero day or the worst. It's every security person's nightmare means there is no patch available. They don't have it yet. Well, it's gone through two or three iterations since then. And, progress software keeps listing and creating new patches for it, but then they keep.
finding more vulnerabilities. On June 7th, it came out in one public in May, but there's a lot of research out there that is showing that clot might've been in there for well over a year. So they've been exploiting this for a long time. And when they're able to do that, they were able to leave back doors potentially.
And also to look at how they are [00:04:00] transferring this data and really have good reconnaissance in it. And then not only that, but to access the data that is being transferred. And then on June 7th, CLOP actually came out. The Russian based Klop Ransomware game came out and, started leaking a lot of this data because they had made ransom demands and those hadn't gone, hadn't gone, paid, and now they're starting to leak a lot of this data.
So for those that don't know. Ransomware gangs are these cybercrime gangs. They're very well funded. Think of them like the like any other organized crime entity, whether it be drug smugglers or the mafia back in the day. Think of, think of organizations like that. What do we know about CLOP ransomware gangs?
So CLOP has been around for a while, but with this latest cyber attack on these high visibility ones, they've gained a lot of, people looking for them. Also known as Lace Tempest, the cybersecurity community went to like a new naming scheme [00:05:00] back in April. So, you'll hear Lace Tempest, also known in the cybersecurity, TA 505.
What's the other one? FIN 11 and DEV 0950. So, these guys have been around, there's a lot known about them. This is their standard M. O. Is to get into an organization, exploit that money, but they'll stay inside the system protected for a very long period of time. As David had mentioned, sit in for up to a year, and even when they exfiltrate the data, they steal the data, they'll wait for a while, sometimes before they'll even reach out to, like, executive leaders or owners of these organizations, which to make their ransomware demand.
So they'll sit on that data. a couple examples of that that I found there was a extortion attack, I guess several months ago, or maybe it's been a little bit longer on go anywhere. But another platform that was widely used [00:06:00] on I was able to get part of their ransomware note. It stated, we deliberately did not disclose your organization's information wanted to negotiate with you and your leadership first.
And that was one of them. And then later in the, another communication to another victim, they wrote us, we will sell your information on the black market and publish it on our blog. They have their own blog on the deep web, which receives 50, 000 unique visitors per day. And they even boasted, you can read about us on Google.
And that was right from one of their, their communications, to one of the ransomware victims. It's gotten so bad. We've talked about that. Yeah. I mean, we've talked about that in the past, right? Like the bravado that these guys have and these blogs, they always call it a blog, but it's really their leak site.
It's their wall of shame. Right, and they publish it and you know, ladies and gentlemen, a lot of people visit these sites, right? Everybody's looking at these [00:07:00] sites and there are scans that go on for insurance companies and softwares when you when you hear like well We'll do a dark web search for it and things like that when you figure out that you've been part of a breach.
It's scanning the dark web to be able to find these blogs, these leak sites that are, that are showing the confidential information. Really, really brutal, isn't it? I mean, they're, they're, it's, they're really holding people's, you know, financial futures hostage. CLOP managed to get remote code execution.
I read one, instance where a security researcher was saying, apparently they've been able to launch ransomware from the cloud through this program. Somehow, they're uploading ransomware and other, malware. So think about it. CLOP is, I mean, move it is used by everybody and it's used by these organizations.
moving and transferring from agency to agency, from private [00:08:00] user to agency, all of this dual encrypted, very, very sensitive, very confidential information. And Klopp has been able to. not only gather that information, right? That was supposed to be kept confidential, but they've been able to actually launch ransomware attacks everywhere that that system and that protocol apparently, has been, used.
And that is just absolutely brutal. You know, CISA issued a massive alert while, triage, on the U. S. government that was hit by the MUVIT exploit. Progress Software, as we mentioned, has, has issued two or three different, actually three so far as, that I know of, different patches, different remediation steps.
The U. S. Department of Energy was hit and Congress has been addressed to engage this. And this story has been unfolding daily now for well over a month. We've been wanting [00:09:00] to get in front of you and to, , speak about it. , what's also interesting is CESA's alert. So CESA talked about, you know, CESA always issues these alerts about stop ransomware because ransomware gangs are really the, the.
epicenter of cybercrime today, right? And they have this whole explanation of the move it vulnerability and, of the Klopp ransomware gang. And they talk about how Klopp went around to doing this, the history of Klopp and all of the, that information will have the link to this advisory in our show notes.
But as always, what. What we need to do for everyone is if you say something, I mean, if you see something, please say something, right? Fill out that form at the IC3. gov, go to stopransomware. gov, and follow us for more information at Cybercrime Junkies. It's really, really something that is unfolding, [00:10:00] regularly.
The other thing we wanted to do is talk to you about, some espionage because espionage is always something that is, at the epicenter of fighting, cybercrime, isn't it? Oh, yeah, absolutely. That's a great point. Yeah. Yeah. I mean,
if you see The 10 million reward that the federal government, U. S. federal government issued for these guys. That's how big a deal this is. 10 million reward. So keep that in mind. Oh yeah, we didn't even mention that. Yeah, I was trying to segue over to the next topic. I totally forgot about that. Think about that, right?
The federal government has put a bounty, talk about the wild west. Right? Like this is the wild west. When you think of like the bandits and the old wanted posters and they would have a reward over like some, some cowboys [00:11:00] picture, right? And they would stamp it to, to a tree or like on the top of the door by a saloon.
Right? , that's what the modern version of that is, right? A 10 million bounty. That is pretty amazing. And then, you know, ransomware, we've talked about it before, , ransomware is just absolutely brutal. And there are instances, you know, repeated where it's, it's, it's led to I mean, it's led to deaths.
There's, there's a couple of different, researches, that have shown how it is actually, led to just really, really traumatic. events, especially in the healthcare space. So we wanted to talk to you about this. We've, we've talked about it in, in other episodes, and this is really where cybercrime hits all of us personally, right?
It gets to any one of us have elderly relatives. Maybe [00:12:00] ourselves, maybe friends and family that are getting medical treatment, and it's hard enough to get the medical treatment in the United States today, that's affordable and that we could do, and ransomware is coming from something that is, directly it transforms and it, and it, across the digital space, into our reality, into our kinetic lives.
, there's a lot of patient deaths in tragedies that happened right from ransomware. , Spring Hill Medical Center is a story. that you and I have shared and talked about, Mark. , in 2019, this really bad accident occurred in Spring Hill Medical Center here in the United States. The medical center fell victim to a ransomware attack, and it led to the death of a newborn baby.
The baby's life was endangered. during delivery. As the umbilical cord got wrapped around their neck, causing oxygen deprivation. We've, we've heard of that [00:13:00] before. It's, it's horrible. It's, it's every parent's nightmare. And normally, you know, vital signs monitor. is there and would alert the hospital staff of this life threatening situation.
But the monitor failed to notify the staff due to the system being down because of a ransomware attack. True story. Horrible. , the delivering doctor expressed that she had been, that monitor's readings. She would have opted for a cesarean section, which is very common, right? Whenever there's an umbilical cord being tied, the, standard in the industry is you immediately go to a C section, pull the baby out and release the oxygen.
Treating, , OBGYN said that, she emphasized the fact that this situation could have been prevented had that, monitor. not been failing due to that ransomware attack. [00:14:00] As a result, as a tragic result, the baby suffered severe brain damage and then died nine months later. And that's not the only example, right?
No, the following, what, what's that? I'm sorry. Sadly to say, sadly to say there's, there's other examples. That's not the only one. Yeah, there was one in Germany in 2020, the following year, a ransomware attack, which appeared to have even been misdirected, caused the IT systems of a major hospital, which was Dusseldorf University Clinic in Dusseldorf, Germany, to fail.
As a result of the attack, a woman in need of urgent medical care couldn't be treated at that facility and had to be immediately rushed to another city for treatment, but unfortunately died en route. So, had they been able to render the medical treatment right there and then, the medical professionals say she would have lived and would have been able to do that.[00:15:00]
But every second counted, every minute counted, and she had to be transferred out of the city in order to, to do that because that one hospital that she was getting that emergency medical treatment from was underneath a ransomware attack. And then the year after that... St. Margaret's Health in 2021 of Spring Valley, Illinois, which is right by us here in the heartland of the United States, fell victim to a ransomware attack.
After the attack, the hospital was unable to submit claims to Medicare, Medicaid insurance insurers for months. That incident And this, this rural hospital fell into massive financial crisis. A lot of area residents weren't able to get treatment. So this affected a ton of people. And the, the business impact there, this isn't even just a a bodily injury or, or tragic [00:16:00] death scenario.
But St. Margaret's Health actually shuttered their doors later on that year. Yeah, business. Yeah. An entire, a hospital serving an entire, it's a multi county area. This is the only hospital in that area. And they had to shut their doors. Why? Because of a ransomware attack. Absolutely, absolutely brutal. The groups that they blamed for these, that they tied, that the forensics tied one group was Royal and the other group was Black Cat.
If you look at our other episodes, we go into detail with Black Cat. Black Cat is made up of a group of like digital mercenaries and extortionists that were originally part of the Conti group. And Just and Royal is a fairly new ransomware group that was initially observed kind of in early 2022.
And their top targets that these two groups do and all of their [00:17:00] affiliates are aimed right in the United States. The operation, you know, uses unusual techniques to kind of breach networks and then encrypt them with with the ransomware malware and demand ransom payments. Just absolutely brutal.
Some, some of the, some of the results that we're seeing from this. And then that kind of leads into these groups and these organizations. This is, you know, the ransomware cyber gangs have really been being pushed in that Eastern block that that's what we see, but there's other parts of the world.
that are targeting the United States. And that's where we get into the stories of espionage and some efforts. That are going on now to really drive some of the quantum the, you know, efforts are really being made by the Pacific rim to really break [00:18:00] the quantum barrier. And there's several.
articles and Forbes. We can link them in the show notes. But it's the ultimate nightmare. It's something that we wanted to bring to everybody's attention. I mean, Mark, for those that may not understand, like, well, what does the practical effect of quantum computing? Like there's been a lot of talk about it.
It's something that we're going to be diving deep into. We're going to have a couple episodes that feels much more granular with this topic, but here's here's Kind of where the shift, the paradigm shift is when it comes to, to threat actors is, you know, we've been talking about these, these criminal gangs and how not only they extort organizations for money, but how they can, as David just example,
but some nation state threat actors, you know, don't, don't get it twisted just because they have these cute little names like spider wizard and drunken panda and fuzzy bear. These are actually nation [00:19:00] states. And as David just stated, They're actually moving towards quantum computing to exploit additional victims and specifically the U.
S. Right. They're coming for us, and they're using next level type information techniques and tactics to do that quantum quantum computing. Artificial intelligence. It's all coming, and it's all changing. These, these aren't just the goons. I mean, yes, they are, but these are nation state sponsored gangs.
Right? They have deep, deep pockets in no fear of retribution or, you know, criminal, criminal confinement because it's the government is actually employing them. So we're going to have a future episode that really deals specific with this, with some of the next generation techniques, tactics, and processes that are being used.
Specifically around quantum and A. I. So stay tuned for that. Look for that. That's gonna be a whole episode coming into itself. But we've got some really [00:20:00] great resources, some industry just professionals that are beyond recognition for their information that they have around this. So we'll be able to provide a good deal of information about this for you in a future episode.
Yeah, absolutely. So I mean, quantum breaking the quantum barrier is something that the United States actually has an initiative on. And it's the ultimate nightmare for cybersecurity experts, like Mark was explaining. The way we keep things secure in cybersecurity is to have things encrypted, right?
You can't un... It's, it's, it's the, the precious information is inside an envelope, right? And that envelope is sealed. Well, quantum computing does the digital equivalent of breaking that seal and being able to see everything inside. And, you know, unlike conventional hacks, like these attacks. If they're driven through quantum computing are stealthy and they're [00:21:00] virtually undetectable.
And the scenario is something that haunts the federal government's, , efforts. They're, they have an initiative in the United States to get all federal agencies to develop a timeline as to when they will be quantum safe, right? And meanwhile, at the QAI, in Oxford Economics, they've published two economic reports, we'll actually link them in the show notes if anybody's interested, about the catastrophic damage that such an attack would have, unlike the national power grid, for the cryptocurrency exchange and Impacts on major institutions like the Federal Reserve.
When you think about all of Bitcoin and all of that, it's all locked down because the blockchain can be encrypted. But quantum computing can, can break all of that. One last thing we want to leave you with is a recent story that was in the [00:22:00] mainstream media about China and Going after and doing some some espionage.
So we're going to play that for you right now, give you our insight, and then we will wrap this up
email hack by China. Overnight, Microsoft revealed that a Chinese hacking organization broke into the email for 25 major organizations, including government agencies. Trevor Ault is tracking the latest. Good morning, Trevor. Good morning, George. It's a very alarming announcement from Microsoft. They say this started in May.
And while they didn't specify which organizations were hit, they have revealed some of them, as you said, are government agencies. And Microsoft says the group behind this is known as Storm 0558. The company claims this is a spy agency that's based in China. And we're told Storm gave access to these organizations emails.
by getting into individual accounts. And what that means is at this point, it's not clear how much data or information that we're actually able to access. So let's, let's [00:23:00] pause that right there. And let's talk about that real quick, Mark. So what are we hearing here? Yeah. I mean, if you picked up on that, he said, getting into individuals, right.
So it wasn't just a mass theft of data, right? This was going directly into specific people's email accounts. So this is one of the techniques and tactics that these nation state threat actors use. It's also used by the cybercrime gangs as well, but it's, it's typically specific to a nation state threat actor.
This is where they've done their research. They know who they're going after and they know what they want. And as you see, they get it. Yeah, absolutely. It's, it's, it's really something that we've talked about many times. on on this program. And there's a lot of stories involving espionage. And espionage is something serious.
It's, it's not something just for [00:24:00] spy novels, right? This is something that is ongoing. It is one of the concerns that people have had with Americans use of social media and certain social media platforms sometimes. It's not about, You know, curating our lives and and doing things like that. It's about what is being used with this data and to understand that you really have to understand the long term international relations plans and where this is all leading.
So we'll have more of that to follow up. And as always, we thank everybody for listening, and we appreciate your time. If you haven't yet, please subscribe to our YouTube channel. It's free, and we really, it really helps us keep this going. We're on the cusp of developing more things here on YouTube, and we really, really appreciate all of your support.
So if you haven't yet, please just subscribe to our YouTube channel. It is at Cybercrime Junkies podcast right there on [00:25:00] YouTube. Any parting words, Mark? Oh, look for that upcoming episode. Again, we've got some really, really cool experts to be on to talk to us about how artificial intelligence is fitting into the landscape and the advancing technology around it.
So it should be very enlightening for those looking to get a little bit deeper into artificial intelligence. We do. We've got some phenomenal Episodes coming in on, on, on, on AI, including the CTO from Intel's coming back with an AI expert. And then we have an entire group of people. that are going to be explaining how AI is actually being managed, handled responsibly, but how it can actually be leveraged by individuals and organizations to build out several different platforms, including helping people build their brands and also the, how to counteract some of the risks that are involved.
So really good stuff. Thank you for listening and we'll see you on [00:26:00] the next one.
