ransomware

Auto Added by WPeMatico

Don’t give your weed dealer all your data

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast, where we unpack the numbers behind the headlines.

Our beloved Danny was back, joining Natasha and Alex and Grace and Chris to chat through yet another incredibly busy week. As a window into our process, every week we tell one another that the next week we’ll cut the show down to size. Then the week is so interesting that we end up cutting a lot of news, but also keeping a lot of news. The chaotic process is a work in progress, but it means that the end result is always what we decided we can’t not talk about.

Here’s what we got into:

Equity drops every Monday at 7:00 a.m. PDT, Wednesday, and Friday morning at 7:00 a.m. PDT, so subscribe to us on Apple PodcastsOvercastSpotify and all the casts.

Powered by WPeMatico

GasBuddy tops the App Store for the first time due to Colonial Pipeline attack

The GasBuddy mobile app, which typically helps consumers find the cheapest gas nearby, has now become the No. 1 app on the U.S. App Store for the first time ever, due to the fuel shortages in the U.S. that followed the cyberattack on the Colonial Pipeline. Americans, fearful that gas would become unavailable, began panic-buying in ways that haven’t been seen since the great toilet paper outage of 2020. As a result, thousands of gas stations ran out of fuel entirely. This dramatic situation has greatly benefitted the GasBuddy app, which includes a crowdsourced feature that helps users locate which local stations still have gas for sale.

As of Wednesday afternoon, GasBuddy says the effects of the Colonial Pipeline shutdown are being felt across 11 U.S. states, largely in the Southeast and Washington, D.C. North Carolina had the highest number of gas stations with fuel outages, with 65% of stations reportedly out of gas as of 2:48 p.m. ET on Wednesday. Kentucky has the lowest at only 2%. Because this data is self-reported by GasBuddy users, it may not represent the most current information, we should note.

Image Credits: GasBuddy app screenshot

During the week, consumers have been turning to GasBuddy to help them find where they can fill up. Yesterday, the app hit No. 1 in the “Travel” category on the App Store, while it steadily climbed its way up the App Store’s Top Overall charts.

This afternoon, GasBuddy became both the No.1 app in the non-games category as well as the highest-ranked app Overall across the U.S. App Store.

According to data from app store intelligence firm Apptopia, GasBuddy yesterday saw 15,203 new downloads — a 59% increase from its average daily downloads, which were 9,560 for the past 30 days. However, third-party data isn’t always accurate for sudden shots in rank — it catches up a few days after the fact.

Image Credits: Apptopia

Reached for comment, GasBuddy says its downloads were actually far higher than the third-party estimates. Across all platforms, including both iOS and Google Play, it saw 20x more downloads yesterday compared with an average day in 2021. The company told TechCrunch it counted 313,001 total downloads yesterday, compared with average daily downloads for the previous 30 days of 15,339.

Broken down by platform, GasBuddy says it saw 104,735 downloads on Android and 208,266 downloads on iOS on Tuesday, May 11, 2021.

Apptopia also noted that GasBuddy hadn’t been the No. 1 app on the App Store in all the time it’s been recording app store rankings, which goes back to January 1, 2015. However, it noted the app itself launched back in 2010, making it possible (though not likely) that the app had reached No. 1 at some point.

GasBuddy confirmed that’s not the case. Today is the first time it has ever topped the App Store, though it got close once before when it reached No. 2 behind a walkie-talkie app during Hurricane Irma in September 2017.

Image Credits: App Store screenshot on Wed., May 12, 2021

Consumers can continue to track statewide fuel outages here on GasBuddy’s website as well as where highest prices are being found. In the app, they can report whether gas stations have gas or diesel, as well as current prices.

The Colonial Pipeline, which runs 5,500 miles from the Gulf to the Northeast, shut down on Friday due to a ransomware attack from a criminal hacking network known as DarkSide, which is suspected to be based in Russia or Eastern Europe. The pipeline delivers about 45% of fuel used by the Eastern Seaboard. Reports of the shutdown sent Americans to stock up on gas, worsening the situation further. The U.S. Energy Secretary Jennifer Granholm said the Colonial Pipeline intends to restore operations by the end of the week.

Powered by WPeMatico

CD Projekt hit by ransomware attack, refuses to pay ransom

Polish video game maker CD Projekt, which makes Cyberpunk 2077 and The Witcher, has confirmed it was hit by a ransomware attack.

In a statement posted to its Twitter account, the company said it will “not give in nor negotiate” with the hackers, saying it has backups in place. “We have already secured our IT infrastructure and begun restoring data,” the company said.

According to the ransom note, the hackers said they would release the company’s stolen source code and other internal files if it did not pay the ransom, since the company would “most likely recover from backups.”

But the company said for now that no personal data was taken. “We are still investigating the incident, however at this time we can confirm that — to our best knowledge — the compromised systems did not contain any personal data of our players or users of our services.”

It’s an increasingly hostile tactic used by ransomware actors: Hackers target high-value businesses and companies with file-encrypting malware and hold the files for a ransom. But since many companies have backups, some ransomware groups threaten to publish the stolen files unless the ransom is paid.

CD Projekt Red did not immediately respond to TechCrunch’s questions, including what kind of ransomware was used to attack its systems.

It’s thought to be the second time in recent years that the company has been hit by ransomware. The game maker confirmed in 2017 that a hack resulted in the compromising of early work related to the Cyberpunk 2077. Weeks following the game’s launch Sony and Microsoft offered gamers refunds, citing bugs and poor performance on older consoles.

Powered by WPeMatico

Ivanti has acquired security firms MobileIron and Pulse Secure

IT security software company Ivanti has acquired two security companies: Enterprise mobile security firm MobileIron and corporate virtual network provider Pulse Secure.

In a statement on Tuesday, Ivanti said it bought MobileIron for $872 million in stock — with 91% of the shareholders voting in favor of the deal — and acquired Pulse Secure from its parent company Siris Capital Group, but did not disclose the buying price.

The deals have now closed.

Ivanti was founded in 2017 after Clearlake Capital, which owned Heat Software, bought Landesk from private equity firm Thoma Bravo, and merged the two companies to form Ivanti. The combined company, headquartered in Salt Lake City, focuses largely on enterprise IT security, including endpoint, asset and supply chain management. Since its founding, Ivanti went on to acquire several other companies, including U.K.-based Concorde Solutions and RES Software.

If MobileIron and Pulse Secure seem familiar, both companies have faced their fair share of headlines this year after hackers began exploiting vulnerabilities found in their technologies.

Just last month, the U.K. government’s National Cyber Security Center published an alert that warned of a remotely executable bug in MobileIron, patched in June, allowing hackers to break into enterprise networks. U.S. Homeland Security’s cybersecurity advisory unit CISA said that the bug was being actively used by advanced persistent threat (APT) groups, typically associated with state-backed hackers.

Meanwhile, CISA also warned that Pulse Secure was one of several corporate VPN providers with vulnerabilities that have since become a favorite among hackers, particularly ransomware actors, who abuse the bugs to gain access to a network and deploy the file-encrypting ransomware.

Powered by WPeMatico

‘Resident Evil’ game maker Capcom confirms data breach after ransomware attack

Capcom, the Japanese game maker behind the “Resident Evil” and “Street Fighter” franchises, has confirmed that hackers stole customer data and files from its internal network following a ransomware attack earlier in the month.

That’s an about-turn from the days immediately following the cyberattack, in which Capcom said it had no evidence that customer data had been accessed.

In a statement, the company said data on as many as 350,000 customers may have been stolen, including names, addresses, phone numbers and, in some cases, dates of birth. Capcom said the hackers also stole its own internal financial data and human resources files on current and former employees, which included names, addresses, dates of birth and photos. The attackers also took “confidential corporate information,” the company said, including documents on business partners, sales and development.

Capcom said that no credit card information was taken, as payments are handled by a third-party company.

But the company warned that the overall amount of data stolen “cannot specifically be ascertained” due to losing its own internal logs in the cyberattack.

Capcom apologized for the breach. “Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders,” the statement read.

The video games maker was hit by the Ragnar Locker ransomware on November 2, prompting the company to shut down its network. Ragnar Locker is a data-stealing ransomware, which exfiltrates data from a victim before encrypting its network, and then threatens to publish the stolen files unless a ransom is paid. In doing so, ransomware groups can still demand a company pays the ransom even if the victim restores their files and systems from backups.

Ragnar Locker’s website now lists data allegedly stolen from Capcom, with a message implying that the company did not pay the ransom.

Capcom said it had informed data protection regulators in Japan and the United Kingdom, as required under European GDPR data breach notification rules. Companies can be fined up to 4% of their annual revenue for falling foul of GDPR rules.

Powered by WPeMatico

Decrypted: Grayshift raises $47M, Apple bugs under attack, video game maker hacked

The election is over, but not without a hitch or two. Some voters in Georgia and Ohio had to use paper ballots after hand sanitizer leaked into voting machines — an unexpected casualty of the pandemic. And a slew of robocalls across a number of swing states urged voters to “stay safe and stay home,” in an effort to disenfranchise voters from going to the polls. With record voter turnout, there’s little evidence to show it worked.

But we saw nothing like the hack-and-leak operations like we did four years ago, which delivered an “October surprise” that derailed the election for Hillary Clinton, despite winning the popular vote by three million votes.

Government officials and cybersecurity firms said there were no significant or damaging cyberattacks during Election Day. One Homeland Security official called it “another Tuesday on the internet,” but conceded there was still cause for concern in the election aftermath.

With the bulk of the votes counted, government officials pointed to the threat of “foreign influence” campaigns — or misinformation — that would try to cast doubt on the election results. In reality, much of the false and misleading claims ended up coming from inside the White House as the Trump administration tried to cling onto power. After being caught out four years ago, the social media giants put into place measures and policies that limited the spread of false news — including Trump’s repeated attempts to claim victory.

Fears that the 2020 election could turn into a national, or even an international security matter did not come to fruition. The U.S. is in a better place than it was four years ago by simply learning the lessons from Russia’s efforts to interfere with the election. Imagine where we could be in another four?

Since you, like us, were glued to the television screens last week, here’s more from the week you might have missed.


THE BIG PICTURE

Grayshift, the maker of phone unlocking tech, raises a Series A round

Grayshift, the secretive startup behind the U.S. government’s favorite phone unlocking technology, has raised $47 million in fresh funding. The Series A round was led by PeakEquity Partners, and — as first reported by Forbes — is a huge round for a little-known phone forensics firm.

One of only a few photos of the mysterious GrayKey phone unlocking devices. Image Credits: Malwarebytes

Grayshift exploded onto the mobile forensics scene in 2018, months after the company began quietly selling its proprietary GrayKey technology to federal agencies for about $15,000 each. The FBI and other agencies use their purchased GrayKey devices to break into encrypted phones without needing the passcode.

Powered by WPeMatico

Cyber threat startup Cygilant hit by ransomware

Cygilant, a threat detection cybersecurity company, has confirmed a ransomware attack.

Christina Lattuca, Cygilant’s chief financial officer, said in a statement that the company was “aware of a ransomware attack impacting a portion of Cygilant’s technology environment.”

“Our Cyber Defense and Response Center team took immediate and decisive action to stop the progression of the attack. We are working closely with third-party forensic investigators and law enforcement to understand the full nature and impact of the attack. Cygilant is committed to the ongoing security of our network and to continuously strengthening all aspects of our security program,” the statement said.

Cygilant is believed to be the latest victim of NetWalker, a ransomware-as-a-service group, which lets threat groups rent access to its infrastructure to launch their own attacks, according to Brett Callow, a ransomware expert and threat analyst at security firm Emsisoft .

The file-encrypting malware itself not only scrambles a victim’s files but also exfiltrates the data to the hacker’s servers. The hackers typically threaten to publish the victim’s files if the ransom isn’t paid.

A site on the dark web associated with the NetWalker ransomware group posted screenshots of internal network files and directories believed to be associated with Cygilant.

Cygilant did not say if it paid the ransom. But at the time of writing, the dark web listing with Cygilant’s data had disappeared.

“Groups permanently delist companies when they’ve paid or, in some cases, temporarily delist them once they’ve agreed to come to the negotiating table,” said Callow. “NetWalker has temporarily delisted pending negotiations in at least one other case.”

Powered by WPeMatico

A SonicWall cloud bug exposed corporate networks to hackers

A newly discovered bug in a cloud system used to manage SonicWall firewalls could have allowed hackers to break into thousands of corporate networks.

Enterprise firewalls and virtual private network appliances are vital gatekeepers tasked with protecting corporate networks from hackers and cyberattacks while still letting in employees working from home during the pandemic. Even though most offices are empty, hackers frequently look for bugs in critical network gear in order to break into company networks to steal data or plant malware.

Vangelis Stykas, a researcher at security firm Pen Test Partners, found the new bug in SonicWall’s Global Management System (GMS), a web app that lets IT departments remotely configure their SonicWall devices across the network.

But the bug, if exploited, meant any existing user with access to SonicWall’s GMS could create a user account with access to any other company’s network without permission.

From there, the newly created account could remotely manage the SonicWall gear of that company.

In a blog post shared with TechCrunch, Stykas said there were two barriers to entry. Firstly, a would-be attacker would need an existing SonicWall GMS user account. The easiest way — and what Stykas did to independently test the bug — was to buy a SonicWall device.

The second issue was that the would-be attacker would also need to guess a unique seven-digit number associated with another company’s network. But Stykas said that this number appeared to be sequential and could be easily enumerated, one after the other.

Once inside a company’s network, the attacker could deliver ransomware directly to the internal systems of their victims, an increasingly popular tactic for financially driven hackers.

SonicWall confirmed the bug is now fixed. But Stykas criticized the company for taking more than two weeks to patch the vulnerability, which he described as “trivial” to exploit.

“Even car alarm vendors have fixed similar issues inside three days of us reporting,” he wrote.

A SonicWall spokesperson defended the decision to subject the fix to a “full” quality check before it was rolled out, and said it is “not aware” of any exploitation of the vulnerability.

Powered by WPeMatico

Decrypted: Tesla’s ransomware near miss, Palantir’s S-1 risk factors

Another busy week in cybersecurity.

In case you missed it: A widely used messaging app used by over a million protesters has several major security flaws; a little-known loophole has let the DMV sell driver’s licenses and Social Security records to private investigators; and the U.S. government is suing to reclaim over $2.5 million in cryptocurrency stolen by North Korean hackers from two major exchanges.

But this week we are focusing on how a Tesla employee foiled a ransomware attack, and, ahead of Palantir’s debut on the stock market, how much of a risk factor is the company’s public image?


THE BIG PICTURE

Russian charged with attempted Tesla ransomware attack

$1 million. That’s how much a Tesla employee would have netted if they accepted a bribe from a Russian operative to install malware on Tesla’s Gigafactory network in Nevada. Instead, the employee told the FBI and the Russian was arrested.

The Justice Department charged the 27-year-old Russian, Egor Igorevich, weeks later as he tried to flee the United States. According to the indictment, his plan was to ask the employee to deliberately deploy ransomware on the Gigafactory’s network, grinding the network to a halt for a ransom of several million dollars. The would-be insider threat is likely the first of its kind, one ransomware expert told Wired, as financially driven hackers continue to up their game.

Tesla founder Elon Musk tweeted earlier this week confirming that Tesla was the target of the failed attack.

The attack, if carried out, could have been devastating. The indictment said that the malware was designed to extract data from the network before locking its files. This data-stealing ransomware is an increasing trend. These hacker groups not only encrypt a victim’s files but also exfiltrate the data to their servers. The hackers typically threaten to publish the victim’s files if the ransom isn’t paid.

Powered by WPeMatico

Decrypted: No warrants for web data, UK grid cyberattack, CyberArk buys Idaptive

One vote.

That’s all it needed for a bipartisan Senate amendment to pass that would have stopped federal authorities from further accessing millions of Americans’ browsing records. But it didn’t. One Republican was in quarantine, another was AWOL. Two Democratic senators — including former presidential hopeful Bernie Sanders — were nowhere to be seen and neither returned a request for comment.

It was one of several amendments offered up in the effort to reform and reauthorize the Foreign Intelligence Surveillance Act, the basis of U.S. spying laws. The law, signed in 1978, put restrictions on who intelligence agencies could target with their vast listening and collection stations. But after the Edward Snowden revelations in 2013, lawmakers champed at the bit to change the system to better protect Americans, who are largely protected from the spies within its borders.

One privacy-focused amendment, brought by Sens. Mike Lee and Patrick Leahy, passed — permits for more independent oversight to the secretive and typically one-sided Washington, D.C. court that authorizes government surveillance programs, the Foreign Intelligence Surveillance Court. That amendment all but guarantees the bill will bounce back to the House for further scrutiny.

Here’s more from the week.


THE BIG PICTURE

Three years after WannaCry, U.S. still on North Korea’s tail

A feature-length profile in Wired magazine looks at the life of Marcus Hutchins, one of the heroes who helped stop the world’s biggest cyberattack three years to the day.

The profile — a 14,000-word cover story — examines his part in halting the spread of the global WannaCry ransomware attack and how his early days led him into a criminal world that prompted him to plead guilty to felony hacking charges. Thanks in part to his efforts in saving the internet, he was sentenced to time served and walked free.

Powered by WPeMatico