Ransomware attacks the scourge of businesses, schools, hospitals and other organizations follow a familiar pattern. Shady criminals contact an organization, telling them their company or customer data has been breached, encrypted and/or exfiltrated. Pay us money, or well publish your data.

In 2022, some 41% of victims paid, according to cyber-intelligence firm Coveware, rewarding the extortionists for their efforts. (Payment is declining every year, down from 76% in 2019.)

That knowledge no doubt inspired lazier, less-skillful scammers into action. In the wake of ransomware attacks comes a new threat, which is fake ransomware attacks. Its just like a real attack, except the attackers are bluffing they really dont have the goods or the access to carry out their threats.

The ransomware incident response company, Coveware, first identified the tactic in 2019. They call it Phantom Incident Extortion.

Experts say were currently undergoing a new wave of fake extortion attempts, and its likely to continue. Fake attacks have the advantage for scammers of being vastly faster and easier and therefore can be committed at a massive scale by scammers without skills. Because of the ease of this attack, cybersecurity experts expect it to exist indefinitely.

A group that calls itself Midnight falsely presents itself as an actual ransomware gang, such as Silent Ransom or Surtr, in order to extort money from American companies. They send emails to the victim organization, claiming to have stolen hundreds of gigabytes of data. The attackers demand payment in exchange for not publishing the data (which they dont actually have). In some cases, they threaten a catastrophic DDoS attack as well.

Midnight isnt alone. Its just currently the best-documented example of how Phantom Incident Extortion plays out.

Because hacking is the hard part, fake extortionists replace breaching, encrypting and exfiltrating with shameless bluffing, which can be augmented by slights of hand. Here are some of the tactics:

1. Show real data.

Malicious actors get their hands on some personal data through means other than breaching and exfiltration. For example, careless social media posters can overshare information about their relationship with a company, or threat actors can present publicly available data as stolen. That limited information can stand in for all customer data, which the attacker falsely claims to have stolen for the purpose of publishing if the victim doesnt pay.

2. Launch a DDoS attack.

DDoS attacks are easy to execute, and while its not easy to completely shut down an organization for long periods of time, a sudden rise in network traffic can accompany false claims that a network has been breached or is controlled by attackers. Or the threat of an easy DDoS attack may be added to increase the pressure to pay.

3. Use malware to simulate encryption.

Some fake extortionists are using old-fashioned phishing attacks to trick users into installing a malicious payload. One real-world example is that attackers offer free pornography, which can be viewed by clicking on a link to a fake porn website. Clicking on the link downloads four executables and a batch file that copies the executable to the Startup folder.

The malware finds all the data files it can and changes their names and extensions, then drops ransom notes saying that the victims have to pay or their files will never be unlocked.

The malware then attempts to delete all system drives except the C: drive.

The files arent actually encrypted. Only the filenames have been changed, and theyll work fine if the names are changed back.

The benefit of this con is that, instead of the hard work of breaching, encrypting and communicating with the victim, its an easy set-it-and-forget-it proposition where the bluff and demand are both fully automated.

This attack generally aims at individual Windows user systems but is, in a way, worse than an actual ransomware attack. While only the filenames are changed, theres no way to know the original file names. And when the attackers collect their ransom, they dont follow up and restore the original filenames. They just take the money and run.

4. Demand a low ransom.

One tactic common with fake ransomware attacks is an absurdly low ransom in some cases, mere hundreds of dollars (payable in Bitcoin).

The idea is that even if victims are pretty sure its a fake attack, the ransom amount is so low that theyll pay in the spirit of better safe than sorry.

The perpetrators business model is to make ransoms cheap but make up the difference in volume.

Understanding the growing scourge of fake extortion attempts means categorizing it not as a variant of ransomware but placing it into the buckets of malware, phishing and social engineering attacks. Ransomware is just the content of the con.

Continue Reading

The rest is here:
Spot Fake Extortion Attacks Without Wasting Time and Money - Security Intelligence

Image Credits: Bryce Durbin / TechCrunch

The backlash against the encryption-busting Online Safety Bill continues to grow, suggesting the United Kingdom could soon face a looming exodus of secure messaging apps.

First drafted in May 2021, the Online Safety Bill would allow the U.K. government to compel backdoor access to any end-to-end encryption system. While the government claims the complex legislation would make the internet safer by requiring social media giants to remove illegal and harmful content online, such as revenge porn and hate speech, the bill has been met with widespread criticism from tech giants, security experts and privacy advocates.

The criticism largely centers around an amendment to the bill that would allow Ofcom, the U.K.s communications regulator, to require that tech giants scan for child sex abuse material (CSAM) in end-to-end encrypted messages. One more privacy-minded way of doing this is through the use of client-side scanning, where images are inspected on a users device before being encrypted.

Apple which attempted to introduce a similar feature in iMessage in 2021 before reversing its decision on Tuesday became the latest tech giant to speak out against the proposed legislation. In a statement given to the BBC, the iPhone maker called for the bill to be amended to offer protections for end-to-end encryption.

End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats, Apples statement said. It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk. Apple urges the government to amend the bill to protect strong end-to-end encryption for the benefit of all.

Messages sent between two iPhones are always end-to-end encrypted, which means no-one else, including Apple, can read them.

Its not clear whether Apple would comply with the bills requirement to weaken end-to-end encryption, and the tech giant did not respond to TechCrunchs request for comment. Companies that fail to abide by the bills requirements could face hefty fines of up to 10% of global turnover and the threat of prison time for law-breaking senior execs under recently expanded criminal liability.

Apples warning comes after other end-to-end encrypted messaging apps, including Signal and Meta-owned WhatsApp, spoke out against the upcoming Online Safety Bill.

WhatsApp head Will Cathcart said the platform would not comply with a U.K. legal requirement to weaken the level of encryption it offers its users and would instead prefer to be blocked by U.K. authorities.

The reality is, our users all around the world want security. Ninety-eight percent of our users are outside the U.K. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users, Cathcart said at the time.

Signal president Meredith Whittaker also warned that the secure messaging platform would quit the U.K. if the bill weakened end-to-end encryption. In a blog post, Whittaker wrote that the platform will stand firm against threats to private and safe communication and would absolutely, 100% walk away from the U.K. rather than weaken security and privacy for its users, reported the BBC.

Despite mounting backlash, the Online Safety Bill is expected to pass into law this summer.

More here:
An encryption exodus looms over UKs Online Safety Bill - TechCrunch

[1/5]EncroChat and Europol logos are seen in this illustration taken, June 27, 2023. REUTERS/Dado Ruvic/Illustration

AMSTERDAM, June 27 (Reuters) - European policing agency Europol said on Tuesday that the takedown of Encrochat, an underground company that offered criminals supposedly secure encrypted communications, led to more than 6,500 arrests and 900 million euros ($980 million) in seized assets.

The system had an estimated 60,000 users when it shut down abruptly in June 2020, and Europol revealed the following month that law enforcement officials had been intercepting users' communications for months.

In a statement on Tuesday, Europol offered its first overview of the results of the takedown, which it said had "sent shockwaves across organised crime groups in Europe and beyond".

Police have analysed more than 115 million "criminal conversations", Europol said, helping prevent "violent attacks, attempted murders, corruption and large scale drugs transports."

The agency said investigations spawned by the takedown have so far led to the seizure of 100 tonnes of cocaine, 30 million pills of "chemical drugs", nearly a thousand vehicles, hundreds of properties and dozens of boats and planes.

The police statement gave no details on whether the owners of Encrochat themselves had been arrested.

French and Dutch authorities were due to hold a press conference in Lille later on Tuesday.

Partial results of Encrochat-linked investigations have previously been announced by French, Dutch, and British police in 2020 and by German police in 2021.

Encrochat sold modified Android mobile devices for around 1,000 euros each and charged users hefty subscription fees with the promise their communications would remain encrypted and secret.

It shut down abruptly in June 2020 after its unidentified operators apparently realized they had been compromised.

Europol said the company had routed encrypted communications through servers in France.

"Eventually, it was possible to place a technical device to go beyond the encryption technique and obtain access to users correspondence," Europol said on Tuesday.

($1 = 0.9169 euros)

Reporting by Toby Sterling; Editing by Christina Fincher

Our Standards: The Thomson Reuters Trust Principles.

Visit link:
Encrypted phone service 'Encrochat' shutdown leads to 6500 arrests, Europol says - Reuters

Apple has denounced the UK's Online Safety Bill's kneecapping of end-to-end encryption as a "serious threat" to citizens, and is trying to make the UK government think twice about the changes.

The Online Safety Bill is being considered by the UK parliament as a potential law that could force online messaging services that use encryption to scan for potential images of child abuse. As part of a wider criticism of the bill's intentions, Apple has publicly objected to the law's implementation.

The bill reasons that law enforcement is not capable of identifying child sexual abuse material being shared across online messaging services like iMessage, due to the implementation of end-to-end encryption. Therefore, the law would empower regulator Ofcom to order such platforms to scan the contents of messages.

However, to accomplish that, there has to be a weakening of end-to-end encryption itself, making it less secure and eliminating the whole point of using the technique for privacy in the first place.

"End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats," an Apple statement received by the BBC on Tuesday reads. "It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches."

The statement continues "The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk. Apple urges the government to amend the bill to protect strong end-to-end encryption for the benefit of all."

Apple's statement occurs at the same time as the Open Rights Group sends an open letter to minister Chloe Smith, the Secretary of State for Science, Innovation, and Technology.

Signed by over 80 civil society organizations and academics, the group believes "The UK could become the first liberal democracy to require the routine scanning of people's private chat messages, including chats that are secured by end-to-end encryption" if the bill becomes law.

"As over 40 million UK citizens and 2 billion people worldwide rely on these services, this poses a significant risk to the security of digital communication services not only in the UK, but also internationally," the letter warns.

Apple's statement against the Online Safety Bill means it joins other messaging services who are against the bill. The Meta-owned WhatsApp told the BBC it refuses to weaken its encrypted systems, while Signal said in February that it would "walk" from the UK if ordered to do the scanning.

While Apple is against the bill, it has previously attempted to perform actions that would be somewhat in the ballpark of what the bill would require it to do. Its 2021 attempt to introduce on-device scanning of images as a child protection measure was praised by the UK government, but was ultimately killed off by Apple in December 2022.

Read the original post:
Apple urges UK to rethink anti-encryption Online Safety Bill - AppleInsider

Apple has criticised powers in the UK's Online Safety Bill that could be used to force encrypted messaging tools like iMessage, WhatsApp and Signal to scan messages for child abuse material. From a report: Its intervention comes as 80 organisations and tech experts have written to Technology Minister Chloe Smith urging a rethink on the powers. Apple told the BBC the bill should be amended to protect encryption. End-to-end encryption (E2EE) stops anyone but the sender and recipient reading the message. Police, the government and some high-profile child protection charities maintain the tech -- used in apps such as WhatsApp and Apple's iMessage -- prevents law enforcement and the firms themselves from identifying the sharing of child sexual abuse material.

But in a statement Apple said: "End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats. "It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk. "Apple urges the government to amend the bill to protect strong end-to-end encryption for the benefit of all."

See the original post:
Apple Joins Opposition in UK To Encrypted Message App Scanning - Slashdot