Infosec Round-Up Sep 10th

Play Video

ProtonMail Privacy, Scammer Jailed & Ransomware Threats

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Ransomware Gang Threatens Leaks

The prolific ransomware syndicate Ragnar Locker is warning that should victims contact law enforcement authorities about attacks, stolen data will be leaked.

Announced via the gangs darknet leaks site, the escalation in intimidation tactics reportedly also applies to victims contacting data recovery experts attempting decryption and conducting payment negotiations.

Threatening that these actions will be viewed by the gang as “hostile intent” that will lead to the “publication of compromised data immediately”, this statement is likely a response to the increasingly common request of governments worldwide that victims should not pay ransoms.

Having claimed many high-profile victims in its two years of operation, Ragnar Locker recently demanded $11 million in exchange for the decryption of Japanese game developer Capcom’s systems.

In May of this year, British Home Secretary Priti Patel stated on the matter on ransomware: “the Government has a strong position against paying ransoms to criminals… It will not protect networks from future attacks, nor will it prevent the possibility of future data leaks. In fact, paying a ransom is likely to encourage criminals to continue to use this approach.”

Cyber Security Student Jailed

A UK university student studying cyber security has been jailed for his involvement in a scam in which criminals posing as Amazon technical support stole almost £40,000 from a single individual.

Ramesh Karuturi, 24, who was studying cyber security at Middlesbrough’s Teesside University, was arrested on 11th of June 2020 when around half of the stolen funds were traced to an account held in his name.

Having contacted the victim, a woman in her 60s, scammers told her that her computer had been hacked and convinced her to install ‘protective anti-virus software’, gaining remote access and draining her bank accounts of nearly £40,000.

With investigators referring to the crime as a “cynical ploy”, Karuturi this week pled guilty to charges of conspiracy to defraud and three counts of money laundering, and was sentenced to five months in prison.

Ian Brown, Police Staff Investigator stated on the case, “This case should serve a stark warning… Cleveland Police continue to actively tackle online scams, working to bring perpetrators before the courts and to achieve justice for victims.”

ProtonMail Data Handover

Privacy-focus email company ProtonMail has faced some criticism after handing over user information to Swiss authorities.

Having been compelled to provide account information relating to the arrest of a “climate activist” by French police, some users reportedly feel that the company is failing to live up to its commitment to the privacy expected from its ‘anonymous’ accounts.

Although the company states that it does not keep ordinary logs, this week it clarified that it can be compelled to record IP data linked to accounts, apologising for any lack of clarity on this matter.

In a statement, the company noted, “ProtonMail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities.” Adding, “There was no legal possibility to resist or fight this particular request.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Infosec Round-Up Sep 3rd

Infosec Round-Up Sep 3rd - Hut Six

Insider threat destroys 21GB of credit union data. Hackers leak UK firearms marketplace data. Coinbase accidentally sends 125K warning emails.

Infosec Round-Up Aug 27th

Infosec Round-Up Aug 27th - Hut Six

Ethical hacker rewarded with $500K after returning stolen crypto. Japanese exchange attacked. US loses $2.3 million to BEC scam.

Infosec Round-Up Aug 20th

Infosec Round-Up Aug 20th - Hut Six

48 million T-Mobile customers' data breached. Secret 'no-fly' list exposed on internet. Brazil Government hit with another ransomware attack.

Infosec Round-Up Aug 13th

Infosec Round-Up Aug 13th - Hut Six

Apple responds to CSAM scanning criticism. Crypto hacker returns over $300 million worth of tokens. Crytek game developer confirms data leak hack.

Infosec Round-Up Aug 6th

Infosec Round-Up Aug 6th - Hut Six

Zoom to pay $86 million on privacy lawsuit. LockBit 2.0 cyber criminals recruiting insider threats. Isle of Wight schools hit with ransomware attack.

InfoSec Round-Up July 30th

InfoSec Round-Up July 30th - Hut Six

Israeli government raids NSO Group offices. Biden warns cyber breach could lead to "hot-war". Irish DoH data leak.

InfoSec Round-Up July 23th

InfoSec Round-Up July 23th - Hut Six

NSO responds to international criticism. Saudi Aramco hacked for a second time. Chinese government denies involvement with Microsoft Hack.

InfoSec Round-Up July 16th

InfoSec Round-Up July 16th - Hut Six

UK Police seize £180 million in money laundering investigation. REvil ransomware website mysteriously disappears. Iran targets British academics in phishing attack.

InfoSec Round-Up July 2nd

InfoSec Round-Up July 2nd - Hut Six

Member of public finds Ministry of Defence (MoD) documents. Salvation Army loses data in cyber attack. Denmark's Central Bank affected by SolarWinds hack.

InfoSec Round-Up June 25th

InfoSec Round-Up June 25th - Hut Six

Prolific phishing scammer arrested for 25k SMS messages. Scotland's EPA announces 4 thousand files were stolen. Security icon John McAfee found dead.