Infosec Round-Up Sep 10th
ProtonMail Privacy, Scammer Jailed & Ransomware Threats
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Ransomware Gang Threatens Leaks
The prolific ransomware syndicate Ragnar Locker is warning that should victims contact law enforcement authorities about attacks, stolen data will be leaked.
Announced via the gangs darknet leaks site, the escalation in intimidation tactics reportedly also applies to victims contacting data recovery experts attempting decryption and conducting payment negotiations.
Threatening that these actions will be viewed by the gang as “hostile intent” that will lead to the “publication of compromised data immediately”, this statement is likely a response to the increasingly common request of governments worldwide that victims should not pay ransoms.
Having claimed many high-profile victims in its two years of operation, Ragnar Locker recently demanded $11 million in exchange for the decryption of Japanese game developer Capcom’s systems.
In May of this year, British Home Secretary Priti Patel stated on the matter on ransomware: “the Government has a strong position against paying ransoms to criminals… It will not protect networks from future attacks, nor will it prevent the possibility of future data leaks. In fact, paying a ransom is likely to encourage criminals to continue to use this approach.”
Cyber Security Student Jailed
A UK university student studying cyber security has been jailed for his involvement in a scam in which criminals posing as Amazon technical support stole almost £40,000 from a single individual.
Ramesh Karuturi, 24, who was studying cyber security at Middlesbrough’s Teesside University, was arrested on 11th of June 2020 when around half of the stolen funds were traced to an account held in his name.
Having contacted the victim, a woman in her 60s, scammers told her that her computer had been hacked and convinced her to install ‘protective anti-virus software’, gaining remote access and draining her bank accounts of nearly £40,000.
With investigators referring to the crime as a “cynical ploy”, Karuturi this week pled guilty to charges of conspiracy to defraud and three counts of money laundering, and was sentenced to five months in prison.
Ian Brown, Police Staff Investigator stated on the case, “This case should serve a stark warning… Cleveland Police continue to actively tackle online scams, working to bring perpetrators before the courts and to achieve justice for victims.”
ProtonMail Data Handover
Privacy-focus email company ProtonMail has faced some criticism after handing over user information to Swiss authorities.
Having been compelled to provide account information relating to the arrest of a “climate activist” by French police, some users reportedly feel that the company is failing to live up to its commitment to the privacy expected from its ‘anonymous’ accounts.
Although the company states that it does not keep ordinary logs, this week it clarified that it can be compelled to record IP data linked to accounts, apologising for any lack of clarity on this matter.
In a statement, the company noted, “ProtonMail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities.” Adding, “There was no legal possibility to resist or fight this particular request.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.