Category: crime

Prominent incident response firm Mandiant disclosed Tuesday that it responded to 15 percent fewer ransomware incidents last year. The statistic was first reported by the Wall Street Journal. Mandiant, which is owned by Google Cloud, confirmed the stat in an email to CRN.

The WSJ report also included several other indicators that 2022 was a less successful year for ransomware. Cybersecurity giant CrowdStrike told the outlet that the average ransom demand dropped 28 percent last year, to $4.1 million, from $5.7 million the year before. The firm reportedly pinned the decline on factors including the arrests of ransomware gang members and other disruptions to the groups last year, as well as the drop in the value of cryptocurrencies such as Bitcoin. CrowdStrike confirmed the stat to CRN.

Their article also cites a blog post from Chainalysis, the blockchain data platform, which estimated that 2022’s total ransomware revenue “fell to at least $456.8 million in 2022 from $765.6 million in 2021 — a huge drop of 40.3%.” And that blog post cites the Chief Claims Officer of cyber insurance firm Resilience, who also specifically notes “signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts,” including arrests and recovery of extorted cryptocurrency by western law enforcement agencies.

From the Wall Street Journal:
After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware…. “It reflects, I think, the pivot that we have made to a posture where we’re on our front foot,” Deputy Attorney General Lisa Monaco said in an interview. “We’re focusing on making sure we’re doing everything to prevent the attacks in the first place.”

The hacking groups behind ransomware attacks have been slowed by better company security practices. Federal authorities have also used new tactics to help victims avoid paying ransom demands…. And the FBI said last month that it disrupted $130 million in potential ransomware profits last year by gaining access to servers run by the Hive ransomware group and giving away the group’s decryption keys — used to undo the effects of ransomware — for free.

In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti, according to Yelisey Bohuslavskiy, chief research officer with the threat intelligence firm Red Sense LLC. They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.
Companies have also stepped up their cybersecurity practices, driven by demands from insurance underwriters and a better understanding of the risks of ransomware following high-profile attacks. Companies are spending more money on business continuity and backup software that allow computer systems to restart after they have been infected. With improved backups, U.S. companies are better at bouncing back from ransomware attacks than they were four years ago, according to Coveware Inc., which helps victims respond to ransomware intrusions and has handled thousands of cases. Four years ago, 85% of ransomware victims wound up paying their attackers. Today that number is 37%, according to Coveware Inc. Chief Executive Bill Siegel.

Prosecutors said Wahi made nearly $900,000 of profit by illegally trading ahead of 40 different Coinbase announcements. They recommended a 10- to 16-month sentence. At a sentencing hearing in Manhattan federal court, U.S. District Judge Loretta Preska said his crime was “not an isolated error in judgment.” “Today’s sentence makes clear that the cryptocurrency markets are not lawless,” Damian Williams, the top federal prosecutor in Manhattan, said in a statement. Further reading: Coinbase To Cut 20% Jobs, Abandon ‘Several’ Projects To Weather Downturns in Crypto Market

In 2017, McClure claimed she ran out of gas and was stranded on Interstate 95 in Philadelphia. The homeless man, Johnny Bobbitt Jr., supposedly saw her and gave her his last $20 for gas. McClure and her then-boyfriend, Mark D’Amico, posted about the “good deed” on social media, including a picture of her with Bobbitt on a highway ramp. They also started a GoFundMe campaign to raise money for the homeless veteran, saying they wanted to pay it forward to the good Samaritan and get him off the streets.

The story went viral and made national headlines, with more than 14,000 donors contributing. The scammers netted around $367,000 after fees, according to court documents…. Bobbitt, who received $75,000 from the fundraiser, according to prosecutors, took civil action against D’Amico and McClure and the scam soon became public…. D’Amico and Bobbitt were charged in 2018 alongside McClure for concocting the scheme, prosecutors said. McClure pleaded guilty to one count of theft by deception in the second degree in 2019, according to the Burlington County prosecutor.

Bobbitt pleaded guilty to conspiracy to commit theft by deception in 2019 and was sentenced to a five-year special probation period which includes drug treatment. D’Amico also pleaded guilty and agreed to a five-year term in New Jersey state prison, as well as restitution of GoFundMe and the donors, in 2019.

“The gas part is completely made up, but the guy isn’t,” McClure texted a friend (according to CNN). “I had to make something up to make people feel bad.” So what happened to “the guy” from the highway ramp? Prosecutors note that if Bobbitt “fails to adhere to the tightly-structured regimen of treatment and recovery services, which includes frequent testing for drug use, he could be sentenced to five years in state prison.”

And they add that the judge “also ruled that McClure, a former state Department of Transportation worker, is permanently barred from ever holding another position as a public employee.”

Their statement points out that the 2017 campaign was at the time the largest fraud ever perpetrated through GoFundMe — which voluntarily reimbursed the 14,000-plus donors.

On November 8, for instance, local police in West Covina, California, received an emergency call purporting to come from a minor child reporting that her parents had been drinking and shooting guns inside the minor’s home. When police arrived at the residence, Nelson allegedly accessed the residence’s Ring doorbell and used it to verbally threaten and taunt the responding officers. The indictment alleges the men helped carry out 11 similar swatting incidents during the same week, occurring in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.

Prosecutors alleged that the two men and a third unnamed accomplice would first obtain the login credentials of Yahoo accounts and then determine if each account owner had a Ring account that could control a doorbell camera. The men would then use their access to gather the names and other information of the account holders. The defendants then placed the hoax emergency calls and waited for armed officers to respond. It’s not clear how the defendants allegedly obtained the Yahoo account credentials. A separate indictment filed in November in the District of Arizona alleged that McCarty participated in swatting attacks on at least 18 individuals. Both men are charged with one count of conspiracy to intentionally access computers without authorization. Nelson was also charged with two counts of intentionally accessing without authorization a computer and two counts of aggravated identity theft. If convicted, both men face a maximum penalty of five years in prison. Nelson faces an additional maximum penalty of at least seven years on the remaining charges.

The U.S. Securities and Exchange Commission (SEC) said it has filed related civil charges against the defendants in the scheme, claiming that seven of the defendants used Twitter and Discord to boost stocks. It said the eighth was charged with aiding and abetting the scheme with his podcast. The individuals charged were Texas residents Edward Constantinescu, Perry Matlock, John Rybarczyk and Dan Knight, along with California residents Gary Deel and Tom Cooperman, Stefan Hrvatin of Miami and Mitchell Hennessey of Hoboken, New Jersey.

One of the challenges identified by organizations is that something that is considered a crime in the physical world may not necessarily be the same in the virtual world. “By identifying these risks from the outset, we can work with stakeholders to shape the necessary governance frameworks and cut off future criminal markets before they are fully formed,” said Madan Oberoi, Interpol’s executive director of Technology and Innovation. “Only by having these conversations now can we build an effective response.”

In a live demonstration at the event, Interpol experts took to a Metaverse classroom to deliver a training course on travel document verification and passenger screening using the capabilities of the newly-launched platform. Students were then teleported to an airport where they were able to apply their newly-acquired skills at a virtual border point. Additionally, Interpol has created an expert group that will be tasked with ensuring new virtual worlds are “secure by design.” The report notes that Interpol has also joined “Defining and Building the Metaverse,” a World Economic Forum initiative around metaverse governance.

To respond, the EU began monitoring online and offline human trafficking risks, and experts called for countries across Europe to start working together to shield refugees during this uncertain time of conflict. This week, the EU’s law enforcement agency focused on cybercrimes, Europol, reported that it had done exactly that by coordinating the first online EU-wide hackathon. By bringing together law enforcement authorities from 20 countries to aid in their investigations, the hackathon targeted criminal networks using social platforms and websites to map out the online criminal landscape of human trafficking across Europe. In particular, Europol noted in its report, “investigators targeted human traffickers attempting to lure Ukrainian refugees.”

“The Internet and human trafficking are interlinked,” Europol stated in its report, which identified 30 online platforms “related to vulnerable Ukrainian refugees,” 10 specifically targeting refugees for human trafficking. Europol identified 80 persons/usernames (with 30 possibly exploiting Ukrainian refugees), 11 suspected human traffickers (five believed to be targeting Ukrainian refugees), and 45 possible victims, 25 of which were Ukrainian. Countries involved in the hackathon were Austria, Albania, Belgium, Denmark, France, Finland, Germany, Greece, Hungary, Lithuania, Netherlands, Portugal, Poland, Romania, Slovenia, Slovakia, Spain, Sweden, the United Kingdom, and Ukraine. Online platforms probed during the hackathon included “a wide range of websites” and “social media, dating platforms, advertising and aid platforms, forums and messaging applications.”

It isn’t surprising that the judge lowered the payout, in which the jury decided punitive damages should be over 20 times higher than what Charter is liable for in compensatory damages. A nine-to-one ratio is often used as a maximum because of a 2003 US Supreme Court ruling that said: “In practice, few awards exceeding a single-digit ratio between punitive and compensatory damages, to a significant degree, will satisfy due process.” Former Spectrum technician Roy Holden pleaded guilty to the 2019 murder of customer Betty Thomas and was sentenced to life in prison in April 2021. Charter was accused of hiring Holden without verifying his employment history and ignoring a series of red flags about his behavior, which included stealing credit cards and checks from elderly female customers.