Connect with us


Ransom demands averaged $2.2m last year, Unit 42 reports • The Register

The average ransom demand hit $2.2 million in 2021, a 144 percent rise from the year prior, according to Palo Alto Networks’ Unit 42 consultants, while the average ransom payment grew 78 percent to $541,010.

The security research and consulting team’s latest ransomware report pulls data from cases handled by Unit 42 along with analysis of ransomware gangs’ leak sites. 

These findings, combined with another ransomware report released this week from the US Senate Homeland Security and Governmental Affairs Committee, paints a disturbing picture of cyber criminals’ increasingly brazen tactics, and how difficult it is for organizations of all sizes to defend themselves.

And while almost no country or industry escaped unscathed in 2021, some regions and sectors were hit harder than others. Unit 42’s ransomware leak site analysis identified the Americans as home to most of the organizations’ (60 percent) that experienced an attack, compared to 31 percent in Europe, the Middle East and Africa, and 9 percent in the Asia-Pacific region.

The security team also found professional and legal services (1,100) and construction (600) firms names most frequently on leak sites.

“As these ransomware gangs and RaaS operators find new ways to remove technical barriers and up the ante, ransomware will continue to challenge organizations of all sizes in 2022,” warned Ryan Olson, VP of threat intelligence for Unit 42, in a forward to his organization’s report.

But first, a look back on 2021. 

More multi-extortion to come

While double extortion became more common in 2020 — this is when cyber criminals first encrypt files and demand victims pay a ransom to regain access to those file, and then they also steal organizations’ data and threaten to leak sensitive information if they don’t pay up — “ransomware gangs took these tactic to a new level” in 2021, according to the report. 

“For example, we’ve seen gangs make threatening phone calls to employees and customers and launch denial of service (DoS) attacks to shut down a victim’s website in an effort to incentivize payments,” Olson wrote.

In all, Unit 42 saw the names and proof of compromise for 2,566 victims posted to leak sites last year, representing an 85 percent spike from 2020. “Be prepared to see more multi-extortion attack tactics in 2022 and beyond,” the report warned.

Further analysis of leak sites revealed that Conti, with 511, posted the most breaches in 2021. LockBit 2.0 came in second place with 406. 

A new ransomware-as-a-service operations BlackCat, which other threat hunting teams have linked to the BlackMatter/DarkSide ransomware ring, began using “triple extortion attacks,” according to the report, first stealing an organization’s data, then deploying ransomware and threatening to leak the information, and then launching a DDoS attack if the ransom isn’t paid.

BlackCat is also notable for its “meteoric rise,” according to Unit 42. The security shop reported that just one month after appearing on the scene in November 2021, this criminal group already claimed the seventh-largest number of victims on their leak site. It targets primarily US companies, and lets its affiliates keep 80 percent to 90 percent of the ransom, with the remainder going to BlackCat.

According to Unit 42, BlackCat ransomware is also “one of the first, if not the first” to use the Rust programming language.

Conti, REvil most active criminal gangs

Meanwhile, Russia-based Conti displaced REvil as the most active gang in 2021, based on security incidents that Unit 42 responded to last year. Conti’s average ransom demand came in at $1.78m, and their top payment request was $3m. Since 2020, this cyber-crime ring has leaked data belonging to more than 600 organizations, according to the report.

Conti was also quick to exploit known vulns, like ProxyShell and Log4j, and use these as their initial vectors to carry out ransomware attacks. 

This increasing use of zero-days is something that Unit 42 expects to see more of in 2022. “We believe threat actors are increasingly tracking high-profile vulnerabilities and exploiting them to gain an initial foothold in an organization,” the report authors wrote. “The timeframe from vulnerability to exploit is getting shorter — it can practically coincide with the reveal if the vulnerabilities themselves and the access that can be achieved by exploiting them are significant enough.”

Another Russian cyber-crime ring, REvil, was the second most active gang in 2021, based on Unit 42 incident response data. The group’s initial demand averaged about $2.2m and its highest demand hit $5.4m — both increases from 2020. “The size of specific ransoms depended on the size of the organization and type of data stolen,” according to the report. “Further, when victims failed to meet deadlines for making payments via Bitcoin, the attackers often doubled the demand.”

A second report [PDF] released this week, this one from the Senate Homeland Security and Governmental Affairs Committee, also documents REvil attacks on three US companies. And it found the federal government’s response to these incidents sorely lacking. The document doesn’t name the three companies, all of which reported the attacks to law enforcement, and instead refers to them as entities A, B, and C:

Entity A, which has a 200-person security team and spends about 10 percent of its overall IT budget on security, hired Microsoft’s incident response team after REvil demanded a $70 million ransom, which the report says it did not pay. It took about a week to kick REvil off its network. The company said it would have taken a lot longer to recover from the attack without its “vast resources and robust backups.” 

Keystone cops?

Additionally, “Entity A found the FBI to be unhelpful throughout the process,” according to the report. The firm asked the FBI for guidance, and says it didn’t receive any “helpful assistance.” 

As an example: the FBI hostage negotiator seemed to have little experience responding to ransomware attacks. Additionally, “Entity A indicated the FBI prioritized investigating those responsible for the attack over helping Entity A respond and secure its network — the top priority for Entity A.”

Entity A also said it wished it could have shared more information about REvil and the attack with other companies without being penalized under current laws.

The second company, a manufacturing firm the report calls Entity B, also did not pay the ransom and says it took about a month to assess the full scope of the breach and how much data REvil had stolen. This firm hired an incident response team, outside attorneys, and a ransom negotiator to help it recover. It also had cyber insurance, but notes that its “premiums rose substantially after the breach.”

While not as damning as entity A’s depiction of the FBI’s response, entity B “recalled there was no ‘here’s a playbook’ discussions with the FBI regarding how to best respond,” the report noted.

IT firm Entity C was the smallest of the three to experience a ransomware attack, and after contacting federal officials said it preferred to respond to the attack on its own. 

While this company found the agencies “helpful,” the report also noted that “Entity C found the federal government’s response teams were caught off guard by the idea that a group or entity would launch attacks like this on such a large scale in such a small time frame.”

The Senate committee recommends that companies take steps to make it more difficult and costly for ransomware gangs to breach their networks. This includes security basics like patching vulnerabilities, using multi-factor authentication, keeping device and software inventories, requiring employees use complex passwords, maintaining offline backups, and encrypting sensitive data.

And it also calls on the FBI and CISA to work more closely to share information and do more to help ransomware victims recover their data and mitigate damages. 

“The Biden administration should work quickly to implement my recently enacted bipartisan Cyber Incident Reporting Act,” the committee’s ranking member, Sen. Rob Portman, R-Ohio, said in a statement. “This law will help prevent future cyberattacks by facilitating increased information sharing and enhance the federal government’s cyber defense and investigative capabilities.” ® 

Source link


European Startup Ecosystems Awash With Gulf Investment – Here Are Some Of The Top Investors

European Startup Ecosystem Getting Flooded With Gulf Investments

The Voice Of EU | In recent years, European entrepreneurs seeking capital infusion have widened their horizons beyond the traditional American investors, increasingly turning their gaze towards the lucrative investment landscape of the Gulf region. With substantial capital reservoirs nestled within sovereign wealth funds and corporate venture capital entities, Gulf nations have emerged as compelling investors for European startups and scaleups.

According to comprehensive data from Dealroom, the influx of investment from Gulf countries into European startups soared to a staggering $3 billion in 2023, marking a remarkable 5x surge from the $627 million recorded in 2018.

This substantial injection of capital, accounting for approximately 5% of the total funding raised in the region, underscores the growing prominence of Gulf investors in European markets.

Particularly noteworthy is the significant support extended to growth-stage companies, with over two-thirds of Gulf investments in 2023 being directed towards funding rounds exceeding $100 million. This influx of capital provides a welcome boost to European companies grappling with the challenge of securing well-capitalized investors locally.

Delving deeper into the landscape, Sifted has identified the most active Gulf investors in European startups over the past two years.

Leading the pack is Aramco Ventures, headquartered in Dhahran, Saudi Arabia. Bolstered by a substantial commitment, Aramco Ventures boasts a $1.5 billion sustainability fund, alongside an additional $4 billion allocated to its venture capital arm, positioning it as a formidable player with a total investment capacity of $7 billion by 2027. With a notable presence in 17 funding rounds, Aramco Ventures has strategically invested in ventures such as Carbon Clean Solutions and ANYbotics, aligning with its focus on businesses that offer strategic value.

Following closely is Mubadala Capital, headquartered in Abu Dhabi, UAE, with an impressive tally of 13 investments in European startups over the past two years. Backed by the sovereign wealth fund Mubadala Investment Company, Mubadala Capital’s diverse investment portfolio spans private equity, venture capital, and alternative solutions. Notable investments include Klarna, TIER, and Juni, reflecting its global investment strategy across various sectors.

Ventura Capital, based in Dubai, UAE, secured its position as a key player with nine investments in European startups. With a presence in Dubai, London, and Tokyo, Ventura Capital boasts an international network of limited partners and a sector-agnostic investment approach, contributing to its noteworthy investments in companies such as Coursera and Spotify.

Qatar Investment Authority, headquartered in Doha, Qatar, has made significant inroads into the European startup ecosystem with six notable investments. As the sovereign wealth fund of Qatar, QIA’s diversified portfolio spans private and public equity, infrastructure, and real estate, with strategic investments in tech startups across healthcare, consumer, and industrial sectors.

MetaVision Dubai, a newcomer to the scene, has swiftly garnered attention with six investments in European startups. Focusing on seed to Series A startups in the metaverse and Web3 space, MetaVision raised an undisclosed fund in 2022, affirming its commitment to emerging technologies and innovative ventures.

Investcorp, headquartered in Manama, Bahrain, has solidified its presence with six investments in European startups. With a focus on mid-sized B2B businesses, Investcorp’s diverse investment strategies encompass private equity, real estate, infrastructure, and credit management, contributing to its notable investments in companies such as Terra Quantum and TruKKer.

Chimera Capital, based in Abu Dhabi, UAE, rounds off the list with four strategic investments in European startups. As part of a prominent business conglomerate, Chimera Capital leverages its global reach and sector-agnostic approach to drive investments in ventures such as CMR Surgical and Neat Burger.

In conclusion, the burgeoning influx of capital from Gulf investors into European startups underscores the region’s growing appeal as a vibrant hub for innovation and entrepreneurship. With key players such as Aramco Ventures, Mubadala Capital, and Ventura Capital leading the charge, European startups are poised to benefit from the strategic investments and partnerships forged with Gulf investors, propelling them towards sustained growth and success in the global market landscape.

We Can’t Thank You Enough For Your Support!

— By Darren Wilson, Team

— Contact us:

— Anonymous submissions:

Continue Reading


China Reveals Lunar Mission: Sending ‘Taikonauts’ To The Moon From 2030 Onwards

China Reveals Lunar Mission

The Voice Of EU | In a bold stride towards lunar exploration, the Chinese Space Agency has unveiled its ambitious plans for a moon landing set to unfold in the 2030s. While exact timelines remain uncertain, this endeavor signals a potential resurgence of the historic space race reminiscent of the 1960s rivalry between the United States and the USSR.

China’s recent strides in lunar exploration include the deployment of three devices on the moon’s surface, coupled with the successful launch of the Queqiao-2 satellite. This satellite serves as a crucial communication link, bolstering connectivity between Earth and forthcoming missions to the moon’s far side and south pole.

Unlike the secretive approach of the Soviet Union in the past, China’s strategy leans towards transparency, albeit with a hint of mystery surrounding the finer details. Recent revelations showcase the naming and models of lunar spacecraft, steeped in cultural significance. The Mengzhou, translating to “dream ship,” will ferry three astronauts to and from the moon, while the Lanyue, meaning “embrace the moon,” will descend to the lunar surface.

Drawing inspiration from both Russian and American precedents, China’s lunar endeavor presents a novel approach. Unlike its predecessors, China will employ separate launches for the manned module and lunar lander due to the absence of colossal space shuttles. This modular approach bears semblance to SpaceX’s Falcon Heavy, reflecting a contemporary adaptation of past achievements.

Upon reaching lunar orbit, astronauts, known as “taikonauts” in Chinese, will rendezvous with the lunar lander, reminiscent of the Apollo program’s maneuvers. However, distinct engineering choices mark China’s departure from traditional lunar landing methods.

The Chinese lunar lander, while reminiscent of the Apollo Lunar Module, introduces novel features such as a single set of engines and potential reusability and advance technology. Unlike past missions where lunar modules were discarded, China’s design hints at the possibility of refueling and reuse, opening avenues for sustained lunar exploration.

China Reveals Lunar Mission: Sending 'Taikonauts' To The Moon From 2030 Onwards
A re-creation of the two Chinese spacecraft that will put ‘taikonauts’ on the moon.CSM

Despite these advancements, experts have flagged potential weaknesses, particularly regarding engine protection during landing. Nevertheless, China’s lunar aspirations remain steadfast, with plans for extensive testing and site selection underway.

Beyond planting flags and collecting rocks, China envisions establishing a permanent lunar base, the International Lunar Research Station (ILRS), ushering in a new era of international collaboration in space exploration.

While the Artemis agreements spearheaded by NASA have garnered global support, China’s lunar ambitions stand as a formidable contender in shaping the future of space exploration. In conclusion, China’s unveiling of its lunar ambitions not only marks a significant milestone in space exploration but also sets the stage for a new chapter in the ongoing saga of humanity’s quest for the cosmos. As nations vie for supremacy in space, collaboration and innovation emerge as the cornerstones of future lunar endeavors.

Continue Reading


Aviation and Telecom Industries Reach Compromise on 5G Deployment

The Voice Of EU | In a significant development, AT&T and Verizon, the two largest mobile network operators in the United States, have agreed to delay the deployment of 5G services following requests from the aviation industry and the Biden administration. This decision marks a crucial compromise in the long-standing dispute between the two industries, which had raised concerns over the potential interference of 5G with flight signals.
The aviation industry, led by United Airlines CEO Scott Kirby, had been vocal about the risks of 5G deployment, citing concerns over the safety of flight operations. Kirby had urged AT&T and Verizon to delay their plans, warning that proceeding with the deployment would be a “catastrophic failure of government.” The US Senate Commerce Committee hearing on the issue further highlighted the need for a solution.
In response, US Transportation Secretary Pete Buttigieg and Federal Aviation Administration (FAA) head Steve Dickson sent a letter to the mobile networks, requesting a two-week delay to reassess the potential risks. Initially, AT&T and Verizon were hesitant, citing the aviation industry’s two-year preparation window. However, they eventually agreed to the short delay, pushing the deployment to January 19.
The crux of the issue lies in the potential interference between 5G signals and flight equipment, particularly radar altimeters. The C-Band spectrum used by 5G networks is close to the frequencies employed by these critical safety devices. The FAA requires accurate and reliable radar altimeters to ensure safe flight operations.

Airlines in the US have been at loggerheads with mobile networks over the deployment of 5G and its potential impact on flight safety.

Despite the concerns, both the FAA and the telecoms industry agree that 5G mobile networks and airline travel can coexist safely. In fact, they already do in nearly 40 countries where US airlines operate regularly. The key lies in reducing power levels around airports and fostering cross-industry collaboration prior to deployment.
The FAA has been working to find a solution in the United States, and the additional two-week delay will allow for further assessment and preparation. AT&T and Verizon have also agreed to not operate 5G base stations along runways for six months, similar to restrictions imposed in France.
President Joe Biden hailed the decision to delay as “a significant step in the right direction.” The European Union Aviation Safety Agency and South Korea have also reported no unsafe interference with radio waves since the deployment of 5G in their regions.
As the aviation and telecom industries continue to work together, it is clear that safe coexistence is possible. The delay in 5G deployment is a crucial step towards finding a solution that prioritizes both safety and innovation. With ongoing collaboration and technical assessments, the United States can join the growing list of countries where 5G and airlines coexist without issue.

Continue Reading


Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!