Europol Strikes Against Global Ransomware Gang! ๐Ÿš“๐Ÿ’ป

Nov 30 2023

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that pulls no cyber-punches ๐Ÿ‘Šย 

Todayโ€™s hottest cybersecurity news stories:ย 

  • ๐Ÿšจ Woop, woop, thatโ€™s the sound of the Europol: hackers arrested ๐Ÿ‘ฎย 

  • ๐Ÿ‘จโ€๐Ÿ’ป Google Workspace drama: design flaw could allow breaches โš ๏ธย 

  • โ˜ ๏ธ Feels like deja vu: DJVU's new 'Xaro' looks like free software ๐ŸŽญย ย 

The Europolls are in; cybercriminals are DOWN ๐Ÿ“‰ย 

๐Ÿšจ Breaking News: Europol Strikes Against Global Ransomware Gang! ๐Ÿš“๐Ÿ’ป

Europol, joined by international law enforcement allies, has apprehended five individuals accused of orchestrating widespread ransomware attacks affecting 1,800+ victims globally. The suspects, including the alleged ringleader, were nabbed in Ukraine following raids at 30 locations. ๐ŸŒ๐Ÿ•ต๏ธ

In a coordinated effort involving investigators from Norway, France, Germany, and the U.S., Europol set up a virtual command centre to process seized data. ๐ŸŒ๐Ÿ’ฝย 

Ukraine's Cyber Police reported the confiscation of computers, cars, SIM cards, and cryptocurrency assets, totaling almost $110,000. The arrests are part of a prolonged investigation that began in 2021, leading to the identification of suspects targeted in the recent action in Kyiv. ๐Ÿ‘ฎโ€โ™‚๏ธ๐Ÿ’ป

The accused hackers are charged with encrypting 250+ servers, extorting "several hundred million euros" from victims. Their roles ranged from brute-force attacks to laundering cryptocurrency payments. Europol highlighted the havoc wreaked on organisations using ransomware variants like LockerGoga, MegaCortex, Hive, and Dharma. ๐Ÿคฏ๐Ÿ’ผย 

In a positive twist, Europol's probe enabled Swiss authorities, in collaboration with Bitdefender and the EU's No More Ransom project, to develop decryption tools for LockerGoga and MegaCortex. Victims can now recover files without paying ransoms. ๐Ÿ›ก๏ธ๐Ÿ’พย 

This crackdown marks a significant victory in the fight against cybercrime! ๐ŸŒ๐Ÿ›‘ย 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

Google has egg on Workface ๐Ÿ˜‚ย 

๐Ÿšจ Alert: Severe Design Flaw in Google Workspace Uncovered! ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ผย 

Cybersecurity researchers have unearthed a critical flaw, codenamed DeleFriend, in Google Workspace's domain-wide delegation (DWD) feature. ๐Ÿ˜ฑ๐Ÿ” This vulnerability could be exploited by threat actors for privilege escalation, enabling unauthorised access to Workspace APIs without super admin privileges.ย 

According to cybersecurity firm Hunters, exploitation of this flaw could lead to email theft, data exfiltration from Google Drive, and unauthorised actions within Google Workspace APIs across the entire target domain. Google disputed the characterization, stating it's not an underlying security issue but emphasised minimising account privileges. ๐Ÿค”๐Ÿšซย 

The flaw is rooted in a domain delegation configuration determined by the OAuth ID, not specific private keys, allowing potential threat actors with less privileged access to create numerous JSON web tokens. This could pinpoint successful combinations, indicating domain-wide delegation permission. ๐Ÿ”๐Ÿ”‘ย 

Successful exploitation poses severe consequences, allowing malicious actors to impact every identity within the Workspace domain, unlike individual OAuth consent. Hunters has provided a proof-of-concept for detecting misconfigurations. Stay vigilant! ๐Ÿ”’๐Ÿ›ก๏ธย 

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

From hero to Xaro ๐Ÿ˜ย ย 

๐Ÿšจ Alert: New Variant of DJVU Ransomware Emerges in Cracked Software! ๐Ÿ’ป๐Ÿ”’ย 

Cybereason, the American cybersecurity firm, has identified a fresh threat – a variant of DJVU ransomware dubbed Xaro. ๐Ÿฆ ๐Ÿ›‘ This variant is spreading through cracked software, appending the .xaro extension to files and demanding ransom for decryption. ๐Ÿ”๐Ÿ’ธย 

DJVU, a variant of STOP ransomware, often disguises itself as legitimate services or applications and arrives as a SmokeLoader payload. Notably, DJVU attacks deploy additional malware like RedLine Stealer and Vidar, heightening their damage potential. ๐ŸŒ๐Ÿ‘พย 

In the latest attack documented by Cybereason, Xaro is distributed as an archive file from dubious sources posing as legitimate freeware sites. Opening the archive triggers the execution of a fake installer, CutePDF, which is actually the PrivateLoader malware downloader.ย 

PrivateLoader connects to a command-and-control server, fetching various malware families like RedLine Stealer, Vidar, SmokeLoader, and more, in addition to dropping Xaro. This diverse approach aims to ensure attack success and double extortion by exfiltrating sensitive information.ย 

ย Xaro encrypts files, drops a ransom note demanding $980 (reduced to $490 within 72 hours), and spawns Vidar to steal information. ๐Ÿ“‚๐Ÿ’ฐย 

This incident highlights the dangers of downloading freeware from untrusted sources.ย ๐Ÿšซโš ๏ธ Enterprises must be vigilant against these tactics, as threat actors increasingly use freeware as a stealthy means to deploy malicious code. ๐Ÿ›ก๏ธ๐Ÿ‘€ย 

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles