1. Home
  2. Ransom

Ransom

WonderFi CEO kidnapped and forced to pay $1M ransom: Report

WonderFi CEO Dean Skurka reportedly said in an email that he is “safe” now and that no company funds and data were impacted.

The CEO of Toronto crypto firm WonderFi Technologies was reportedly kidnapped and forced to pay a $1 million ransom for this release, CBC reported on Nov. 7.

Dean Skurka was “forced” into a vehicle in downtown Toronto during “rush hour” on Nov. 6 and made a $1 million electronic transfer to secure his release, a source close to the investigation told CBC.

Skurka reportedly confirmed via email that he was involved in an “incident” on Nov. 6 but is safe and that company funds and data were not impacted.

Read more

Coinbase wrapped Bitcoin deploys on Solana, aimed at growing DeFi market

Missouri Man Arrested for Extorting Former Employer With Bitcoin Ransom

Missouri Man Arrested for Extorting Former Employer With Bitcoin RansomA Missouri man, Daniel Rhyne, was arrested for attempting to extort his former employer, a New Jersey-based industrial company. Rhyne, a former core infrastructure engineer for the company, allegedly sent an extortion email on Nov. 25, 2023, claiming to have locked out or deleted the company’s IT administrators from its computer network and deleted server […]

Coinbase wrapped Bitcoin deploys on Solana, aimed at growing DeFi market

Russian Cybercriminal Extradited to US in Crypto Crime Case

Russian Cybercriminal Extradited to US in Crypto Crime CaseA Russian cybercriminal, Deniss Zolotarjovs, has been charged in the U.S. with crimes related to his involvement in a cybercrime organization known for extorting victims and laundering cryptocurrency. The 33-year-old Moscow resident was indicted in Cincinnati, Ohio, on charges of conspiracy to commit money laundering, wire fraud, and Hobbs Act extortion. Arrested in Georgia in […]

Coinbase wrapped Bitcoin deploys on Solana, aimed at growing DeFi market

Malaysian Police Hunt 4 Suspects in Kidnapping Case Involving $1.2M Crypto Ransom

Malaysian Police Hunt 4 Suspects in Kidnapping Case Involving .2M Crypto RansomSelangor police in Malaysia are pursuing four local suspects connected to the July 11 kidnapping of a Chinese national and a Malaysian woman near the Lebuharaya Maju Toll Plaza in Cyberjaya. Selangor Police Chief Datuk Hussein Omar Khan disclosed that three men and a woman remain at large, while 14 others involved have been apprehended […]

Coinbase wrapped Bitcoin deploys on Solana, aimed at growing DeFi market

BlackBerry reveals top crypto-focused malware amid rising cyberthreats

When it comes to Blackberry’s list of the most prevalent malware families, SmokeLoader, RaccoonStealer (also known as RecordBreaker) and Vidar top the charts.

In the process of stopping over 1.5 million cyberattacks between March to May, the cybersecurity arm of the defunct smartphone goliath BlackBerry identified malware families that actively try to hijack computers to mine or steal cryptocurrencies.

The three industries most affected by cyberattacks are finance, healthcare and government, according to the BlackBerry report. A commodity malware named RedLine is one of the long-standing financial threats — tasked with harvesting information including cryptocurrency and banking information.

The three industries with the highest distribution of stopped cyberattacks and stopped unique/different samples during this period. Source: BlackBerry

Clop ransomware — a variant of the CryptoMix ransomware family — was a common threat that specifically targeted banking and financial institutions. This malware was responsible for the data breach of fintech banking platform Hatch Bank.

When it comes to Blackberry’s list of the most prevalent malware families, SmokeLoader, RaccoonStealer (also known as RecordBreaker) and Vidar top the charts. SmokeLoader is one of the oldest rogue financial tools from 2011, which has primarily been used by Russian-based threat actors to load crypto miners among other malware.

RaccoonStealer has been used to steal cryptocurrency wallet data and is being reportedly sold across the dark web. Vidar also is being widely used to harvest cryptocurrency wallets.

Linux was the biggest target out of all operating systems, and BlackBerry advised organizations to apply security patches regularly. Hackers target Linux to hijack and use computer resources for mining cryptocurrencies. A new strain of infostealer named Atomic macOS (AMOS) targets macOS users, primarily used to collect credentials from keychains, browsers, and crypto-wallets among others.

Related: SEC adopts cyberattack disclosure rules, listed crypto firms included

OpenAI, the creator of ChatGPT and Dall-e, recently announced a $1 million cybersecurity grant program to enhance and measure the impact of AI-driven cybersecurity technologies.

OpenAI cybersecurity grant program. Source: OpenAI

“Our aim is to foster the advancement of AI-driven cybersecurity capabilities for defenders through grants and additional assistance,” stated OpenAI, in its official announcement.

Magazine: Deposit risk: What do crypto exchanges really do with your money?

Coinbase wrapped Bitcoin deploys on Solana, aimed at growing DeFi market

US Court Sentences Russian Crypto Ransom Launderer to Probation and Fine

US Court Sentences Russian Crypto Ransom Launderer to Probation and FineA Russian crypto entrepreneur, charged with laundering money from ransomware attacks, has been sentenced to probation and fined in the U.S. after pleading guilty. Founder of two coin trading platforms, Denis Dubnikov, was arrested in the Netherlands and extradited to the U.S. last year. Oregon Court Sentences Russian for Processing Ryuk Payments A Russian national […]

Coinbase wrapped Bitcoin deploys on Solana, aimed at growing DeFi market

Crypto investors under attack by two new malware, reveals Cisco Talos

Since Dec. 2022, the two malicious files — MortalKombat ransomware and Laplas Clipper malware threats — have been actively scouting the Internet for stealing cryptocurrencies from unwary investors.

Anti-malware software Malwarebytes highlighted two new forms of malicious computer programs propagated by unknown sources that are actively targeting crypto investors in a desktop environment. 

Since December 2022, the two malicious files in question — MortalKombat ransomware and Laplas Clipper malware threats — have been actively scouting the Internet for stealing cryptocurrencies from unwary investors, revealed the threat intelligence research team, Cisco Talos. The victims of this campaign are predominantly located in the United States, with a smaller percentage of victims in the United Kingdom, Turkey, and the Philippines, as shown below.

Victimology of the malicious campaign. Source: Cisco Talos

The malicious software work in partnership to swoop information stored in the user’s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects wallet addresses copied onto the clipboard and replaces them with a different address.

The attack relies on the user’s inattentiveness to the sender’s wallet address, which would send over the cryptocurrencies to the unidentified attacker. With no obvious target, the attack spans individuals and small and large organizations.

Ransom notes shared by MortalKombat ransomware. Source: Cisco Talos

Once infected, the MortalKombat ransomware encrypts the user’s files and drops a ransom note with payment instructions, as shown above. Revealing the download links (URLs) associated with the attack campaign, Talos’ report stated:

“One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos’ analysis, 193[.]169[.]255[.]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389.”

As explained by Malwarebytes, the “tag-team campaign” starts with a cryptocurrency-themed email containing a malicious attachment. The attachment runs a BAT file that helps download and execute the ransomware when opened.

Thanks to the early detection of malicious software with high potential, investors can proactively prevent this attack from impacting their financial well-being. As always, Cointelegraph advises investors to perform extensive due diligence before making investments while ensuring the official source of communications. Check out this Cointelegraph Magazine article to learn how to keep crypto assets safe.

Related: US Justice Department seizes website of prolific ransomware gang Hive

On the flip side, as ransomware victims continue to refuse extortion demands, ransomware revenues for attackers plummeted 40% to $456.8 million in 2022.

Total value extorted by ransomware attackers between 2017 and 2022. Source: Chainalysis

While revealing the information, Chainalysis noted that the figures don’t necessarily mean the number of attacks is down from the previous year.

Coinbase wrapped Bitcoin deploys on Solana, aimed at growing DeFi market

Russian Charged With Laundering Ransomware Proceeds in Crypto Pleads Guilty in US

Russian Charged With Laundering Ransomware Proceeds in Crypto Pleads Guilty in USA Russian national accused of processing cryptocurrency payments from ransomware attacks has pleaded guilty to money laundering in the United States. The man who was extradited from the Netherlands in mid-August, last year, will be sentenced in April. Russian Crypto Launderer Pleads Guilty in US Court, May Get Up to 20 Years in Prison An […]

Coinbase wrapped Bitcoin deploys on Solana, aimed at growing DeFi market

Hive Ransomware Network Dismantled by American, European Law Enforcement

Hive Ransomware Network Dismantled by American, European Law EnforcementLaw enforcement authorities from over a dozen countries in Europe and North America have taken part in disrupting the activities of the Hive ransomware group, the U.S. Justice Department and Europol announced. Hive is believed to have targeted various organizations worldwide in the past couple of years, often extorting payments in cryptocurrency. Captured Decryption Keys […]

Coinbase wrapped Bitcoin deploys on Solana, aimed at growing DeFi market

Hackers Hit Romanian Hospital, Demand Bitcoin Ransom

Hackers Hit Romanian Hospital, Demand Bitcoin RansomA hospital in Romania has been targeted in a ransomware attack with the perpetrators seeking payment in cryptocurrency to decrypt its database. The hack prevents the medical institution from reporting to the country’s health insurance fund in order to receive due funding. Botoşani Hospital Blackmailed for Bitcoin, Romanian Media Reports The Saint Gheorghe Recovery Hospital […]

Coinbase wrapped Bitcoin deploys on Solana, aimed at growing DeFi market