Let me remind you that we wrote that Ukrainian Law Enforcers Arrested Hackers Who Sold More Than 30 Million Accounts, and also that Ukrainian law enforcement officers arrested members of the hacker group Phoenix.

Fraudsters operated call centers and offices in Germany, Spain, Latvia, Finland, Albania, and Ukraine and forced their victims to make fake investments.

The publication Bleeping Computer says that the criminals have created an extensive network of fake sites disguised as resources for investors in cryptocurrencies, stocks, bonds, futures, and options. The scammers pretended that the investments were profitable for the investors, convincing the victims that they could make a quick profit and tricking them into investing even more.

In fact, neither the investment nor the “profit” could be withdrawn from the fraudulent platforms, and by the time the victims realized what was happening, they were already losing huge sums.

The FBI recently warned about this type of fraud, calling such attacks “pig butchering“. Law enforcers wrote that this is a very profitable scheme used by scammers around the world.

The FBI explained that scammers use social engineering and get in touch with people (“pigs”) on social networks. Over time, perpetrators gain the trust of victims by faking friendship or romantic interest, and sometimes even posing as real friends of the target. Then, at some point, the criminals offer the victim to invest in cryptocurrency, for which the target is directed to a fake site. As mentioned above, it is impossible to return funds and receive fake “income” from such a resource.

These scams can last for months, and the victims give the scammers huge sums (from thousands to millions of dollars) before realizing they have been scammed. For example, Forbes recently reported on a 52-year-old man from San Francisco who lost about a million dollars due to “slaughtering pigs.” In this case, the scammers pretended to be an old colleague of the victim.

According to a Ukrainian cyber police statement, the criminal group has hired more than 2,000 people in its call centers, luring victims to fraudulent websites. There were three call centers located in the territory of Ukraine, and five people detained by the police were allegedly the organizers of local operations. It is reported that during the searches conducted in Kyiv and Ivano-Frankivsk, more than 500 pieces of computer equipment and mobile phones were seized.

The detainees will be charged with fraud, which is punishable by up to eight years in prison.

But cyber scammers do not live by slaughtering pigs alone, for example, the media recently reported that the Cyber Police of Ukraine had neutralized a large phishing service, which operators’ attacked banks in eleven countries.

The post Ukrainian Cyber Police and Europol Arrested Fraudsters Involved in Fake Investments appeared first on Gridinsoft Blog.

In fact, the detected threat is a classic wiper, that is, malware designed to deliberately destroy data on an infected host.

WhisperGate wiper

Such malware is usually used either to mask other attacks and remove important evidence of a hack, or to perform sabotage in order to inflict maximum damage on the victim and prevent it from performing its usual activities, as was the case with the Shamoon, NotPetya or Bad Rabbit attacks.

According to the company, the attacks began on January 13, and the affected systems belonged to several Ukrainian state institutions, as well as non-profit organizations and information technology companies. Similarly to cases of NotPetya and BadRabbit wipers, the new malware also comes with a component that overwrites the MBR and prevents infected systems from booting.

The researchers have not yet been able to determine the vector of malware distribution, and therefore it is unclear whether the attack affected anyone else besides Ukrainian targets.

WhisperGate replaces the usual boot screen with a ransom note, which researchers say contains an amount, a bitcoin address, and a Tox ID to contact the attackers. So far, no payments have been made to the wallet of criminals.

However, experts note that it is useless to pay: even if the victims manage to restore the MBR, the malware deliberately damages files with certain extensions, overwriting their contents with a fixed number of bytes 0xCC, bringing the total file size to 1 MB. The affected extensions are listed below.

3DM .3DS .7Z .ACCDB .AI .ARC .ASC .ASM .ASP .ASPX .BACKUP .BAK .BAT .BMP .BRD .BZ .BZ2 .CGM .CLASS .CMD .CONFIG .CPP .CRT .CS .CSR .CSV .DB .DBF .DCH .DER .DIF .DIP .DJVU.SH .DOC .DOCB .DOCM .DOCX .DOT .DOTM .DOTX .DWG .EDB .EML .FRM .GIF .GO .GZ .HDD .HTM .HTML .HWP .IBD .INC .INI .ISO .JAR .JAVA .JPEG .JPG .JS .JSP .KDBX .KEY .LAY .LAY6 .LDF .LOG .MAX .MDB .MDF .MML .MSG .MYD .MYI .NEF .NVRAM .ODB .ODG .ODP .ODS .ODT .OGG .ONETOC2 .OST .OTG .OTP .OTS .OTT .P12 .PAQ .PAS .PDF .PEM .PFX .PHP .PHP3 .PHP4 .PHP5 .PHP6 .PHP7 .PHPS .PHTML .PL .PNG .POT .POTM .POTX .PPAM .PPK .PPS .PPSM .PPSX .PPT .PPTM .PPTX .PS1 .PSD .PST .PY .RAR .RAW .RB .RTF .SAV .SCH .SHTML .SLDM .SLDX .SLK .SLN .SNT .SQ3 .SQL .SQLITE3 .SQLITEDB .STC .STD .STI .STW .SUO .SVG .SXC .SXD .SXI .SXM .SXW .TAR .TBK .TGZ .TIF .TIFF .TXT .UOP .UOT .VB .VBS .VCD .VDI .VHD .VMDK .VMEM .VMSD .VMSN .VMSS .VMTM .VMTX .VMX .VMXF .VSD .VSDX .VSWP .WAR .WB2 .WK1 .WKS .XHTML .XLC .XLM .XLS .XLSB .XLSM .XLSX .XLT .XLTM .XLTX .XLW .YML .ZIP file

Microsoft experts have said that so far, they have not been able to link these attacks to any specific hack group, and they are currently tracking the attackers under the ID DEV-0586.

Attacks on Ukrainian sites

At the end of last week, we already wrote that many Ukrainian sites suffered from cyberattacks and were defaced.

As the Ukrainian authorities have now said, Russian hackers are responsible for this attack:

The ministry says that the purpose of this attack is “not only to intimidate the public,” but also “to destabilize the situation in Ukraine by shutting down the public sector and undermining confidence in the government on the part of Ukrainians.”

I also recall that I reported that Russian-speaking hackers attacked the government infrastructure of Poland.

The post Microsoft discovered the WhisperGate wiper attacking Ukrainian users appeared first on Gridinsoft Blog.

A press release from the Ukrainian cyber police states that the authorities have arrested a 25-year-old resident of Kiev. Searches were carried out at the place of residence of the suspect and in the homes of his relatives, as a result of which computer equipment, mobile phones, vehicles, more than $ 360,000 in cash were seized, and about $1.3 million in cryptocurrency were blocked.

In turn, Europol reports the arrest of two hackers who have been active since April 2020. At the same time, it is emphasized that this group “is known for its extortionate demands for a ransom from 5 to 70 million euros.”

Due to the mention of such large ransom amounts, some information security experts suggested that two suspects may be associated with the ransomware group REvil.

Let me remind you that the Cyber Police of Ukraine arrested persons linked with the Clop ransomware.

The post Ukrainian cyber police arrested ransomware operators who “earned” $150 million appeared first on Gridinsoft Blog.

The arrest of the developer of the malicious toolkit was the result of an international investigation.

ZDNet’s own sources claim that the phishing toolkit is called uPanel (aka U-Admin). Last year, researcher Fred HK described this phishing kit as follows:

Reporters write that uPanel used to be sold through a special site on the darknet and advertised on a popular hack forum, by a person known as kaktys1010. Based on old ads, the uPanel suite has been available for sale since 2015 for between $80 and $800, depending on the features that buyers wanted.

Ukrainian law enforcement officials report that after a search and seizure of computers, laptops and smartphones in the suspect’s house, the investigation identified more than 200 active uPanel clients.

A video published by Ukrainian officials with footage of the suspect’s arrest is available below:

Investigators say the suspect not only wrote and advertised the phishing kit, but spent a lot of time and effort providing technical support to his clients.

UPanel-sponsored phishing attacks targeted financial institutions in Australia, Spain, the United States, Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany and the United Kingdom. For example, 50% of all phishing attacks targeting Australian users in 2019 were managed using uPanel.

As we reported, last year the Ukrainian cyber police in cooperation with Binance detained operators of 20 cryptocurrency exchangers.

The post Ukrainian cyber police arrested the author of uPanel phishing kit appeared first on Gridinsoft Blog.

For this, the Binance leadership created the Bulletproof Exchanger project, which should help identify malicious activity in the cryptocurrency ecosystem, as well as help track down the attackers behind it. In the framework of the project, the exchange cooperates with TRM Labs specialists.

“Hence on cryptocurrency market conducted large number of operations with money that were earned in hacker’s attacks on the international companies, spread of malware, stealing money from back accounts of foreign companies and citizens, cooperation of Ukrainian cyber police department with Binance company and its help may assist in detainment of persons, involved in such crimes”, – said head of the Ukrainian cyber police Oleksandr Grinchak.

The Bulletproof Exchanger project is already demonstrated its effectiveness. This week, the cyber police of Ukraine, together with the General Investigation Department and Binance specialists, announced the disclosure and arrest of a criminal group, three members of which operated 20 darknet exchangers and provided services for legalizing and cashing out illegally obtained money.

During 2018-2019, these people made financial transactions worth 42 million dollars. In particular, they laundered money obtained through hacker attacks on international companies and spread of malware, as well as funds stolen from bank accounts of foreign companies and citizens.

Law enforcers conducted searches, as a result of which were seized: computer equipment, weapons, ammunition and money worth more than $200,000. It is reported that during a preliminary examination of the seized equipment, the police found digital evidence of the criminal activities of the detainees.

Currently, the pre-trial investigation continues within the framework of the initiated criminal proceedings. Three defendants face up to eight years in prison for their crimes.

Let me remind you that I also talked about the fact that representatives of the French cyber police believe that in Ukraine hide LockerGoga ransomware developers.

The post Ukrainian cyber police in cooperation with Binance detained operators of 20 cryptocurrency exchangers appeared first on Gridinsoft Blog.