With cooperation and help from several international law enforcement agencies, the Federal Bureau of Investigation (FBI) shuttered the Hive Ransomware group, returned closed to 1,300 decryption keys and stopped $130 million in ransom payments. In other cybersecurity news, over 10 million JD Sports customers had their information stolen.
Data breach exposes 10 million JD Sports customers
Recently, hackers breached a JD Sports server that contained extremely sensitive order data for 10 million customers. An official statement from the U.K. retailer has confirmed that all online order data from 2018 to 2020 was compromised and includes enough personally identifiable information (PII) for the attackers to launch additional phishing campaigns. While the company was quick to secure the vulnerable server, this attack brought to light the unnecessary amount of old data that JD Sports was storing.
International law enforcement efforts bring down Hive Ransomware
With the combined efforts of several international law enforcement agencies, the FBI has completed a successful takedown of the Hive ransomware group by taking control of their leak site and accessing a considerable number of decryption keys. Hive ransomware operated as a service, allowing affiliates to conduct their own attacks, while paying back a percentage of any ransoms paid to Hive developers. It is believed that this operation was able to successfully return decryption keys to ~1,300 Hive victims and stop the payments of $130 million in demanded ransoms.
LockBit Green variant focuses on cloud-based services
The threat actors behind the LockBit ransomware group have recently released a new variant of their Ransomware-as-a-Service, dubbed LockBit Green. This new variant contains a considerable amount of source code from the now-defunct Conti ransomware, and now includes the capability to target cloud-based services. While some of the code behind LockBit Green is different from previous versions, the creators have re-used several assets including the ransom note from earlier LockBit variants.
Fraudulent rewards apps installed over 20 million times
Researchers have identified a series of apps circulating on the Google Play store that offers the users virtual rewards for completing simple tasks, though the apps provide no method to redeem rewards and instead forces users to watch ads in hopes of collecting their earned rewards. Among the nefarious apps, which all come from the same developer, they had a combined 20 million downloads before being removed from the app store.
Ransomware closes Nantucket Public Schools
At the beginning of this week, officials for Nantucket Public Schools revealed that they would be forced to close all five of their schools due to a ransomware attack that was affecting a substantial portion of their systems. It is still unclear as to which ransomware group targeted the small school district or if any sensitive data was stolen during the attack, though the investigation is still underway. Educational institutions have become a popular ransomware target in recent years, as they tend to have weaker security protocols, despite the amount and sensitivity of data they store.
