The hottest Ransomware Substack posts right now

And their main takeaways

Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner

Zero Day • 899 implied HN points • 26 Oct 23

🕹 Technology Malware Ransomware

The StripedFly malware was initially thought to be a crypto miner but turned out to be a sophisticated spy platform that infected over a million victims worldwide since 2017.
One unique aspect of StripedFly is the custom-coded TOR client used for communication and data transfer, which shows the attackers' high level of skill and security consciousness.
StripedFly includes a ransomware component named ThunderCrypt, raising questions about the intent behind including ransomware in an espionage tool and how it fits into the overall operation.

Technology Enabled Scams

David Friedman’s Substack • 125 implied HN points • 19 Feb 24

🕹 Technology Scams Ransomware

Technology has enabled a variety of scams, like mass production blackmail and forged evidence threats, taking advantage of a large number of people at a low cost.
Legal and computer service scams are becoming more prevalent, with scammers using tactics like phone calls offering legal help after accidents or fake tech support from companies like Microsoft.
Advanced technology like deepfake videos and ransomware pose serious risks, as seen in cases where fraudsters used deepfake technology to trick workers into transferring large sums of money or when victims are extorted for payments to decrypt their files.

When “Volt Typhoon” Blows Over: Cases of China’s Offensive Cyber Operation

Natto Thoughts • 99 implied HN points • 09 Feb 24

🕹 Technology Cybersecurity Espionage Ransomware

China's state-backed cyber threat group Volt Typhoon is targeting critical infrastructure in the US, showing a shift from espionage to preparing for destructive cyberattacks.
Chinese cyber campaigns have evolved to focus on offensive operations like disrupting or destroying target organizations, in addition to traditional cyber espionage.
China's interest in offensive cyber operations has been growing since at least 2000, involving the integration of military, government, and private sector resources to build offensive cyber capabilities.

Threats Without Borders - Issue 165

Threats Without Borders • 78 implied HN points • 16 Jan 24

🕹 Technology Cybercrime Ransomware Malware Scams Data Breach

Paying ransomware rewards criminals and perpetuates the problem.
Small businesses often face the dilemma of paying ransomware or shutting down.
Outlawing ransomware payments may turn small business owners into criminals.

Wazawaka & Co.

Natto Thoughts • 39 implied HN points • 15 Feb 24

🕹 Technology Cybercrime Ransomware Hackers

A new report by Prodaft sheds light on the intricate world of Russian cybercrime communities, revealing relationships among prominent hackers including Mikhail Matveev.
Matveev, also known as Wazawaka, plays a significant role in leading a cybercriminal team orchestrating ransomware attacks, showcasing the dynamic and unethical practices within the ransomware ecosystem.
Prodaft's report unveils Matveev's connections to other cybercriminal groups, such as Babuk and EvilCorp, underscoring the complex relationships and betrayals within the Russian cyber underground.

Get a weekly roundup of the best Substack posts, by hacker news affinity:

Threats Without Borders - Issue 164

Threats Without Borders • 78 implied HN points • 09 Jan 24

🕹 Technology Cybersecurity Ransomware Data Breach Identity Verification

Online banks have a frictionless account creation process, raising concerns about identity verification.
Regions Bank suffered significant losses due to changes in check holding policies.
Security firm Emsisoft advocates for banning ransomware payments to discourage criminal behavior.

Wazawaka & Co., Part 2: Patriotic Hacker

Natto Thoughts • 19 implied HN points • 22 Feb 24

🌍 World Politics Cybercrime Ransomware International relations

Matveev, a.k.a. Wazawaka, of the Babuk ransomware group aligns his attacks with Russian strategic interests, suggesting a possible connection to the Russian state.
The Russian government views IT experts and hackers as valuable assets and can use them as a deterrent against adversaries, as seen in battles over extradition and state-coordinated cyber operations.
Ransomware criminals like Matveev may mix financial motives with political considerations by targeting victims and timing attacks to align with state goals as seen in Babuk's attacks on the DC Metropolitan Police Department and Costa Rica.

China's Volt Typhoon Has Lived in Critical Networks for At Least Five Years

Metacurity • 19 implied HN points • 08 Feb 24

📰 News Cybersecurity China Ransomware Hackers

Chinese hacking group Volt Typhoon has been living in critical networks of some industries in the US for at least five years.
Ransomware payments topped $1.1 billion in 2023, nearly doubling from the previous year, due to a surge in attacks.
UN investigates 58 suspected cyberattacks by North Korea totaling $3 billion to fund its nuclear weapons program.

The Cybersecurity Frontier

ussphoenix • 2 HN points • 06 Mar 23

🕹 Technology Cybersecurity Ransomware

Cybersecurity strategies need to evolve and adapt to outmaneuver cyber threats.
Moving Target Defense (MTD) is a crucial approach in cybersecurity, making it difficult for hackers to target systems.
Implementing MTD can help organizations stay ahead of threats like ransomware, drive-by attacks, and reduce attacker dwell time.

Air Force. Navy. Army. Cyber Force?

Seriously Risky Business • 0 implied HN points • 30 Mar 23

🕹 Technology Cybersecurity Government Hacking Ransomware Cryptocurrency

A proposal for a US Cyber Force as a 7th branch of the armed services is being considered, but there are concerns about the necessity and impact of such a move.
Biden's executive order on spyware aims to restrict commercial spyware use by the US government, formalizing existing practices, and working in conjunction with legislative initiatives.
The UK's NHS released a cyber security strategy focusing on collaboration, risk management, and learning from past cyber incidents, addressing challenges like limited cyber workforce and legacy technology.

G-Men Gone Wild

Seriously Risky Business • 0 implied HN points • 25 May 23

🕹 Technology Cybersecurity Surveillance Malware Ransomware

The FBI's misuse of Section 702 data is causing concerns about its renewal before expiration.
Section 702 allows US intelligence agencies to conduct targeted surveillance of foreigners internationally.
Recent updates by the FBI aim to reduce improper database queries and protect US citizens' privacy.

Russia's Cyber War Gets Smarter… And Dumber

Seriously Risky Business • 0 implied HN points • 11 Jan 24

🕹 Technology Cybersecurity Espionage Ransomware Telecommunications

Russia's cyber activities in Ukraine are a mix of smart surveillance techniques and flashy, but counterproductive, destructive operations.
Although a recent cyber attack by Russia on Kyivstar caused widespread disruption, it ultimately resulted in short-lived impact and missed potential intelligence gains.
Israeli cyber operations, like the Predatory Sparrow attacks in Iran, aim to send warnings but may not be effective in the current high-conflict environment.

Move Over NSO Group, There's a New Internet Villain

Seriously Risky Business • 0 implied HN points • 23 Feb 23

🕹 Technology Security Social media Ransomware

An undercover investigation revealed the activities of an Israeli election interference-for-hire company called Team Jorge, involving disinformation tactics and interference capabilities.
Team Jorge utilized a social media botnet named AIMS to control 30,000 personas across multiple platforms, alongside other tactics like denial of service attacks and hacking operations.
Google's report on Russian cyber activities during the Ukraine conflict highlighted mixed results in the aggressiveness of Russian government cyber actors, particularly in destructive attacks and intelligence collection efforts.