One Article Review
| Source |  CISCO Talos |
|---|---|
| Identifiant | 6769011 |
| Date de publication | 2022-09-07 11:00:19 (vue: 2022-09-07 16:06:16) |
| Titre | Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issues |
| Texte |  By Azim Khodjibaev, Colin Grady, Paul Eubanks.Since Aug. 20, 2022, Cisco Talos has been monitoring suspected distributed denial-of-service (DDoS) attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service (RaaS) data leak sites. While the source and origin of this activity remain unknown, this appears to be a concentrated effort against RaaS leak sites to disrupt their efforts to announce and post new victim information.Actors' responses have varied, with LockBit and ALPHV implementing new measures to counteract DDoS attacks against their sites while other groups like Quantum have simply resorted to redirecting web traffic elsewhere. LockBit also appears to have co-opted this technique by advertising that they are now adding DDoS as an extortion tactic in addition to encrypting and leaking data.RaaS leak sites experience intermittent outagesIn late August, Talos became aware of several prominent ransomware operations, such as ALPHV (also referred to as BlackCat) and LockBit, experiencing suspected DDoS attacks against their public data leak sites. These leak sites are typically hosted on Tor hidden services where, in a tactic known as double extortion, RaaS affiliates post victim information if the ransom demand is not met. On Aug. 26, we also observed at least seven more RaaS leak sites for LV, Hive, Everest, BianLian, Yanluowang, Snatch and Lorenz become inaccessible and go offline intermittently and/or experience slow traffic. Security researchers have also identified additional RaaS leak sites for Ragnar Locker and Vice Society which may have also been affected by this activity. However, we have only verified the Ragnar Locker claim at this time, as their leak site continues to experience outages. At the time of analysis, many of the aforementioned groups are still affected by connectivity issues and continue to face a variety of intermittent outages to their data leak sites, including frequent disconnects and unreachable hosts, suggesting that this is part of a sustained effort to thwart updates to those sites. On Aug. 20, a LockBit representative, "LockBitSupp", reported that nearly 1,000 servers were targeting the LockBit data leak sites, with nearly 400 requests per second. After reporting that their leak sites became unavailable due to a DDoS attack, LockBit provided screenshots alleging that the attack began as soon as they started to publish data to their leak site for Entrust, a digital security company LockBit targeted in July. |
| Envoyé | Oui |
| Condensat | 000 0day4 1000 100500 2022 300gb 301 400 ability able about access accessed active activity actors actually add added adding addition additional adoption advertising affected affecting affiliates aforementioned after against all alleging allow allowing alphv alphv: already also although always amateur among analysis and/or announce announced another anti anyone apparently appeal appear appears approach are attack attacks attempts attention aug august available aware azim back became because become been before began being below best bianlian bit blackcat blog blogs boring both bought bring build bulletproof but can capabilities chats chatter cisco claim claimed claiming claims clear clearnet colin com coming commenting companies company compared competitor component computer concentrated concerted conduct connectivity continue continues continuing could counteract create customer data days ddos ddosed ddoser ddosers ddostalos demand denial denied depending destroy detected developing didn different differently digital directed disconnects discord disrupt disruptions distributed does doesn domain double down download downtime drive due during each effects effort efforts elsewhere encrypting encryption enforcement enhancing entrust eubanks everest everyone existing expenseson experience experienced experiencing extortion f** face facing far felt filtering firm first following forum frequent from funny future generated given going got grady group groups guys had hard has have held hello help here hidden high hinder hindering hive hollow hosted hosts how however http/1 hypes identified impact implementations implemented implementing important inaccessible including increased increasing indicates indicating info information infrastructure initial inside interaction interactions interesting interfering intermittent intermittently interrupt issued issues its july just khodjibaev kill know known kurisu: late law leak leaking least legitimate level life like likely limitations limited link links load loading local localhost lockbit lockbitsupp lockbitsupp: locker logs looking lorenz made makes making many may maybe meaning meant measures met minimize mirror mirrors modernizing monetary monitoring more motivated motivation moved multiple nearly network new normal not note nothing now number observed offer official offline one ones only operation operations operators opted order origin other outages outagesin over panel part party paul pay payments people per permanently place please possibility possibly post power pretty private profile prominent properly protections provided public publicly publish put quantum quickly raas ragnar randomization ransom ransomware ready recently recommend recruitment redirect redirecting redirection reduce referred refreshing remain remains reported reporting reports representative reputation request requests researchers resorted resources respective respond responded responds response response: responses responsetalos resulting robust round same scrape screenshots second secrets security see seed seems sense serious servers service services serving seven several share shortly shows significant similar simply since site sites skill slightly slow snatch society some someone soon source sow speak standing started stingy storage strengthening stronger such suggesting suspected sustained system tactic take taken talos targeted targeting targets team technique technology tension thank them then these thingsin third those three through thwart time timeframe too top tor torrent tox traffic translation: translation:1 translation:almost translation:unknown: triple typically unavailable unconfirmed understand unique unknown unreachable unsure unwanted updated updates url use usunknown: vacation varied variety various verified vice victim wants wasn web website weekend weekendlockbitsupp: what where which who whole will within working world worst would wrote yanluowang years your |
| Tags | Ransomware |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.