Trending February 2024 # Massive Russian Ransomware Operation Goes Offline # Suggested March 2024 # Top 2 Popular

You are reading the article Massive Russian Ransomware Operation Goes Offline updated in February 2024 on the website Flu.edu.vn. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested March 2024 Massive Russian Ransomware Operation Goes Offline

One of Russia’s most notorious hacking organizations, REvil, has suddenly gone offline, just days after President Biden spoke with Russian President Vladimir Putin to raise concerns about the cyber crime last week.

The group, believed to be behind some of the largest ransomware scams in US history, runs several blogs and a payment website which are no longer reachable.

Speculation is rife that the disappearance of these sites is due to government intervention, possibly either from Russia or the US, but no official statement has been made by either party.

REvil Goes Dark

The blogs and payment site for cybergang REvil went down on Tuesday, suddenly and without any prior indication. The group primarily deals in ransomware scams, and was accused by the FBI of being behind the massive attack on meat processing company JBS, last month.

The official reason for the takedown is still unclear, but there is speculation that authorities may have intervened. President Biden hosted a phone call with Putin last Friday in which he discussed the increasing attacks on US businesses from Russian-based hacking groups. In the hour-long call, Biden told Putin that the country would take ‘any necessary action’ to halt hacking attempts that stem from Russia:

‘I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is.’ – President Joe Biden

Whether either side has acted against the REvil group this week is unclear, but the timing of the group going offline is certainly interesting, just days after Biden said he was ‘optimistic’ that action would be taken against their like.

Who are REvil?

The group known as REvil is a hacking organization that is likely Russian based, according to research by the FBI, and the fact that it never targets Russia itself.

REvil specializes in ransomware, a scam in which an individual’s or organization’s computer systems are infiltrated and locked until payment is provided. Failure to do so runs the risk of the exposure of sensitive company data. The group tends to target huge corporations, requesting payments of millions of dollars each time.

In the past, the group has been responsible for some of the biggest attacks the US has seen, such as the JBS ransomware attack in May, which saw the meat processing firm pay out $11 million in Bitcoin to the organization.  At the start of July, Kaseya desktop software was targeted by REvil, leading to a ransom demand of $70 million, and causing havoc for companies worldwide.

We may never know the real reason why REvil appears to have been taken offline, but if it has gone for good, it is certainly one less thorn in the side for US government and businesses. However, REvil is far from the only massive ransomware operation out there, and the threat will never truly disappear while it remains profitable.

Safeguarding Businesses from Hackers

The pandemic has proven to be lucrative time for hackers, with cases on the rise over the past year. With more of us working from home, company tech infrastructures have had many weak points, which have been preyed on by hackers.  According to one report, the average cost of a data breach is $21,659, with 5% of successful attacks costing businesses $1 million or more.

According to the same report, by far the most successful path for hackers is via human error. 85% of hacks occur through defrauding humans, whether it’s through phishing scams, or convincing a user to install a dangerous application.

There are tools that businesses can use to minimize the risk to their staff, and company. These include anti-virus software, naturally, which can capture harmful files before they even get the chance to be opened. Then there’s remote access software, providing a secure way for remote workers to access their work platform. Another tool we highly recommend at chúng tôi is password managers. These can create robust, tough to break passwords for users, as well as alerting them should any passwords be breached.

You're reading Massive Russian Ransomware Operation Goes Offline

If Windows Goes Open Source

Recently there has been concern surrounding the possibility that one day Windows could be open source. The previous CEO of Microsoft stated point blank that he viewed the concept of open source as a cancer. Is this about-face an indication that Microsoft has evolved and accepts that open source provides far greater value? Even more provoking, could Windows one day join other open source projects?

In this article, I’ll look at what happens if Windows goes open source. How it affects Linux desktops and whether or not open Windows could be a good thing or a Trojan horse.

Even the most die-hard Linux enthusiasts sometimes become confused when they think of open source licensing. They forget there are countless other open source licenses besides the famed GPL license. If Microsoft offers Windows source code under an open source license, you can be sure they’ll guarantee that said code will prevent any competition.

In addition to making sure Windows couldn’t simply be cloned using an existing code base, Microsoft will have waited until their software as a service model has matured. I bet it’ll have matured to a degree that even if someone comes up with Windows “Reloaded,” their proprietary software projects will still only work on the operating systems they’ve blessed.

Microsoft is beginning to accept that the operating system is losing its importance. Web applications and applications that can be run locally in a cross platform nature are beginning to put Microsoft on notice. Software, not operating systems, will run the desktops of tomorrow. Their focus will remain true to this revelation. Anyone competing with Microsoft who fails to realize this will end up a distant second place, even as Windows loses its importance.

One of the best ways to gain adoption is to remove barriers to said adoption. Microsoft apparently is trying their hand at this. They will for at least a year upon its release, make Windows 10 upgrades free to users of Windows 7 and 8. To make matters even more disturbing, there’s also talk of how they’ll offer that upgrade via the Windows Update feature. That’s right folks, Microsoft will now offer something Linux desktops have offered their users for years now. Welcome to the 21st Century, Microsoft.

In their defense, one thing Microsoft is doing right is allowing technical preview releases of Windows 10 to automatically upgrade to Windows 10 proper. Great for Microsoft, deeply troubling for those who might be considering a switch to Linux in the future.

An important thing to remember is this: If you ask most people why they switched to Linux over Windows, their reasons will vary. However a large chunk of those recent converts will come about because Linux is available at no cost. This is especially true of those who didn’t want to pay to upgrade to Windows 7 or 8. So while the cost of an operating system might not be a primary motivator for users such as myself, it can be for others.

It may start off with just an upgrade being made free, the next step could be to open source the entire operating system a few years later. Microsoft might be going for the long play on this one. And if they’re successful, it will absolutely hurt Linux adoption.

The official line from various pro-Windows pundits is that in Windows 10 manufacturers will have a “choice” as to whether or not to provide a secure boot kill switch. On the surface, this sounds benign enough. But it also leaves the door open for Microsoft to “encourage” vendors to lock down the computer. Considering this isn’t beyond the scope of something Microsoft might do, it behooves us all to be careful when considering Windows 10 PCs.

While it’s probable that this choice will only affect a few computers upon the Windows 10 release, companies like Dell would be all too welcoming to abide by Microsoft’s wishes. Dell selling Ubuntu in other countries or simply testing the market here in the US isn’t a clear indication that they’ll support the Linux desktop going forward. They’ve pulled back before and if the deal is sweet enough, might do so again. Don’t believe me? Go to chúng tôi and browse their “vast selection” of Linux computers.

Dell and others will jump at the chance to minimize their support calls after someone installs Linux or any other non-supported operating system. If it’s locked down, chances are the support calls will remain centered around Windows 10 only. Just watch, I bet it will happen. And if it does other vendors will follow along given the opportunity.

Regardless of its licensing, Windows 10 challenges the Linux community on multiple fronts and thus far the community has done little to nothing to really prepare for its release. Unlike previous releases, we’re looking at a two-front attack.

Viro Botnet: A New Ransomware

Viro Botnet: A New Ransomware

Similarly, a new ransomware was discovered by Trend Micro researchers, named as Viro Botnet Ransomware, which behaves as both, botnet and ransomware. This ransomware is currently active in United States and is targeting Windows users.

Let us know some more about this ransomware, like how it works and what is it capable of.

How Viro Botnet Ransomware Works?

1. Once, the file named “Ransom_VIBOROT.THIAHAH” is installed on system, it directly goes for checking registry keys, to see whether the system is encrypted or not.

2. After this, it creates an encryption and decryption key with cryptographic Random Number Generator. As soon as the key is generated, Viro botnet starts gathering information from system and simultaneously keeps sending the data to its host server through POST.

4. Once, the system is encrypted, it shows a ransom message, which is written in French.

Must Read : An Insight to CoinVault Ransomware

What Viro Botnet Is Capable Of?

Well, Viro Botnet seems powerful and infectious, let us know some more about it.

1. Viro Botnet comes in a file name “Ransom_VIBOROT.THIAHAH” with .exe extension. This botnet gathers information from registries, and directly attacks machine GUID for it.

2. It collects:

Machine GUID

Machine name

User name

Other details

hxxps://viro(.)mleydier(.)fr

hxxps://viro(.)mleydier(.)fr/noauth/order/

hxxps://viro(.)mleydier(.)fr/noauth/keys/

hxxps://viro(.)mleydier(.)fr/noauth/attachment/

hxxps://viro(.)mleydier(.)fr/noauth/attachment/

4. This ransomware is capable of doing lots of other things as well, which are:

Propagate

Log Keystrokes

Makes the infected system imitate as a Botnet to send spam emails

Can encrypt files in fixed, removable and network drives

Once, the files are encrypted, it shows a message with the ransom text written in French

5. Viro Botnet can encrypt files with the following extensions:

.asp, .aspx, .csv, .doc, .docx, .html, .jpg, .mdb, .odt, .odt, .pdf, .php, .png, .ppt, .pptx, .psd, .sln, .sql, .swp, .txt, .xls, .xlsx, .xml

6. Viro Botnet can also be present with alias name, that is “HEUR:Trojan.Win32.Generic”. It is currently active in United States and is only targeting Windows users for now.

What’s the Status?

However, for now, Viro Botnet has been taken care of by Trend Micro, as they have succeeded in taking down the server. Also, they have blocked all the websites connected to the server. But, still we should stay aware and should keep taking necessary and useful preventions to stay safe and secure from attackers.

Also Read : All You Need to Know About the GandCrab Ransomware

Quick Reaction:

About the author

Tweak Library Team

What Is Lockbit Ransomware Attack?

LockBit ransomware is harmful malware meant to prevent users from accessing computer systems unless a ransom is paid. LockBit will automatically disseminate the infection over the network, look for valuable targets, and encrypt any accessible computer systems. Highly specific assaults against businesses and other organizations utilize this malware.

LockBit attackers have created a name for themselves by posing the following threats to businesses around the world −

Essential operations are interrupted, and they abruptly stop.

The hacker is engaging in extortion for personal benefit.

If the victim does not cooperate, blackmail tactics include data theft and unauthorized dissemination.

What is LockBit Ransomware?

A fresh ransomware attack in a long line of cyber-extortion strikes is called LockBit. It was sometimes referred to be “ABCD” ransomware, but it has now developed into a distinct danger in the context of these extortion tools. Because it bases its ransom demands on a monetary payment in exchange for decryption, LockBit is a type of ransomware known as a “crypto-virus.” Instead of individuals, it primarily focuses on businesses and governmental institutions.

LockBit attacks first started in September 2023, when it was known as the “.abcd virus.” The nickname referred to the name of the file extension that was used to encrypt a victim’s files. Organizations in the United States, China, India, Indonesia, and Ukraine are examples of notable previous targets. In addition, there have been attacks in a number of European nations, including France, the UK, and Germany.

Targets that will feel hindered by the disruption and have the money to do so will be considered viable. As a result, this may lead to widespread attacks against major businesses, including healthcare and financial institutions. It also appears to purposefully avoid attacking systems local to Russia or any other Commonwealth of Independent States nations throughout its automated vetting procedure. This is probably being done to prevent prosecution in such places.

LockBit performs the role of ransomware as a service (RaaS). When using tailored for-hire attacks, willing parties put down a deposit and earn money through an affiliate program. The LockBit development team receives up to ¾ of the ransom money, and the attacking affiliates also receive a portion of it.

How Does the LockBit Ransomware Operate?

Many authorities believe that the “LockerGoga & MegaCortex” malware family includes the LockBit ransomware. Simply put, this indicates that it behaves similarly to certain wellestablished types of targeted ransomware.

Here is a brief description of what we know about these attacks −

Instead of requiring manual direction, self-spreading within an organization

Targeted rather than sent randomly like spam malware.

Using comparable methods to disseminate, such as Server Message Block and Windows Powershell (SMB).

Most important is its capacity for self-propagation, or the ability to grow on its own. Premade automated methods guide LockBit’s programming. This distinguishes it from many other ransomware assaults that depend on manually residing in the network for the sake of recon and surveillance, often for weeks at a time.

A script can be used to locate other accessible hosts, connect them to infected ones, and spread the infection after the attacker has physically infected one host. All of this is finished and repeated without any help from humans.

Additionally, it employs tools in ways that are typical of almost all Windows computer systems. Malicious behavior is hard to detect by endpoint security systems. Additionally, it disguises the executable encrypting file as the common to conceal it. Further tricking system defenses is the PNG picture file format.

Threats That LockBit Uses

The threat posed by LockBit, the most recent ransomware outbreak, is a serious issue. We can’t rule out the likelihood that it will spread to several organizations and industries, especially in light of the current rise in remote working. Finding LockBit’s variations can assist in determining exactly what you’re up against.

Abcd extension in variant 1 − Files with the “.abcd” extension name are renamed in the initial version of LockBit. It also contains a “Restore-My-Files.txt” file that has been put into each folder containing a ransom letter with demands and guidelines for purported recoveries.

The LockBit addition in variant 2 − The current name of this ransomware was given to it after the second known version adopted the “.LockBit” file extension. Victims will discover that other characteristics of this version, despite minor backend changes, seem much the same.

3rd variant of LockBit − The ransom instructions for the next version of LockBit do not mention downloading the Tor browser anymore. Instead, it uses a conventional internet connection to direct victims to a different website.

Ongoing modifications and improvements to LockBit − More sinister functions, such as removing administrative permission checkpoints, have recently been added to LockBit. The safety prompts that users might receive when an application tries to execute as an administrator are now disabled by LockBit.

Additionally, the virus is now configured to take copies of server data and contains extra lines of extortion in the ransom message. LockBit now threatens to reveal the victim’s sensitive information to the public if the victim disobeys orders.

Decryption and Removal of LockBit

Endpoint devices need stringent protection measures across your entire organization due to the problems LockBit might cause. Having a complete endpoint security solution is the first step. If your company is already affected, simply getting rid of the LockBit ransomware won’t restore access to your files. Since encryption requires a “key” to unlock, you will still need a tool to recover your system. If you already have pre-infection backup images, you could also be able to restore your systems by reimaging them.

How To Update Xbox One Offline

Software updates generally come via automatic online updates. But if you don’t have a good internet connection, sometimes the console forces you to use offline methods.

The Xbox Offline System Update (OSU) allows you to get the console up to date with a flash drive.

Here’s what you need:

A USB flash drive with 6GB of space, as well as NTFS format

A Windows PC with an internet connection and USB ports

The process is the same for the Xbox One S, the Xbox One X, Xbox Series X, or Xbox Series S.

However, the original Xbox One console may need an extra update, depending on its operating system. There’s a detailed guide below.

Format the USB Drive

The first step is formatting your USB flash drive. Here’s how:

Plug your USB flash drive into your Windows PC

Open the File Explorer

Go to This PC

Leave everything else as-is, but rename the drive if you want

Download the Update File

Plug the USB drive on your Windows PC

Copy the “$SystemUpdate” on the .zip file to the flash drive

Unplug the drive from your PC

Update the Xbox Offline

Now, it’s time for the update. It works through the Xbox Startup Troubleshooter:

Turn off your console

Unplug the power cord for one minute to power cycle the Xbox

Plug back the cable

Hold the two buttons for 10-15 seconds until you hear the second power-up tone. Release the buttons when you listen to it

The console will boot into the Startup Troubleshooter

Plug the USB drive on the Xbox

Select Offline system update

The process will take several minutes. The console may restart various times to finish the update.

Also, you will need to connect to the internet during the setup process. Simply follow the instructions until you’re back on your Xbox’s home screen. 

However, if it doesn’t work, you may:

Turn off the Xbox

Unplug all of its cables for 5 minutes

Plug back all of its cables

Try the update again, or choose to Reset this console

How to Update the Original Xbox One Offline

As the oldest console, the Xbox One original may require you to do some extra steps.

But you can quickly verify if you need these steps or not. See, older system versions don’t have the Xbox Startup troubleshooter. So, if your Xbox has one, you can update it with the steps you saw above.

Otherwise, you will have to install two or three offline updates in a row.

Check if the Xbox One Has the Troubleshooter

Here’s how to check if your older Xbox has the Xbox Startup Troubleshooter:

Turn off the console

Unplug the network and power cable

Wait one minute

Plug the power card back

Press and hold the Pair and the Eject button simultaneously for 10-15 seconds

Press the Xbox power button after you hear the first beep, but keep holding the other buttons

After you hear the second beep, release the buttons.

When the console powers up, it will take you to the Xbox Startup Troubleshooter. If it could reach there, you can perform the Xbox offline update with the same steps as above.

Otherwise, continue with the following steps. 

Check the OS Version

There’re three offline Xbox system updates (OSU1, OSU2, and OSU3). To find out the ones you need, you must check the OS version on your console: 

Turn on the console

Press the Xbox button on your controller to open the guide

Go to Profile & system

Go to Settings

Go to System

Go to Console info

Check your OS version and compare it with our lists below

Newer OS versions only need OSU1. These are:

6.2.11791.0 (xb_rel_1411.141114-2300) fre

6.2.12521.0 (xb_rel_1503.150305-1449) fre

6.2.12998.0 (xb_rel_1506.150601-2200) fre

6.2.13326.0 (xb_rel_1508.150810-2029) fre

6.2.13332.0 (xb_rel_1508.150903-2141) fre

10.0.10586.1006 (th2_xbox_rel_1510.151107-2322) fre

10.0.10586.1016 (th2_xbox_rel_1510.151118-2147) fre

10.0.10586.1024 (th2_xbox_rel_1510.151203-1909) fre

10.0.10586.1026 (th2_xbox_rel_1510.151217-1035) fre

10.0.10586.1100 (th2_xbox_rel_1602.160210-2122) fre

10.0.10586.1194 (th2_xbox_rel_1603.160317-1900) fre

If your build is not above, it may be the following:

 6.2.9781.0

The build above is the older version, and it needs an OSU3 update. All other system versions (the ones you don’t see on these lists) need OSU2. 

Update Each Version Separately

You must update each version separately, one after the other. It works like so:

If you update with OSU3, you then need to update with OSU2, and finally OSU1

If you update with OSU2, you then need to update to OSU1

Each update needs a separate process, as I explained above. For example, if you need the OSU3 update, here’s what you’d do:

Download OSU3

Unzip and copy its file on your empty and NTFS flash drive

Initiate the Troubleshooter

Plug the drive on the Xbox

Select Offline system update

Let the process finish

Then, turn off the Xbox, and go on with the follow-up update.

Download OSU2

Plug the drive on your Windows PC and delete everything within

Unzip OSU2 and copy its file on your empty and NTFS flash drive

Initiate the Troubleshooter

Plug the drive on the Xbox

Select Offline system update

Let the process finish

Then, finish up with OSU1:

Download OSU1

Plug the drive on your Windows PC and delete its contents

Unzip OSU1 and copy its file on the drive

Initiate the Xbox troubleshooter

Plug the drive on the console

Select Offline system update

Let the process finish

Intel’s Haswell Gets Massive Graphics Performance Boost

Intel is expected to announce its fourth-generation Core processors code-named Haswell for laptops and desktops in June, but the company is already releasing teasers that talk about their performance.

The Haswell laptop chip will deliver up to twice the graphics performance compared to third-generation Core processors code-named Ivy Bridge, according to a slide deck released by Intel on Wednesday. The company is claiming graphics performance improvement of close to three times for Haswell desktop chips. An Intel chart displaying the graphics jump in low-power Ultrabooks.

The graphics capabilities in Haswell will enable high-definition gaming and video playback, which will reduce the need for separate graphics cards.

Intel is expected to announce the Haswell chips at the Computex trade show in early June. PC makers are expected to show laptops, desktops and tablets running on Haswell chips at the trade show, which will be held in Taipei between June 4 and 8. Intel has said that Haswell-based laptops may be released around the middle of this year.

The chip maker has said the battery life of ultrabooks will double with the new fourth-generation Core chips. Haswell will also deliver double the performance on the same power consumption compared to Ivy Bridge chips. Intel has introduced low-power Haswell chips that draw up to 7 watts of power, and the company hopes some of those processors make it to high-performance tablets that could be used for gaming.

The Haswell chip will enable laptops to play 4K video, in which images are displayed at a resolution of 3840 x 2160 pixels, which is four times that of traditional 1080p high-definition video. The graphics processor is also faster at rendering video via a feature called QuickSync, which was slower on previous Intel chips. Some new QuickSync features include faster MPEG video encode and decode.

The graphics performance of Haswell will depend on the chip type and PC configuration. For example, Intel’s fourth-generation Core i7-4650U ultrabook chip, which is based on Haswell and draws 15 watts of power, delivers one-and-a-half times the graphics performance of a comparable 17-watt, third-generation Core i7-3687U based on Ivy Bridge. A 28-watt Core i7-4558U doubles the graphics performance of the 17-watt Ivy Bridge chip.

The beefiest desktop processors see the biggest graphics boosts.

For some power-hungry desktop Haswell chips, the graphics performance is close to three times more than comparable Ivy Bridge chips.

The Haswell chips will support DirectX 11.1, which is Microsoft’s latest set of tools to develop and run games. Haswell chips will also support the OpenGL 4.0 API (application programming interface) and OpenCL 1.2, a framework of parallel programming tools in which certain calculations and graphics tasks can be off-loaded to the graphics processor.

Intel has introduced a new naming scheme for its graphics processors integrated in the chips. Intel’s HD 5000 graphics will go into chips drawing 15 watts of power, while the more powerful Iris Graphics 5100 and Iris Pro graphics 5300 will go into Haswell processors that draw more power. The naming scheme is important for PC buyers who measure the quality of a chip based on graphics performance.

The company typically releases a new chip for laptops and desktops every year, with each new generation adding more CPU and graphics performance. With PC shipments falling, Haswell chips are perhaps the most important chip release for the company to date. Intel hopes the power-efficient fourth-generation Core chips will also be used in devices like tablets or hybrids.

Update the detailed information about Massive Russian Ransomware Operation Goes Offline on the Flu.edu.vn website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!