Skip to main content

Friday Five 1/20

by Robbie Araiza on Friday January 20, 2023

Contact Us
Free Demo
Chat

This week’s top headlines were mostly good news, including ransomware’s falling profits, the takedown of a darkweb crypto exchange, and the release of a new ransomware decryptor. Catch up on the latest in this week’s Friday Five!

1. RANSOMWARE PROFITS DROP 40% IN 2022 AS VICTIMS REFUSE TO PAY BY BILL TOULAS

According to new data, ransomware profits declined by 40% in 2022, only reaching $457 million as opposed to roughly $765 million from two years prior. The same data indicates that the average ransomware lifespan was cut in half and that victim payment rates have been dropping for years. Read more about the promising stats, the mental shift that is occurring in both attackers and victims, and the driving forces behind both sides in the full story from Bill Toulas at BleepingComputer.

Read more

2. AUTHORITIES DISMANTLE CRYPTO EXCHANGE BITZLATO, ALLEGE IT WAS CYBERCRIME “HAVEN” BY DAN GOODIN

This past Wednesday, federal authorities arrested the founder of Bitzlato, Anatoly Legkodymov, in Miami for allowing cybercriminals to engage in ransomware and illicit drug sales on the dark web. Bitzlato reportedly processed $4.58 billion worth of cryptocurrency transactions under Legkodymov, and according to authorities, a “substantial portion of those transactions constitute the proceeds of crime, as well as funds intended for use in criminal transactions.” Read more about the criminal groups affiliated with Bitzlato and the charges being filed against Legkodymov below.

Read more

3. HACKERS CAN ABUSE LEGITIMATE GITHUB CODESPACES FEATURE TO DELIVER MALWARE BY RAVIE LAKSHMANAN

New research has found that threat actors can deliver malware to victim systems via a legitimate feature in GitHub Codespaces, a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase from a web browser. The ability to share forwarded ports publicly is what can reportedly be abused by cybercriminals, but what makes this threat particularly dangerous is that "these abused environments will not be flagged as malicious or suspicious even as it serves malicious content (such as scripts, malware, and ransomware, among others), and organizations may consider these events as benign or false positives."

Read more

4. AVAST POSTS DECRYPTOR FOR THE BIANLIAN RANSOMWARE BY STEVE ZURIER

This past Monday, researchers at Avast made a decryptor for BianLian ransomware publicly available for download through their blog. BianLian ransomware emerged in August 2022 having attacked several different sectors and was particularly dangerous because it encrypted files at high speeds. According to Drew Schmitt, lead analyst at GuidePoint's research and intelligence team (GRIT), "beginning in late November through the end of 2022, the group has averaged one new public victim each day, which may be a result of maturing their processes and/or adding new members to their team.”

Read more

5. LAWMAKER ASKS CISA TO INVESTIGATE AIR TRAVEL CYBER RISKS FOLLOWING FAA SYSTEM OUTAGE BY CHRIS RIOTTA

Following the large swath of flight cancellations and delays caused by the outage to the FAA's Notice to Air Missions and Air Traffic Control (NOTAM) system, Rep. Ritchie Torres (D-N.Y.) called on CISA and the Department of Transportation to launch a joint review of the potential cyber vulnerabilities impacting systems supporting national air travel. According to Rep. Torres, "At a time when cyberattacks are rising in both scope and sophistication, modernizing the cybersecurity of air travel must be a priority for the federal government. 20th-century air systems will no longer suffice in a world of 21st-century cyber challenges." NOTAM's outage ultimately stemmed from contractors mistakenly deleting files on the system rather than a cybersecurity issue, but it's clear that politicians are still concerned about the stability of the systems, many of which are decades old.

Read more

Tags:  Ransomware Cybercrime Vulnerabilities

Robbie Araiza

Robbie Araiza

Robbie is a Content Creator for the Data Protection team at Fortra. Prior to joining the organization, he studied psychology and social work at Texas State University in San Marcos, TX.

Recommended Resources


The Definitive Guide to DLP

All the essential information you need about DLP in one eBook.

The Ultimate Guide to Data Protection

Everything you need to know about data protection but were afraid to ask.