FBI takes measures to recover infected routers, and US authorities dedicate a $10 million reward to catch the person responsible for ransomware attacks
US authorities have dismantled a network of compromised routers at the behest of a cyber unit of the Russian military, whose owners had failed to change the default passwords that came with their devices. After the Department of Justice’s actions, which allegedly got court approval to destroy the stolen, malicious files, remove remote management access, and return the routers to their operating systems with the default permissions, changing the default password at least would have left them better protected, even after a factory reset. US authorities have now said they’ve disrupted attacks launched on the US internet by compromised American routers a second time in two months.
The Federal Bureau of Investigation had sent bits of code over the network to the infected routers, changing the firewalls that protect the device so that further intrusions would be blocked. Because the intruders had seized control of the routers, blocking their access was only a temporary workaround, and security experts advised the owners to update their software so the devices would work securely in the future. Most of the software in use in small or home offices is vulnerable. U.S. Attorney General Merrick Garland went on to explain that Russian intelligence services ‘partnered’ with criminal gangs to come up with their botnet code.
Moreover, US authorities have put up a $10 million reward for information leading to the identification or location of leaders of the AlphV/BlackCat ransomware operation and up to $5 million for information leading to the arrest or conviction of any person responsible for conducting a ransomware attack with this variant.
At the same time, ESET has begun issuing patch updates covering numerous security products for securing Windows systems. South Korean researchers have recovered the data encryption key from the crypto-malware variant Rhysida ransomware, allowing them to release a recovery tool for victims. The developer of Kryptina, a ‘ransomware-as-a-service’ operation, walked away from the business a few weeks ago in the wake of bad press instead of releasing his platform’s source code to the wild for free.
Source: Howard Solomon,IT World Canada February 16, 2024