Cyber Security Today, April 22, 2022 – Backgrounder on BlackCat ransomware gang, movement from REvil and millions stolen from another DeFi system

Share post:

A new backgrounder on the BlackCat ransomware gang, movement from REvil and millions stolen from another DeFi system. Welcome to Cyber Security Today. It’s Friday April 22nd, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  The FBI has issued another in a series of background reports on ransomware gangs. This one is on the BlackCat or ALPHV gang. The purpose of these reports is to give IT defenders information on the tactics used by malware operators and indicators of compromise. The FBI estimates that as of last month the BlackCat operators had compromised at least 60 organizations around the world. Usually this gang or its affiliates use stolen user credentials to access the IT systems of victims, then they try to get into Active Directory to get hold of administrator accounts. After disabling security features Windows Task Scheduler is used to deploy the ransomware. More on ransomware: After laying low for some months the REvil ransomware gang may have stirred. According to the Bleeping Computer news site the gang’s servers on the Tor network are redirecting to a new data leak site that lists two new victims. This new site is also being promoted on a criminal forum. A few months ago Russia announced some members of the REvil gang were arrested. It isn’t clear if that led to the disruption of the gang or the leaders have been sitting quiet — until now. Cisco Systems has released a patch for a vulnerability in its Umbrella Virtual Appliance. Umbrella is a cloud-based cybersecurity service that combines a secure web gateway, firewall, and cloud access security broker for logins. Rated as high, the vulnerability could allow an unauthenticated remote attacker to impersonate a virtual appliance. As a result the patch needs to be installed promptly. There’s more evidence that the digital coin industry still doesn’t understand cybersecurity, controlling business processes and human nature. According to researchers at Omniscia, the Beanstalk stablecoin project suffered a US$182 million loss of cryptocurrency last Sunday at the hands of a crook. How? First a definition of this project. It’s a decentralized finance, or DeFi, operation. Participants earn rewards by contributing funds to a central funding pool. Like many DeFi projects, it has a majority vote governance system. What happened was someone exploited a flaw in the voting code and initiated what’s called a flash loan. Flash loans are allowed by voters. But in this case someone gamed a newly-introduced system. In May Beanstalk will hold a fundraiser to try to restore funds. Attention Facebook users: There’s a new scam going on trying to steal your login credentials. According to researchers at Abnormal Security, targets get an email claiming their account is about to be disabled because of repeated postings that violate Facebook’s policies. To avoid having the account killed the victim has to click on a link in the email to file an appeal. That leads to a form where the target has to enter their name, email address and Facebook password. Think carefully before entering a password after clicking on a link. If you’re worried after getting a message like this from any service you use don’t click on a link. Instead go to the site directly and log in to your account. That’s it for now. But remember later today the Week in Review podcast will be available. Guest commentator David Shipley of Beauceron Security will join me to discuss ransomware, zero-day vulnerabilities and a new criminal marketplace hoping to sell stolen corporate data to other companies. Remember links to details about podcast stories are in the text version at That’s where you’ll also find other stories of mine. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, April 22, 2022 – Backgrounder on BlackCat ransomware gang, movement from REvil and millions stolen from another DeFi system first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Cyber Security Today, May 20, 2024 -Ransomware gang claims it hit a Canadian internet provider

A ransomware gang claims it hit a Canadian internet provider. Welcome to Cyber Security Today. It's Monday May 20th,...

Open Source AI: Hashtag Trending Weekend Edition – Show Notes

The conversation explores the topic of open source AI and its significance in the industry. It highlights the...

Cyber Security Today, Week in Review for week ending Friday May 17, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, May 17th,...

Cyber Security Today, May 17, 2024 – Malware hiding in Apache Tomcat servers

Malware hiding in Apache Tomcat servers, new backdoors found, and more Welcome to Cyber Security Today. It's Friday, May...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways