We have gathered the week’s most important cybersecurity news.
- The Duma has submitted a bill proposing the ‘grounding’ of social networks in Russia.
- Analysts identified Bitcoin wallets associated with the DarkSide hackers.
- One of the largest U.S. insurers paid $40 million in ransom to attackers.
A bill to compel foreign IT companies to register in Russia introduced in the State Duma
The State Duma has submitted a bill requiring IT companies with a daily audience in Russia of 500,000 or more to open offices in the country. According to the document, they must also register a personal account on the Roskomnadzor website.
One of the bill’s authors, Alexander Khinshtein, spoke about the document, which has been dubbed the ‘grounding law.’ It introduces measures against companies that refuse to comply with mandatory registration requirements. Among them are a ban on advertising about the platform and on payments to the website.
The document targets foreign social networks. According to the law that came into force in February, social networks are defined as online resources that allow users to create personal profiles and have a daily audience of more than 500,000 users from Russia.
Irish media linked the Irish health service attack to Russian hackers
Last week, Ireland’s Health Service Executive (HSE) was hit by a ransomware attack, resulting in attackers gaining access to a large amount of data. The hackers are demanding $20 million.
The health minister said authorities did not pay for the decryptor keys. Local media, citing cybersecurity experts, report that the attackers behind the attack are known as Wizard Spider and are based in Russia.
Irish authorities have contacted Russia to discuss the incident. The Russian embassy in Dublin said it is ready to cooperate with the investigation.
Later, the hacking group provided the Irish authorities with the decryption key to restore access to part of the stolen data.
Analysts tracked DarkSide’s Bitcoin wallets
Elliptic analysts identified Bitcoin wallets used by the DarkSide hackers to receive ransom from victims.
Initially, Elliptic found a wallet to which the attacked Colonial Pipeline sent the ransom. This week, the CEO of the company, Joseph Blount, confirmed the payout. He said the amount was $4.4 million in Bitcoin.
Later, Elliptic disclosed other wallets believed to belong to DarkSide. According to analysts, over nine months of operation using the DarkSide malware, the attackers collected about $90 million in Bitcoin from victims.
Several hackers affiliated with the DarkSide gang complained that they did not receive payouts for carrying out attacks.
The Qlocker ransomware has shut down
The operators of the QLocker ransomware announced they were winding down after just over a month of activity.
Because QLocker used a fixed set of Bitcoin addresses to receive ransom, researchers tracked that during its operation the attackers collected about 9 BTC, according to Bleeping Computer.
Rather than demanding millions of dollars to restore files, as many other ransomware groups do, the attackers asked victims for around $500 in cryptocurrency. Because of such a small sum, many companies paid to restore their files.
One of the largest U.S. insurers paid hackers $40 million in ransom
American insurer CNA Financial paid $40 million to the hackers in late March to regain control of its computer networks after the Phoenix Locker ransomware attack.
Bloomberg reports that the company paid the attackers two weeks after the breach and data theft.
CNA declined to comment, noting that they followed “all laws and regulations”. Recall, OFAC recommended that ransomware victims not pay the ransom.
Chrome announces automatic replacement of compromised passwords
Google Chrome developers for Android have introduced a new option that lets users change passwords exposed in breaches with a single click.
Google Assistant will offer to change the compromised password and will perform the replacement automatically. Users can also do this manually.
Automatic password changes will be available to Chrome for Android users in the United States who sync their passwords in the coming months.
Also on ForkLog:
- DeFi protocol bEarn Fi lost $11 million due to a hacker attack.
- Roskomnadzor partially rolled back throttling of Twitter and threatened restrictions on Facebook and YouTube.
- A mining app linked to a leak of 17 GB of user data.
- Hacker crashed the price of the PancakeBunny DeFi project’s token.
- Experts warned of a possible increase in DDoS attacks as cryptocurrency prices fall.
- In Russia, Facebook faces a 56 million ruble fine for not removing prohibited content.
What to read this weekend?
We revisit the story of one of the most famous Russian hacker groups. How Lurk was organized and why it is linked to the FSB—read ForkLog’s exclusive.
Read ForkLog’s Bitcoin news on our Telegram — crypto news, prices and analysis.