4/7/2023 0 Comments Cable krebs stamos ransomwhere![]() As long as the researchers can share Bitcoin addresses and ransomware information, I can add them. The majority of ransomware researchers can contact me via Twitter or email. In addition, Cable also urges malware researchers to contact him directly and add the data to the database as a trusted source.Ĭable mentioned: "I have been active in various Slack groups. But later I may add a voting system for individual users to mark or report false or forged reports." Cable said: "At the moment, I only review all submitted reports. For example, one of the flaws is that its database is easily contaminated by incorrect or forged submissions.īut for this statement, Cable also stated that he plans to review all submitted ransomware related information. Running a website like Ransomwhere will certainly have its shortcomings. From this perspective, by analyzing the data collected by Ransomwhere, it is possible Will help. There are still blind spots when analyzing the scale of other ransomware attacks. However, this kind of in-depth research is only for larger-scale ransomware. This is how these companies estimate the benefits of several ransomware attack groups, such as: Then expand the Ransomwhere project with data that has not yet been disclosed or directly disclosed by target users.īitcoin analysis companies such as ChainAnalysis and some security vendors used to collect the Bitcoin wallet addresses found in malware samples and ransomware information, and then detect whether anyone paid to these wallet addresses. However, many security researchers said in an interview with The Record that they are also constantly exploring ways to cooperate with companies in the field of information security or blockchain analysis, and integrating relevant data about ransomware attackers they may already have. Sharing ransomware payment data anonymously, such as third-party services (such as Ransomwhere), can eliminate obstacles in the network security community, such as confidentiality agreements and commercial competition.īut for now, Cable can only rely on the information submitted by the public to expand the website's database. Because most security companies are not willing to cooperate with individuals or teams in the security community, they will not choose to disclose the information they have, and sometimes even share this information privately, so tracking ransomware payments is important to the entire information security community It is straightforward to have difficulties. , So it is difficult for us to know whether the countermeasures taken by security experts can really change the impact of ransomware attacks."Īlthough this project has not been online for a long time, it has attracted the attention of a large number of researchers in the information security community. ![]() Except for ransomware criminal gangs, it is actually difficult to know the true impact and scale of this ransomware attack. When After I found out that no node can query the public data of ransomware payment, and considering that it is not difficult to track Bitcoin transactions, I started planning to launch the Ransomwhere project."Ĭable also said: "However, to be honest, I think this is a big problem, especially for the ransomware ecosystem. In an interview with The Record last Thursday, Cable said: "Katie Nickels said in his tweet that no one really understands the full impact of cybercrime, especially ransomware, which really encouraged me. The idea behind this website is to establish a central system to track the payment of targeted users to ransomware attacking groups, in order to help security researchers more accurately estimate the scale and profit of the targeted ransomware business, and this part of the content is currently A blind spot in the network security community, we can be regarded as "lessly aware" of this part of the information. Ransomware attacks are on the rise and now the subject of debate between world leaders after attacks on Colonial Pipeline, meat processor JBS, and last week's attack against enterprise software management firm Kaseya, which saw REvil ransomware spread to dozens of managed service providers and over 1,000 of their customers.Īcross all time, the Mailto/Netwalker ransomware leads the ransomware pack, but – isolating payments to this year – the REvil/Sadinokibi – which was behind the JBS and Kaseya attacks – is the leader with $11.3 million payments received.Solve the known blind spots in network security research SEE: Network security policy (TechRepublic Premium) The payment figures can be broken down by 'all time', this year, this month, and this week. The Ransomwhere site is an open, crowdsourced ransomware payment tracker, offering a breakdown of victim payments in bitcoin to wallets linked to a dozen major ransomware variants. ![]() ![]() The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |