fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Congress Asks FBI To Explain Delay In Helping Kaseya Attack Victims

US Congress Asks FBI To Explain Delay In Helping Kaseya Attack Victims

The House Committee on Oversight and Reform has requested a briefing to understand the rationale behind the FBI’s decision to delay providing the victims of the Kaseya REvil ransomware with a universal decryption key for three weeks.

“To understand the FBI’s decision, the lawmakers are requesting a briefing from the FBI on its legal and policy rationale for withholding the ransomware key, as well as the FBI’s overall strategy for addressing, investigating, preventing, and defeating ransomware attacks,” the Committee said in a press release on Wednesday.

As Committee Chairwoman Carolyn B. Maloney said in a letter addressed to FBI Director Wray, during the FBI’s delay to help the REvil ransomware victims, many businesses, schools, and hospitals lost money and time while trying to recover their data and restore impacted systems.

“Although the Federal Bureau of Investigation (FBI) reportedly obtained a digital decryptor key that could have unlocked affected systems, it withheld this tool for nearly three weeks as it worked to disrupt the attack, potentially costing the ransomware victims—including schools and hospitals—millions of dollars,” Maloney added.

“We request a briefing from the FBI on its legal and policy rationale for withholding the digital decryptor key as it attempted to disrupt this cyber attack, and the FBI’s overall strategy for addressing, investigating, preventing, and defeating ransomware attacks.

Also Read: The impact of GDPR and PDPA in Singapore

“Congress must be fully informed whether the FBI’s strategy and actions are adequately and appropriately addressing this damaging trend.”

Ongoing joint investigation likely behind delay

Last week, FBI Director Christopher A. Wray testified before Congress, saying that the federal law enforcement agency withheld the decryption for almost three weeks because it planned an operation to disrupt the Russian REvil ransomware gang without tipping them off, according to a Washington Post report.

However, before the FBI could execute its takedown plan, REvil shut down operations, took down their infrastructure in mid-July, and disappeared after its leak sites also went offline overnight. FBI declined to comment when BleepingComputer reached out to ask about the shut down of REvil’s servers.

Wray also said to Congress that the delay was the direct result of the FBI coordinating with other agencies and allies.

“We make the decisions as a group, not unilaterally,” Wray said while refraining from providing more info due to an ongoing investigation.

“These are complex [..] decisions, designed to create maximum impact, and that takes time in going against adversaries where we have to marshal resources not just around the country but all over the world.”

FBI: Creating a decryptor takes time

Another reason invoked by Wray for the delay in helping the Kaseya attack victims was the time needed to test and validate the decryption key, and build a decryptor that could be used to recover encrypted files.

However, the universal key provided by the FBI to Kaseya was quickly put to use by Emsisoft, who tested it and developed a decryptor within 10 minutes, primarily because of the company’s extensive experience with REvil ransomware.

The Kaseya supply-chain ransomware attack coordinated by the REvil gang hit roughly 50 managed service providers (MSPs) as well as up to downstream 1,500 businesses

Also Read: Free 8 Steps Checklist for Companies to Prevent Data Breach

“The attack had limited impact, with only approximately 50 of the more than 35,000 Kaseya customers being breached,” Kaseya said after the incident.

“Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1,500 have been compromised.”

This was not the first time ransomware groups have attacked Kaseya’s cloud-based MSP platform in recent years.

GandCrabREvil (Sodinokibi), and Ragnar Locker also targeted Kaseya’s remote management tools to make it harder for victim’s MSPs to block ongoing ransomware attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us