REvil Gang Members Arrested and Charged, $6 Million Recovered in Sweeping U.S. Actions to Knock Back Ransomware Attackers

Robinhood hack reveals data on seven million users, Retail giant MediaMarkt hit by Hive ransomware, NSO Group may face discovery in WhatsApp lawsuit, Investor group buys McAfee for $14 billion, more

Check out my latest column in CSO, which takes a deeper look at the Pentagon’s plans to produce a 2.0 version of its controversial Cybersecurity Maturity Model Certification (CMMC).

In a robust series of sweeping multi-national moves against ransomware operators, the U.S. Justice Department announced arrests and charges against hackers allegedly affiliated with the Sodinokibi/REvil ransomware gangs and the recovery of over $6 million in funds traced back to the group.

An unsealed indictment charged Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware attacks against multiple victims, including the July 2021 attack against business software company Kaseya. The seized funds are traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who federal prosecutors have also charged with conducting Sodinokibi/REvil ransomware attacks.

Vasinskyi was taken into custody on October 8 in Poland, where he remains held by authorities pending proceedings in connection with his requested extradition to the United States. Separately, Europol announced that Romanian authorities arrested on November 4 two individuals suspected of cyber-attacks deploying the Sodinokibi/REvil ransomware. Authorities made the arrests as part of Operation Golddust, which involved 17 countries, including the United States, Europol, Eurojust, and INTERPOL.

The U.S. Treasury Department also announced sanctions against Vasinskyi and Polyanin for their part in perpetuating Sodinokibi/REvil ransomware incidents against the United States. Treasury further imposed sanctions against Chatex, a virtual currency exchange, and its associated support network for facilitating financial transactions for ransomware actors. Treasury also sanctioned IZIBITS OU, Chatextech SIA, and Hightrade Finance Ltd for providing material support and assistance to Chatex. (Ellen Nakashima and Dalton Bennett / Washington Post)

Related: Europol, The Record, Bleeping Computer, Associated Press, CNN, Forbes, Washington Post, NBC News, Bloomberg, CyberNews, Cybersecurity| Reuters.com, Digital Transactions, CNBC, Justice.gov, New York Times, AOL, Digital Journal, Devdiscourse News Desk, FutureFive New Zealand, Security Brief, TODAYonline, The Hill: Cybersecurity, WGRZ - News, protocol, MarketScreener.com, WRAL Tech Wire, CNN.com, Devdiscourse News Desk, MarketScreener.com, Daily Mail, Radio Free Europe / Radio Liberty, Slashdot, CBSNews.com, Bleeping Computer, NPR, The Register - Security, Meritalk, Deutsche Welle, WGRZ - News, San Francisco Chronicle, Capital Press, PerthNow, CTVNews.ca, TribLIVE Today's Stories, Courthouse News Service, Gizmodo, Sydney Morning Herald, Deutsche Welle, Daily Dot, TechSpot, Security Week, iTnews - Security, Reddit cybersecurity, NY Post, ZDNet, Daily Mail, CRN, Cointelegraph.com News, Cyberscoop, Decrypt, Security Week, USATODAY, UPI.com, Dark Reading, Digital Journal, Sputnik News, Threatpost, Meritalk, Daily Mail, Techradar, Voice of America, Engadget, Krebs on Security, Kharon, PYMNTS.com, Courthouse News Service, New York Times - Nicole Perlroth, CSO Online, MacRumors, LA Daily News, Mercury News, FutureFive New Zealand, Big News Network, Slashdot, Al Jazeera English, France 24, The Independent, Cybersecurity Insiders, WCCFtech, The Hacker News, Security News | Tech Times, Patently Apple, TechJuice, Finance Magnates, Security Affairs, Infosecurity Magazine, Treasury.gov, Krebs on Security, The Block, Bleeping Computer, The Record by Recorded Future

Cryptocurrency trading app Robinhood announced that it experienced a data security incident when an unauthorized third party obtained access to personal information for seven million of its customers.

Email addresses for about five million Robinhood users were exposed, as were the full names of a different group of about two million users. The intruder also accessed more-extensive personal information for a subset of more than 300 users. However, Robinhood said that no Social Security numbers, bank account numbers, or debit card numbers were exposed, and customers haven’t experienced any financial losses. The company said that the intruder gained access to Robinhood systems by impersonating an authorized party to a customer-support employee on the phone.

Robinhood said the intruder demanded a ransom after it contained the hack. The company informed law enforcement and continues to investigate the incident with the help of cybersecurity company Mandiant. (Peter Rudegeair and Robert McMillan / Wall Street Journal)

Related: KRGE, 9to5Mac, CNET, Security Week, Boston.com, Associated Press, Bleeping Computer, Decrypt, The Record by Recorded Future, Insider Paper, iTnews - Security, iMore, CNN.com, 9to5Mac, Tech - Insider, Quartz, Wall Street Journal, Ubergizmo, Reuters: World News, DataBreaches.net, SiliconANGLE, ZDNet Security, Boston.com, The Register - Security, AppleInsider, The Verge, protocol, Marketwatch, Japan Today, LA Daily News, Security News | Tech Times, Daily Mail, SlashGear, Startups News | Tech News, Digital Trends, Motherboard, Slashdot, Security Week, Gizmodo, BNN Bloomberg, Tech Xplore, ABC News: U.S., Cyber Kendra, Engadget, Robinhood

European electronics retail giant MediaMarkt suffered a Hive ransomware attack with an initial ransom demand of $240 million, forcing it to shut down its IT systems and disrupting store operations in Netherlands and Germany.

Screenshots posted on Twitter suggest state that 3,100 servers were affected in this attack. It’s unclear if malicious actors stole data in the attack, but Hive ransomware is known to steal files and publish them on their 'HiveLeaks' data leak site if victims don’t pay the ransom. (Lawrence Abrams / Bleeping Computer)

Related: TechZine, Dutch News, Retail Detail, RTL News

According to descriptions by recent Israeli soldiers, the Israeli military has been conducting a broad surveillance effort in the occupied West Bank to monitor Palestinians by integrating facial recognition with a growing network of cameras and smartphones. The database behind this effort was built by Israeli soldiers who competed in a contest last year to photograph Palestinians, including children and the elderly.

The effort involves in part a smartphone technology called Blue Wolf that captures photos of Palestinians’ faces and matches them to a database of images so extensive that one former soldier described it as the army’s secret “Facebook for Palestinians.” The phone app flashed in different colors of the Palestinian is to be detained, arrested, or left alone. (Elizabeth Dwoskin / Washington Post)

Related: Algemeiner.com, RT USA, The Verge, RT News

The U.S. court of appeals for the ninth circuit rejected Israeli spyware NSO Group’s company’s claim that it ought to be protected under sovereign immunity laws. The ruling comes in a high-profile lawsuit that Facebook-owned WhatsApp brought against the company alleging that its spyware was used to hack 1,400 users of the app.

The case can now move forward to discovery, which could reveal who NSO’s government clients are, how its technology works, and the process used to deploy its signature spyware, called Pegasus, attacks against mobile phone users. (Stephanie Kirchgaessner / The Guardian)

Related: Reuters, The Register - Security, The New Arab, Hamodia

In a rare acknowledgment of a foreign state-sponsored hacking incident, China’s Ministry of State Security said that a foreign intelligence agency hacked several of the country’s airlines in 2020 and stole passenger travel records.

“After an in-depth investigation, it was confirmed that the attacks were carefully planned and secretly carried out by an overseas spy intelligence agency,” the MSS said in a press release distributed via state news channels last Monday. (Catalin Cimpanu / The Record)

Related: DataBreaches.net, Xinhua Daily Telegraph

In one of the largest cybersecurity acquisitions in IT history, cybersecurity giant McAfee has officially entered into a definitive agreement to be bought by an investor group led by Advent International Corporation and Permira Advisers LLC, Crosspoint Capital Partners, Canada Pension Plan Investment Board, GIC Private Limited, and a wholly-owned subsidiary of the Abu Dhabi Investment Authority for $14 billion next year with plans to take the security star private.

The investor group will acquire all outstanding shares of McAfee common stock for $26 per share in an all-cash transaction valued at approximately $12 billion on an equity value basis and over $14 billion on an enterprise value basis after giving effect to the repayment of McAfee debt. (Mark Haranas / CRN)

Related: VC Deals – PE Hub, Techradar, Financial Times, Business Wire Technology: Security News, Gadgets Now, Cybersecurity| Reuters.com, Private Equity Wire, The Verge, San Jose Business News, Security Week, CRN, Slashdot, Benzinga, ZDNet Security, Investor's Business Daily, Channel Futures, WSJ.com: WSJD, Gadgets Now, The Register - Security, PitchBook, SD Times, Tech Xplore, Sputnik News, UPI.com, Dark Reading, SiliconANGLE, Channel Futures