Connect with us

Cyber Security

The FBI’s Decision to Withhold the Decryption Keys for the Kaseya Ransomware has Sparked Discussion

Published

on

Many security professionals backed the FBI’s decision to leave Kaseya victims infected for weeks with ransomware.

The FBI had the decryption keys for victims of the massive Kaseya ransomware attack in July, according to the Washington Post, but did not disclose them for three weeks.

The Kaseya attack impacted hundreds of organisations, including dozens of hospitals, schools, businesses, and even a Swedish supermarket chain.

The FBI obtained the decryption keys after gaining access to the servers of REvil, the Russia-based criminal organisation that was behind the enormous attack, according to Washington Post reporters Ellen Nakashima and Rachel Lerman.

Before going black and shutting down large elements of its infrastructure shortly after the attack, REvil wanted a $70 million ransom from Kaseya and thousands of dollars from individual victims. Although the gang has since resurfaced, many organisations are still reeling from the July 4th attack.

Despite the vast number of people who were affected by the attack, the FBI chose to keep the decryption keys to themselves as they prepared to attack REvil’s infrastructure. The FBI did not want to give the decryption keys to REvil operators, according to The Washington Post.

According to The Washington Post, the FBI also indicated that “the impact was not as severe as initially anticipated.”

Officials told the newspaper that the FBI attack on REvil was never carried out as a result of REvil’s disappearance. On July 21, weeks after the incident, the FBI finally handed over the decryption keys to Kaseya. Several victims spoke to The Washington Post about the millions of dollars that were lost and the massive harm that the attacks caused.

SEE ALSO:

Researchers At IOActive Said ICS Hacked Through Barcode Scanners

Bitdefender received the decryption keys from another law enforcement source, which published a universal decryptor earlier this month for all victims affected before July 13, 2021. According to a Bitdefender spokesman, the decryptor has been utilised by more than 265 REvil victims.

During his appearance before Congress on Tuesday, FBI Director Christopher Wray blamed the delay on other law enforcement agencies and allies who allegedly requested that the keys not be released. He stated that he was constrained in what he could say about the matter because the incident is still being investigated.

“We make the decisions as a group, not unilaterally. These are complex…decisions, designed to create maximum impact, and that takes time in going against adversaries where we have to marshal resources not just around the country but all over the world. There’s a lot of engineering that’s required to develop a tool,” Wray told Congress. 

The news sparked heated debate among security professionals, with many defending the FBI’s decision to leave victims battling for weeks to recover from the attack.

Consider this: CISO Mike Hamilton, who dealt with a particularly tricky instance in which a Kaseya victim was left in the dark after paying a ransom just before REvil vanished, stated that being cautious about divulging procedures is a standard practise in law enforcement and intelligence.

“There is a ‘tell’ though, that we’ve confirmed ourselves. The FBI is quoted as saying that the damage wasn’t as bad as they thought and that provided some time to work with. This is because the event wasn’t a typical stealth infiltration, followed by pivoting through the network to find the key resources and backups. From all indications the only servers that were encrypted by the ransomware were the ones with the Kaseya agent installed; this was a smash-and-grab attack,” Hamilton said.

“If you had it deployed on a single server used to display the cafeteria menu, you could rebuild quickly and forget the whole thing happened. The fact that the world wasn’t really on fire, again, created time to dig further into the organization, likely for the ultimate purpose of identifying individual criminals. Those organizations that WERE hit hard had the agent deployed on on-premises domain controllers, Exchange servers, customer billing systems, etc.”

The FBI may have seen the need to prevent or shut down REvil’s operations as outweighing the need to save a smaller group of companies struggling in a single attack, according to Sean Nikkel, senior threat intel analyst at Digital Shadows.

Because of REvil’s growing scale of attacks and extortion demands, a rapidly evolving situation requiring an equally rapid response likely preempted a more measured response to the Kaseya victims, according to Nikkel, who added that while it is easy to judge the decision now that we have more information, it must have been a difficult decision at the time.

“Quietly reaching out directly to victims may have been a prudent step, but attackers seeing victims decrypting files or dropping out of negotiations en masse may have revealed the FBI’s ploy for countermeasures,” Nikkel told ZDNet.“Attackers then may have taken down infrastructure or otherwise changed tactics. There’s also the problem of the anonymous soundbite about decryption making its way into public media, which could also tip off attackers. Criminal groups pay attention to security news as much as researchers do, often with their own social media presence.” 

Open backchannel communications with incident response organisations involved, Nikkel indicated, would have been a preferable strategy to better coordinate resources and response, but he added that the FBI may have already done so.

The incident, according to BreachQuest CTO Jake Williams, is a textbook case of an intelligence gain/loss evaluation.

It’s easy, he continued, for individuals to play “Monday morning quarterback” and criticise the FBI for not disclosing the keys after the fact, as Nikkel did.

Williams did point out, however, that the direct financial impact was almost definitely greater than the FBI thought when it withheld the key to protect its operation.

“On the other hand, releasing the key solves an immediate need without addressing the larger issue of disrupting future ransomware operations. On balance, I do think the FBI made the wrong decision in withholding the key,” Williams said.“However, I also have the convenience of saying this now, after the situation played itself out. Given a similar situation again, I believe the FBI will release the keys unless a disruption operation is imminent (hours to days away). Because organizations aren’t required to report ransomware attacks, the FBI lacked the full context required to make the best decision in this case. I expect this will be used as a case study to justify reporting requirements.”

Critics must remember, according to John Bambenek, chief threat hunter at Netenrich, that the FBI is first and foremost a law enforcement institution that will always act in a way that optimises law enforcement outcomes.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/the-fbis-decision-to-withhold-the-decryption-keys-for-the-kaseya-ransomware-has-sparked-discussion/

Cyber Security

Accenture Confirmed Proprietary Information Stolen in a Ransomware Attack

Published

on

Accenture, a consulting firm, has stated that confidential data was stolen in a ransomware assault that was revealed in August 2021.

LockBit ransomware operators claimed to have stolen over 6 terabytes of data from Accenture’s computers at the time, demanding a $50 million ransom to keep the material private.

The attackers uploaded over 2,000 data allegedly stolen during the event, threatening to disclose more if Accenture did not pay the desired money in a timely manner.

Accenture stated at the time that it was able to quickly isolate the event and restore damaged systems from backups, but it didn’t say what kind of data was stolen.

The corporation disclosed that the attackers were able to take certain confidential information from its systems in a Form 10-K filing with the Securities and Exchange Commission (SEC) last week.

“As previously stated, we discovered abnormal activity in one of our environments during the fourth quarter of fiscal 2021, which included the extraction of proprietary information by a third party, some of which was made available to the public by the third party,” the business said.

Unauthorized access to the firm’s networks, data theft, and breaches affecting client systems enabled or provided by the company haven’t had a major impact on operations, according to Accenture, though a financial impact is predicted.

SEE ALSO:

Cybersecurity Official Says Authorities To Unravel the Likely Russian Hack of U.S. Government Agencies

It’s still unknown what kind of information the attackers got from Accenture. However, it does not appear that the organisation has issued breach notifications in the event that personally identifiable information has been compromised.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/accenture-confirmed-proprietary-information-stolen-in-a-ransomware-attack/

Continue Reading

Cyber Security

FinCEN in Response to Severity of Ransomware Attacks Against U.S. Critical Infrastructure

Published

on

During the first half of the year, the Financial Crimes Enforcement Network (FinCEN) of the US Department of Treasury discovered a total of 177 bitcoin wallets linked to the top 10 most regularly reported ransomware variants.

FinCEN claims that these 177 distinct wallet addresses were used to make $5.2 billion in outgoing Bitcoin transactions, the majority of which could be tied to ransomware, in a report documenting ransomware-related financial transactions.

Financial institutions reported 635 ransomware-related suspicious activity reports (SARs) between January 1 and June 30, 2021, with 458 transactions occurring over that time period.

The overall worth of suspicious activity was $590 million, far more than the $416 million recorded for the full year of 2020. The total amount of registered transactions for the first half of the year was $398 million; the difference represents transactions that occurred prior to January 1, 2021.

FinCEN believes that the ransomware-related transaction value of filed reports will be bigger by the end of the year than the aggregate value of reports filed over the previous ten years.

“As a result of the change to remote and online work in response to COVID-19, organisations’ risks and vulnerabilities to cyberattacks such as ransomware have increased.” Small municipalities and healthcare organisations have also been targeted more frequently, owing to “perceived weaker security controls and a higher proclivity of these victims to pay the ransom due to the criticality of their services, particularly during a global health pandemic,” according to FinCEN.

SEE ALSO:

The Kraken Attack Technique Abuses WER to Avoid Detection

The majority of ransomware-related payments in the first half of the year were under $250,000, with a median average payment of $102,273, slightly higher than the $100,000 paid in the same period last year.

The top ten ransomware variations discovered during the study period (of of a total of 68 variants specified in filed reports) were responsible for $217.56 million in suspicious activity, with monthly payments ranging from $3,095 to $43.06 million.

For the top ten most often reported ransomware variations, a total of 242 reports were made, with a total value of occurrences of nearly $152.5 million.

FinCEN discovered 177 crypto wallets used for payments associated with these ransomware versions, as well as $5.2 billion transmitted from these wallets to recognised businesses, including 51% to exchanges and 43% to other convertible virtual currency (CVC) services. Payments to mixing services accounted for about 1% of total payments.

“Not all of the cash sent from these wallet addresses are undoubtedly tied to ransomware payments,” FinCEN writes, “but all of the exchanges and services mentioned below were at the very least a direct counterparty to wallet addresses that received ransomware-related payments.”

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/fincen-in-response-to-severity-of-ransomware-attacks-against-u-s-critical-infrastructure/

Continue Reading

Cyber Security

Install Bacula Client Windows 7 For Easy File Storage

Published

on

Install Bacula Client Windows 7 For Easy File Storage- When the need arises, the Bacula Client Windows 7 download makes it simple to save and retrieve your data.

Bacula is a popular open-source backup solution used by millions of people. It’s been around for a while among Linux OS users. It is now accessible for Windows 7 users to download and install, allowing them to experience worry-free backup.

It ensures that it will be available 24 hours a day, 7 days a week to back up all of your new data. Working quietly in the background so as not to disrupt your work. Alternatively, utilising a large amount of your computer’s resources.

Table of Contents

How To Install The Bacula Client Windows 7

Bacula must be downloaded and installed on your Windows OS device in order for it to work. You should also make sure you’re installing the correct Bacula client for the Windows version you’re using.

By installing Bacula, you will be able to save and retrieve all of your data quickly and effortlessly. Bacula is simple to use and may be scaled to fit a big computer network.

SEE ALSO:

Who Can Solve Data Structure Assignment Questions?

To successfully install the Bacula Client Windows 7 option on your device, follow this step-by-step guide.

  • The Bacula Systems repository should be downloaded and unpacked. Make sure to choose the Windows 7 client. This makes it simple to download and install, as well as compatible with your devices.
  • Accept to execute Setup as Administrator by following the download and installation steps.
  • Choose the appropriate.exe file for your Windows OS architecture. 32 or 64 bits are available.
  • As you follow the installation steps, accept the licence terms.
  • Select custom installation type when the installation type prompt appears. This aids in the installation of the Bacula client on your device. It will provide your client a name and a password that is generated at random. Notepad is a good place to save these.
  • Choose the aspects of Bacula you want to install on the Choose Components window that appears next. You can pick all of them or just the ones your system or devices require.
  • The Configuration prompt appears next. Fill in the name and password of your Bacula client in this field. In step 5, these were already created. It’s as simple as copying and pasting. If you like, you may also alter the specified username and password.
  • Name your Bacula Director on the following setting pop-up. The Bacula Director is an important part of the Bacula system. It synchronises Bacula’s functions on your device.
  • Wait for the installation process to finish after clicking install on this pop-up box.
    Finally, configure your Bacula client to work with your Windows 7 devices.

SEE ALSO:

Bacula Win64 5.2 10 Exe Installation Guide

Bacula Client Window 7 Configuration

Configure your Bacula client to your device or system when installation is complete.

Here’s how to get started.

  • Edit the configuration files for the client.
  • Check that the Director Name on your existing client matches the one produced during download and installation.
  • Enter the password that was generated.
  • If you choose, you can rename the file system.
  • Save your work and exit
  • Check that your Bacula client backup is operating by restarting your device.

Benefits Of Using Bacula For Windows

Available For Free

Bacula is an open-source backup programme that is accessible for free. You will not be charged for backing up and retrieving your data. Purchasing backup and recovery solutions, whether for a business or an individual, is costly.

Use a free superior backup solution like Bacula to save a lot of money.

Easy To Use

Bacula takes a lengthy time to set up and configure. The only difficult aspect about utilising it is this. It operates automatically after it is installed. Set the parameters it must adhere to when saving and retrieving data. Until you update the instructions, it will do precisely as instructed.

Highly Secure

Because of its construction, it is a very secure storage and backup option. It securely records, stores, and protects your data. It also transmits your stored data in a secure manner. For added security, your data may be sent to the cloud or stored on physical storage devices.

SEE ALSO:

Bacula vs Acronis Software Backup Full Review

Scalable

Bacula’s design ensures that it is suited for all users. It can be used by individuals who just have one device. Bacula is very simple to use for companies with extensive system networks.

Conclusion

The Bacula Client for Windows 7 is simple to download and install. Once you’ve configured it appropriately, you’re ready to put it to the test. It can provide you piece of mind by ensuring that your data is securely stored and conveniently accessible. Bacula can be used to secure data at home or in busy businesses.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/install-bacula-client-windows-7-for-easy-file-storage/

Continue Reading

Cyber Security

Fix Pname Com Facebook Orca Error on Android

Published

on

Android users occasionally get pop-up alerts on their screens from Facebook stating that Pname Com Facebook Orca has halted, which is understandably perplexing. Users would be unsure what to do if pop-ups appeared repeatedly. Today, we’ll go through in detail the Pname Com Facebook Orca error, which is a quite prevalent problem. We’d also like to offer some simple solutions for the Pname Com Facebook Orca error.

Let’s start with a definition of Pname Com Facebook Orca. It’s the name of a Facebook messenger app for smartphones. On an Android phone, the Orca folder stores all of the cache, plugins, videos, audios, photos, and files associated with this chat software.

Let’s go on to the Orca Katana folder on Facebook, which is well-known. This folder, which looks similar to the Orca folder, is for the Facebook app and is created immediately when the app is installed. There’s no need to be concerned about the folder. This folder, like the Orca folder, has a purpose, the discussion of which isn’t relevant here.

Now, let’s return to our original topic, the Facebook Orca folder, and delve a little deeper. Let us state right away that, while Pname Com Facebook Orca appears to be a problem for many people, it is not malware or anything that can harm you. Though the pop-up notification may upset you, Pname Com Facebook Orca is merely a folder that’s formed automatically and has a purpose, as we’ve already stated.

Table of Contents

Pname Com Facebook Orca allows users to recover deleted messages or chats from their Facebook messenger app. This is feasible because the Pname Com Facebook Orca folder contains all of the files associated with Facebook Messenger discussions. That’s also why the Orca folder takes up so much room on the phone.

When a user receives a pop-up message repeatedly stating that Pname Com Facebook Orca has stopped, it is quite frustrating. While the majority of individuals ignore the pop-ups, a small percentage of people erase Pname Com Facebook Orca. Neither of these options is the best option. Ignoring the problem will not solve it. Deleting the file will not address the problem because it will be automatically regenerated, and the pop-ups will begin to appear again. It is necessary to find a long-term solution.

SEE ALSO:

3Fun Dating App Exposes User’s exact location and personal information

To permanently fix the Pname Com Facebook Orca error, follow these steps:

  1. On your Android device, go to ‘Settings.’
  2. After that, go to the “Application” menu and select “All Apps.”
  3. Choose “Facebook App” from the drop-down menu.
  4. Delete all information
  5. Restart the Facebook application.

These techniques will assist you in permanently resolving the Pname Com Facebook Orca error. You will no longer receive the error notification after you have reset your app.

If the problem persists, you must remove the Facebook app, restart your device, and then reinstall the Facebook app from the Google Play Store. That, hopefully, would address the problem.

Getting messages from the Orca folder that have been deleted

The “com.facebook.orca” folder can be used to retrieve deleted Facebook Messenger communications. To recover such deleted communications, follow these steps:

  1. Go to your device’s File Explorer or File Manager. If you can’t locate it on your phone, go to the Google Play store and download it.
  2. Go to SD/Storage card in File Explorer. Look for the Android folder when you open it.
  3. Go to the Android folder and open it.
  4. Inside the Android folder, open the Data folder.
  5. Find the “com.facebook.orca” folder in Facebook Messenger and double-click it.
  6. Make your way to the “Cache” folder.
  7. Within the Cache folder, look for the “fb temp” folder.

You can find information about group and individual discussions in the “fb temp” folder, which contains backup copies of Facebook Messenger.
Another way to get messages from the “com.facebook.orca” folder is to use a USB cord to connect your phone to a computer and then look for the “com.facebook.orca” folder. You might then go to “Cache,” then “fb temp,” and finally “recover deleted messages.”

Have you lately deleted your Facebook messages and are desperate to get them back? If you answered yes, this post is for you! Missing essential messages can be aggravating, especially when you know it would be difficult to recover them. It is quite tough to undo most of your activities in this planet. However, utilizing Com.Facebook.orca, you may restore your deleted Facebook messages on both Android and PC.

Many critical interactions and conversations, I understand, take place on Facebook Messenger. Facebook is one of the most widely utilised social networking networks, with more than 2.7 billion users worldwide.

SEE ALSO:

Google Removed Dozens of Fake Chrome Malicious Extension Targeted Crypto Wallets

Com.Facebook.orca is a folder that is associated with the Facebook traveller app. All plug-ins, cache, movies, music files, photographs, and other types of information are saved under the Com.Facebook.orca folder.

You do not, however, need to create or download this folder. This folder is created automatically if you have Facebook or Messenger installed. Because the folder takes up a lot of space on your phone’s storage, you should check its size from time to time.

You can erase this folder by deleting the Facebook Messenger software from your Android device if you choose. However, if you want to restore your deleted messages after deleting this folder, you may need to uninstall and reinstall your Facebook or Messenger programme. This is done to automatically generate the Com.Facebook.orca folder.

Com.Facebook.orca is a folder that is already installed by default on your device, as previously stated. Facebook Messenger creates this folder. If you’ve accidentally removed this folder and want to reactivate it, you’ll need to reinstall Messenger.

The primary question now is: “Will Com.Facebook.orca cause harm to your device?” and the answer is emphatically no. It’s merely a folder where you may recover lost messages, not a virus that can harm your device.

How Can I Retrieve Deleted Facebook Messages From My Computer?

How to recover deleted Facebook messages on a computer differs differently from how to recover deleted Facebook messages on a laptop. As a result, the steps outlined below are some of the ones you’ll need to take.

I Connect your smartphone or tablet to the computer through a USB cord. Now, depending on your Windows version, go to MyComputer, File Explorer, or ThisPC.

ii). To get to the file, you must double-click the device. Double-click the internal storage once more.

iii). Click on the Android folder, then on the Data folder.

iv). Navigate to the Apps folder.

v) Look for Com.Facebook.orca and double-click it.

vi). Then look for fb temp in there. Make a copy of it.

vii). Uninstall Messenger first, and then reinstall it.

viii). Now is not the time to log into Facebook Messenger. To begin, copy and paste the fb temp file into the cache folder.

ix). It’s now time to sign in with your Facebook account. At the same time, if you get the cache, open the fb temp file, then choose and paste the messages you want to retrieve.

That’s all there is to it! All of your deleted messages will now be visible in your Messenger app, which you may access at any time.

SEE ALSO:

Steam Security Saga Continues with Vulnerability Fix Bypass

How Can I Get Back Deleted Facebook Messages On My Phone?

If you want to recover texts from your phone, the processes will be different than the ones stated above. Recovering deleted messages on a mobile phone is a breeze, and you’ll enjoy the procedures below.

I Go to your device’s File Explorer. Use a different file messenger than the default one. It is recommended that you use a third-party programme like ES File Explorer.

ii) To recover deleted messages using Com.Facebook.orca, go to SD Card or Storge in the file explorer, depending on your device’s storage location.

iii). After that, go to the Android folder and select Data. Click the Application folder once more, and then Com.Facebook.orca.

iv). After that, you’ll be able to inspect the cache before proceeding to open that exact folder.

v) Make a copy of fb temp, which you can see right now. Make a folder for it and paste it in there.

After you’ve completed the steps above, uninstall Facebook Messenger.

vii). After you’ve installed the app, go to the Cache folder and paste fb temp there.

viii). Then, using your Facebook account, reinstall it. You’ll be able to see and access all of your deleted messages soon.

Process Com.Facebook.orca problems can occur if this programme has stopped working. When there is a problem, the process may abruptly halt or shatter. This problem usually appears when a third-party programme or a technical issue interferes with the seamless operation of the Facebook or Messenger apps.

To correct the Com.Facebook.orca problem, follow the steps below. Take a peek around!

  1. On your Android device, go to Settings.
  2. On the Settings page, look for Applications and click on it. To locate this folder, use the Search bar.
  3. You’ll find an option for All Apps in the Application folder.
  4. Then, in the list of programmes, look for the Messenger app and click ‘Clear All Data.’
  5. It’s possible that you’ll need to restart your Android device before opening the Facebook or Messenger apps and using them normally.
  6. As a result, the Com.Facebook.orca error has been resolved. Another option for resolving this issue is to uninstall and reinstall the programme from the Google Play Store.

Finally, some thoughts

You now have a good understanding of how to utilize Com.Facebook.orca to recover deleted Facebook messages on both your computer and your PC. So now you’re aware that your Android device contains a hidden folder (the Com.Facebook.orca folder). As a result, the actions outlined above will assist you in recovering your Facebook messages.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/fix-pname-com-facebook-orca-error-on-android/

Continue Reading
Esports4 days ago

The best teams in Hearthstone Mercenaries

Esports4 days ago

How Many Chapters are in the Demon Slayer Game?

Aviation3 days ago

Vaccine passports for overseas travel to be rolled out this week

Esports4 days ago

Demon Slayer: Kimetsu no Yaiba – The Hinokami Chronicles Character Tier List

Payments2 days ago

Everyone is building a wallet

Cyber Security2 days ago

Spotify Web Player

AI4 days ago

When to Contact an Attorney After a Car Accident

Esports2 days ago

New World team share details of upcoming server transfers in Q&A

AI4 days ago

5 Ways to Attract Clients with Law Firm SEO

Covid195 days ago

The CDC emphasizes COVID vaccinations as a key to safe holiday gatherings

Supply Chain3 days ago

Top 10 hydraulic cylinder manufacturers in China

Crowdfunding5 days ago

Podcast 320: Renaud Laplanche of Upgrade

Blockchain4 days ago

Reasons to Start Learning Blockchain Technology

ACN Newswire4 days ago

UpBots Launches Version 2.0 of its Crypto Trading Platform

Esports4 days ago

Only 6,900 pick’ems remain perfect after group B’s second round-robin at the 2021 World Championship

Automotive2 days ago

This Toyota Mirai 1:10 Scale RC Car Actually Runs On Hydrogen

Startups4 days ago

Customer Acquisition: 5 Cost Effective Ways to Reach Customers Online

Blockchain4 days ago

What Are the Different Types of Consensus Algorithms That Exist Today?

Fintech5 days ago

Truist sees significant growth across digital assets in Q3

Energy2 days ago

Capital Dynamics Clean Energy Infrastructure Receives Top Rankings from GRESB in 2021 for Renewable Power

Trending