Governments turn tables on ransomware gang REvil by pushing it offline

1 / 2
US officials talk about the Colonial Pipeline ransomware attack during a news conference in Washington, D.C. on June 7, 2021. (REUTERS/File Photo)
2 / 2
Short Url
Updated 22 October 2021
Follow

Governments turn tables on ransomware gang REvil by pushing it offline

  • Law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of at least some of their servers
  • One person familiar with the events said that a foreign partner of the US government carried out the hacking operation that penetrated REvil's computer architecture

The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official.
Former partners and associates of the Russian-led criminal gang were responsible for a May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the US East Coast. REvil's direct victims include top meatpacker JBS. The crime group's "Happy Blog” website, which had been used to leak victim data and extort companies, is no longer available.
Officials said the Colonial attack used encryption software called DarkSide, which was developed by REvil associates.
VMWare head of cybersecurity strategy Tom Kellermann said law enforcement and intelligence personnel stopped the group from victimizing additional companies.
"The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” said Kellermann, an adviser to the US Secret Service on cybercrime investigations. “REvil was top of the list.”
A leadership figure known as "0_neday," who had helped restart the group's operations after an earlier shutdown, said REvil's servers had been hacked by an unnamed party.
"The server was compromised, and they were looking for me," 0_neday wrote on a cybercrime forum last weekend and first spotted by security firm Recorded Future. "Good luck, everyone; I'm off."
US government attempts to stop REvil, one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world, accelerated after the group compromised US software management company Kaseya in July. 
That breach opened access to hundreds of Kaseya's customers all at once, leading to numerous emergency cyber incident response calls.

Decryption key
Following the attack on Kaseya, the FBI obtained a universal decryption key that allowed those infected via Kaseya to recover their files without paying a ransom.
But law enforcement officials initially withheld the key for weeks as it quietly pursued REvil's staff, the FBI later acknowledged. 
According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of at least some of their servers.
After websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself "Unknown," vanished from the internet.
When gang member 0_neday and others restored those websites from a backup last month, he unknowingly restarted some internal systems that were already controlled by law enforcement.
“The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised,” said Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB. “Ironically, the gang's own favorite tactic of compromising the backups was turned against them.”
Reliable backups are one of the most important defenses against ransomware attacks, but they must be kept unconnected from the main networks or they too can be encrypted by extortionists such as REvil.
A spokesperson for the White House National Security Council declined to comment on the operation specifically.
"Broadly speaking, we are undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors, working with the private sector to modernize our defenses, and building an international coalition to hold countries who harbor ransom actors accountable," the person said.
The FBI declined to comment.
One person familiar with the events said that a foreign partner of the US government carried out the hacking operation that penetrated REvil's computer architecture. A former US official, who spoke on condition of anonymity, said the operation is still active.
The success stems from a determination by US Deputy Attorney General Lisa Monaco that ransomware attacks on critical infrastructure should be treated as a national security issue akin to terrorism, Kellermann said.
In June, Principal Associate Deputy Attorney General John Carlin told Reuters the Justice Department was elevating investigations of ransomware attacks to a similar priority.
Such actions gave the Justice Department and other agencies a legal basis to get help from US intelligence agencies and the Department of Defense, Kellermann said.
"Before, you couldn't hack into these forums, and the military didn't want to have anything to do with it. Since then, the gloves have come off." 


Russia’s Putin holds talks with Slovakian PM Fico, in a rare visit to Moscow by an EU leader

Updated 22 December 2024
Follow

Russia’s Putin holds talks with Slovakian PM Fico, in a rare visit to Moscow by an EU leader

  • Fico has also been a rare senior EU politician to appear on Russian state TV following Moscow’s invasion of Ukraine

MOSCOW: Russian President Vladimir Putin on Sunday hosted Slovakia’s prime minister, Robert Fico, in a rare visit to the Kremlin by an EU leader since Moscow’s all-out invasion of Ukraine in February 2022.
Fico arrived in Russia on a “working visit” and met with Putin one-on-one on Sunday evening, Kremlin spokesman Dmitry Peskov told Russia’s RIA agency. According to Peskov, the talks were expected to focus on “the international situation” and Russian natural gas deliveries.
Russian natural gas still flows to some European countries, including Slovakia, through Ukraine under a five-year agreement signed before the war that is due to expire at the end of this year. At a summit in Brussels on Thursday, Ukrainian President Volodymyr Zelensky told EU leaders that Kyiv has no intention of renewing the deal, something Fico insisted will harm his country’s interests.
Slovakia last month signed a short-term pilot contract to buy natural gas from Azerbaijan, as it prepares for a possible halt to Russian supplies through Ukraine. Earlier this year, it struck a deal to import US liquefied natural gas through a pipeline from Poland.
The country can also receive gas through Austrian, Hungarian and Czech networks, enabling imports from Germany among other potential suppliers.
Visits and phone calls from European leaders to Putin have been rare since Moscow sent troops into Ukraine, although Hungary’s PM Viktor Orbán visited Russia in July, and Austrian Chancellor Karl Nehammer met with the Russian leader just weeks into the full-scale war. Both trips drew condemnation from Kyiv and European leaders.
Orbán, widely seen as having the warmest relations with Putin among EU leaders, has routinely blocked, delayed or watered down EU efforts to assist Kyiv and impose sanctions on Moscow for its actions in Ukraine. He has long argued for a cessation of hostilities in Ukraine but without outlining what that might mean for the country’s territorial integrity or future security.
Fico’s views on Russia’s war on Ukraine differ sharply from most other European leaders. The Slovakian PM returned to power last year after his leftist party Smer (Direction) won parliamentary elections on a pro-Russia and anti-American platform. Since then, he has ended his country’s military aid for Ukraine, hit out at EU sanctions on Russia, and vowed to block Ukraine from joining NATO.
Fico has also been a rare senior EU politician to appear on Russian state TV following Moscow’s invasion of Ukraine. In an interview with the Rossiya-1 channel in October, he contended the West has “prolonged the war” by supporting Ukraine, adding that sanctions against Russia were ineffective. He declared that he was ready to negotiate with Putin.
He also vowed to attend a military parade in Moscow next May that will mark the 80th anniversary of Nazi Germany’s defeat in World War II. The Kremlin has used the annual “Victory Day” celebrations to tout its battlefield prowess, and Putin hailed Russian troops fighting in Ukraine as “heroes” at this year’s event.

 


Ho Chi Minh City celebrates first metro

Updated 22 December 2024
Follow

Ho Chi Minh City celebrates first metro

HO CHI MINH CITY: Thousands of selfie-taking Ho Chi Minh City residents crammed into train carriages Sunday as the traffic-clogged business hub celebrated the opening of its first-ever metro line after years of delays.

Huge queues spilled out of every station along the $1.7 billion line that runs almost 20 kilometers from the city center — with women in traditional “ao dai” dress, soldiers in uniform and couples clutching young children waiting excitedly to board.

“I know it (the project) is late, but I still feel so very honored and proud to be among the first on this metro,” said office worker Nguyen Nhu Huyen after snatching a selfie in her jam-packed train car.

“Our city is now on par with the other big cities of the world,” she said.

It took 17 years for Vietnam’s commercial capital to reach this point. The project, funded largely by Japanese government loans, was first approved in 2007 and slated to cost just $668 million.

When construction began in 2012, authorities promised the line would be up and running in just five years.

But as delays mounted, cars and motorbikes multiplied in the city of nine million people, making the metropolis hugely congested, increasingly polluted and time-consuming to navigate.

The metro “meets the growing travel needs of residents and contributes to reducing traffic congestion and environmental pollution,” the city’s deputy mayor Bui Xuan Cuong said.

Cuong admitted authorities had to overcome “countless hurdles” to get the project over the line.


Suspect in German Christmas market attack held on murder charges

Updated 22 December 2024
Follow

Suspect in German Christmas market attack held on murder charges

  • Suspect strongly critical of German authorities as well as Islam in the past
  • Saudi Arabia repeatedly flagged to Germany concerns over posts on suspect’s social media, according to sources

MAGDEBURG: A man suspected of plowing a car through crowds at a German Christmas market in an attack that killed five people and injured scores faces multiple charges of murder and attempted murder, police said on Sunday.
Friday evening’s attack in the central city of Magdeburg shocked the country and stirred up tensions over the charged issue of immigration.
The suspect, who was in custody, is a 50-year-old psychiatrist from Saudi Arabia with a history of anti-Islamic rhetoric who has lived in Germany for almost two decades. The motive for the attack remained unclear.
There were scuffles and some “minor disturbances” at a far-right demonstration attended by around 2,100 people on Saturday night in Magdeburg, police said. They added that criminal proceedings would follow, but did not give details.
Protesters, some wearing black balaclavas, held up a large banner with the word “remigration,” a term popular with supporters of the far right who seek the mass deportation of immigrants and people deemed not ethnically German.
Other residents gathered to pay their respects to the dead.
A sea of flowers stretched out in front of St. John’s Church in Magdeburg, close to the scene of the crime, which attracted a steady stream of tearful mourners over the weekend.
“This is my second time here. I was here yesterday. I brought flowers and it moved me so much and I had to know today how many flowers were brought,” local resident Ingolf Klinzmann told Reuters.
A sign commemorating the victims bore in large lettering the word “Why?.”
A magistrate ordered the suspect, identified in German media as Taleb A., into pretrial custody on charges of murder on five counts as well as multiple counts of attempted murder and grievous bodily harm, police said in a statement.
Reuters could not immediately ascertain if the suspect had a lawyer.
Those killed were a nine-year-old boy and four women aged 52, 45, 75 and 67, the police statement said. Among the wounded, around 40 had serious or critical injuries.
Authorities said the suspected attacker used emergency exit points to drive onto the grounds of the Christmas market, where he picked up speed and plowed into the crowds, hitting more than 200 people in a three-minute attack. He was arrested at the scene.
German authorities have not named the suspect and German media reports have given his name only as Taleb A. in keeping with local privacy laws.

MOTIVE UNCLEAR
Interior Minister Nancy Faeser said in a statement on Sunday that the criminal investigation would leave no stone unturned.
“The task is to piece together all findings and paint a picture of this perpetrator, who does not fit any existing mold,” Faeser said.
“This perpetrator acted in an unbelievably cruel and brutal manner — like an Islamist terrorist, although he was clearly ideologically hostile to Islam,” she added.
The suspect had been strongly critical of German authorities as well as Islam in the past.
He had voiced support on social media platform X for the far-right Alternative for Germany (AfD) party and for US billionaire Elon Musk, who has backed the AfD.
The AfD has strong support in the former East Germany where Magdeburg is located. Opinion polls put it in second place nationally ahead of elections in February.
Its members, including the candidate for chancellor Alice Weidel, planned a rally in Magdeburg on Monday evening.
Saudi Arabia had repeatedly flagged to Germany concerns over posts on the suspect’s social media, according to a Saudi source and a German security source.
The Christian Democrats, Germany’s main opposition party, and the Free Democrats, who were part of the coalition government until its collapse last month, called for improvements to Germany’s security apparatus, including better coordination between federal and state authorities.
“The background must be clarified. But above all, we must do more to prevent such offenses, especially as there were obviously specific warnings and tips in this case that were ignored,” Sahra Wagenknecht, leader of the leftist BSW party, told the Welt newspaper.
The BSW, a new political party with far-left roots, has also condemned unchecked immigration and has gained considerable support ahead of the Feb. 23 election.
Chancellor Olaf Scholz, whose Social Democrats are trailing in opinion polls, attended a service for victims in Magdeburg’s cathedral on Saturday.


Minorities fear targeted attacks in post-revolution Bangladesh

Updated 22 December 2024
Follow

Minorities fear targeted attacks in post-revolution Bangladesh

  • In the chaotic days following Hasina’s August 5 ouster there was a string of attacks on Hindus
  • Muslim Sufi worshippers as well as members of the Baul mystic sect have also been threatened

DHAKA: For generations, the small Hindu temple outside the capital in Muslim-majority Bangladesh was a quiet place to pray — before arsonists ripped open its roof this month in the latest post-revolution unrest.
It is only one of a string of attacks targeting religious minorities since a student-led uprising toppled long-time autocratic leader Sheikh Hasina in August.
“We don’t feel safe,” said Hindu devotee Swapna Ghosh in the village of Dhour, where attackers broke into the 50-year-old family temple to the goddess Lakshmi and set fire to its treasured idols on December 7.
“My son saw the flames and doused them quickly,” said temple custodian Ratan Kumar Ghosh, 55, describing how assailants knew to avoid security cameras, so they tore its tin roof open to enter.
“Otherwise, the temple — and us — would have been reduced to ashes.”
Hindus make up about eight percent of the mainly Muslim nation of 170 million people.

In this photograph taken on December 3, 2024, Hindu devotees pray at Dhakeshwari Temple in Dhaka. (AFP)

In the chaotic days following Hasina’s August 5 ouster there was a string of attacks on Hindus — seen by some as having backed her rule — as well as attacks on Muslim Sufi shrines by religious hard-liners.
“Neither I, my forefathers or the villagers, regardless of their faith, have ever witnessed such communal attacks,” temple guardian Ghosh told AFP.
“These incidents break harmony and trust.”
Hasina, 77, fled by helicopter to India, where she is hosted by old allies in New Delhi’s Hindu-nationalist government, infuriating Bangladeshis determined that she face trial for alleged “mass murder.”
Attacks against Hindu temples are not new in Bangladesh, and rights activist Abu Ahmed Faijul Kabir said the violence cannot be regarded out of context.
Under Hasina, Hindus had sought protection from the authorities. That meant her opponents viewed them as partisan loyalists.
“If you analyze the past decade, there has not been a single year without attacks on minorities,” Kabir said, from the Dhaka-based rights group Ain o Salish Kendra.
This year, from January to November, the organization recorded 118 incidents of communal violence targeting Hindus.
August saw a peak of 63 incidents, including two deaths. In November, there were seven incidents.
While that is significantly more than last year — when the group recorded 22 attacks on minorities and 43 incidents of vandalism — previous years were more violent.
In 2014, one person was killed, two women were raped, 255 injured, and 247 temples attacked. In 2016, seven people were killed.
“The situation has not worsened, but there’s been no progress either,” said businessman and Hindu devotee Chandan Saha, 59.
Political rulers had repeatedly “used minorities as pawns,” Saha added.
The caretaker government has urged calm and promised increased security, and accused Indian media of spreading disinformation about the status of Hindus in Bangladesh.
Dhaka’s interim government this month expressed shock at a call by a leading Indian politician — chief minister of India’s West Bengal state Mamata Banerjee — to deploy UN peacekeepers.
Hefazat-e-Islam, an association of Islamic seminaries, has led public protests against India, accusing New Delhi of a campaign aimed at “propagating hate” against Bangladesh. India rejects the charges.
Religious relations have been turbulent, including widespread unrest in November in clashes between Hindu protesters and security forces.
That was triggered by the killing of a lawyer during protests because bail was denied for an outspoken Hindu monk accused of allegedly disrespecting the Bangladeshi flag during a rally.
Bangladeshi hard-line groups have been emboldened to take to the streets after years of suppression.
Muslim Sufi worshippers as well as members of the Baul mystic sect — branded heretics by some hard-liners — have also been threatened.
“There’s been a wave of vandalism,” said Syed Tarik, a devotee documenting such incidents.
Muhammad Yunus, the 84-year-old Nobel Peace Prize winner appointed the country’s “chief adviser,” has called for dialogue between groups.
Critics say it is not enough.
“To establish a peaceful country where all faiths coexist in harmony, the head of state must engage regularly with faith leaders to foster understanding,” said Sukomal Barua, professor of religion at Dhaka University.
Sumon Roy, founder of Bangladesh’s association of Hindu lawyers, said members of the minority were treated as a bloc by political parties.
“They have all used us as tools,” Roy said, explaining that Hindus had been previously threatened both by Hasina’s Awami League and its rival Bangladesh National Party.
“If we didn’t support AL we faced threats, and the BNP blamed us for siding with the AL,” he said. “This cycle needs to end.”


India, Kuwait upgrade ties to strategic partnership on Modi visit

Updated 22 December 2024
Follow

India, Kuwait upgrade ties to strategic partnership on Modi visit

  • Modi awarded Order of Mubarak Al-Kabeer for strengthening Kuwait-India relations
  • India, Kuwait leaders discussed cooperation in pharmaceuticals, IT, security

NEW DELHI: India and Kuwait upgraded bilateral ties to a strategic partnership on Sunday as their leaders eye stronger cooperation in “key sectors” ranging from pharmaceuticals to security.

Indian Prime Minister Narendra Modi signed a strategic partnership agreement with Emir of Kuwait Sheikh Mishal Al-Ahmad Al-Jaber Al-Sabah during his trip to the Gulf state, the first visit by an Indian leader in 43 years.

“We have elevated our partnership to a strategic one and I am optimistic that our friendship will flourish even more in the times to come,” Modi said in a statement.

“We discussed cooperation in key sectors like pharmaceuticals, IT, fintech, infrastructure and security.”

During the trip, the Kuwaiti emir presented Modi with the Order of Mubarak Al-Kabeer for his efforts in strengthening Kuwait-India relations.

The order is the highest civilian honor in Kuwait and is bestowed upon leaders and heads of state.

The emir said India was a “valued partner” in the country and the Gulf region and that he “looked forward” to India playing a greater role in the realization of Kuwait Vision 2035, according to a statement issued by the Indian Ministry of External Affairs.

The newly upgraded ties will open up “further cooperation in sectors such as defense … with the Kuwaiti armed forces,” especially the navy, said Kabir Taneja, a deputy director and fellow with the strategic studies program at the Observer Research Foundation in New Delhi.

Their closer cooperation in major sectors will also “further India’s economy-first agenda,” he added.  

“Pharmaceuticals, for example, is a point of strength of Indian manufacturing and can contribute to further building the sector in states such as Kuwait,” Taneja told Arab News.

India’s pharmaceutical exports have been growing in recent years, and the country was the third-largest drugmaker by volume in 2023.

Delhi is also among Kuwait’s top trade partners, with bilateral trade valued at around $10.4 billion in 2023-24.

Taneja said India-Kuwait ties are also likely to strengthen through the Indian diaspora, the largest expatriate community in the Gulf state.

Over 1 million Indian nationals live and work in Kuwait, making up about 21 percent of its 4.3 million population and 30 percent of its workforce.

“(The) Indian diaspora has been part of the Kuwaiti story for a long time,” Taneja said, adding that strengthening ties between the two countries will allow India, through its diaspora, to unlock “deeper economic cooperation potential.”