#AxisOfEasy 219: New Hive Malware Variants Now Encrypt Linux And FreeBSD Systems

Weekly Axis Of Easy #219

Last Week’s Quote was “I tremble for my country when I reflect that God is just. ”  was Thomas Jefferson and 3 people got the right answer, but El Borak got it first.

This Week’s Quote:  “Sometimes I wonder whether the world is being run by smart people who are putting us on, or by imbeciles who really mean it.” …by???

THE RULES: No searching up the answer, must be posted to the blog– the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.

In this issue:

  • Europol arrests hackers linked to over 1,800 ransomware attacks
  • New Hive malware variants now encrypt Linux and FreeBSD systems
  • The US offers $10 million as a reward for information on DarkSide Ransomware
  • Zoom will continue to be free of charge for basic users through an advertising program 
  • US blacklists NSO Group and three other companies for spyware trade
  • Canada’s War On Permissionless Innovation


Europol arrests hackers linked to over 1,800 ransomware attacks

Europol, the law enforcement agency for the European Union, announced the arrest of 12 individuals allegedly involved in ransomware attacks against 1,800 victims in 71 countries.

Reports indicate that the attackers deploy ransomware strains, including LockerGoga, MegaCortex, and Dharma, in addition to malware like Trickbot and post-exploitation tools like Cobalt Strike.

As one of their most special attacks, the suspects attacked Norsk Hydro, the Norwegian aluminum giant, which led to severe and lengthy disruptions in its operations. Norwegian police have been hunting for the threat actors since then in collaboration with foreign counterparts.

A simultaneous search resulted in the arrests taking place on October 26, 2021, in Switzerland and Ukraine, during which police seized five luxury vehicles, electronic devices, and $52,000 in cash.
Europol says the arrested individuals are high-value targets since they are alleged to have spearheaded multiple high-profile ransomware attacks.

Read: https://www.bleepingcomputer.com/news/security/police-arrest-hackers-behind-over-1-800-ransomware-attacks/

New Hive malware variants now encrypt Linux and FreeBSD systems

A new malware variant specifically developed for Linux and FreeBSD is being used by the Hive ransomware gang to encrypt these platforms.
According to ESET, a Slovak internet security firm, Hive’s new encryptors are still under development and lack functionality. When ESET’s analysis of the Linux variant was performed, it turned out that the encryption feature ultimately failed when the malware was run with an explicit path.

“Just like the Windows version, these variants are written in Golang, but the strings, package names, and function names have been obfuscated, likely with obfuscate,” ESET Research Labs explained.
Hive, a ransomware group active since at least June 2021, has already hit over 30 organizations, counting only victims who refused to pay the ransom.

Ransomware gangs have increasingly turned their sights on Linux servers after enterprises gradually migrated to virtual machines to simplify management and increase efficiency.

Read: https://www.bleepingcomputer.com/news/security/hive-ransomware-now-encrypts-linux-and-freebsd-systems/

The US offers $10 million as a reward for information on DarkSide Ransomware

The US government is offering a reward of $10 million for information that can lead to identifying and locating individuals associated with the DarkSide ransomware group or any of its renamed entities.

As an added incentive, the State Department is offering bounties of up to $5 million for intel and tip-offs that may lead to the arrest and/or conviction of individuals who are conspiring or attempting to participate in transnational organized crime activities.

The State Department said in a statement that the United States offers these rewards as a way of demonstrating its commitment to protecting ransomware victims around the world from exploitation by cybercriminals.

The decision comes in response to DarkSide’s high-profile attack on Colonial Pipeline in May 2021, taking down the largest fuel pipeline in the US and disrupting fuel supply to the East Coast for roughly a week. The hackers managed to gain entry into the company’s networks using a VPN account password circulating in the dark web.

Read: https://thehackernews.com/2021/11/us-offers-10-million-reward-for.html

Zoom will continue to be free of charge for basic users through an advertising program

Zoom has announced a pilot advertising program expected to support investment and continue to provide free Basic users access to the platform.

Millions of users worldwide have access to Zoom’s products and services for free since the company’s user base expanded from primarily enterprise users to include a large volume of individual users as the pandemic took hold in 2020.

For this initial program, ads will be rolled out only on the browser page users see once they end their meeting. Only free Basic users in certain countries will see these ads if they join meetings that other free Basic users host.

“We have carefully and thoughtfully considered how to implement this advertising pilot program, and we have done so intending to ensure user choice. Users will see a banner on Zoom’s website that provides a link that takes them to our cookie management tool,” the company said in a blog post released on November 1.

The communications platform updated their Privacy Statement to account for this advertising program, noting that they will not use meeting, webinar, or messaging content for marketing, promotions, or third-party advertising purposes.


US blacklists NSO Group and three other companies for spyware trade

The United States has sanctioned four Israeli, Russian, and Singaporean firms for developing spyware or selling hacking tools used by state-sponsored hacking groups.
Israel’s NSO Group and Candiru have been sanctioned to create and sell spyware to target journalists and activists. At the same time, Positive Technologies and Computer Security Initiative Consultancy PTE. LTD. face sanctions for supplying hacking tools and exploits used by state-sponsored hacking groups to gain unauthorized access to corporate networks.

By placing these four companies on the Entity List, Commerce’s Bureau of Industry and Security (BIS) prevents the export, re-export, or transfer of their products or services.

“Specifically, investigative information has shown that the Israeli companies NSO Group and Candiru developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, business people, activists, academics, and embassy workers,” reads the Department of Commerce’s final ruling to the Export Administration Regulations (EAR).

BIS now requires that companies intending to export, re-export, or transfer items obtain a license before they can do so. This license, however, comes with a “presumption of denial,” which means the US government will deny it in almost all cases.

Read: https://www.bleepingcomputer.com/news/security/us-sanctions-nso-group-and-three-others-for-spyware-and-exploit-sales/

Canada’s War On Permissionless Innovation

Former CRTC Commissioner Tim Denton penned this piece about what he calls “permissionless innovation.” By that he tracks the arc of innovation from broadcasting, through telecom into the internet era. Under the broadcasting legislation, licenses are a public trust, and thus speech and innovation are essentially “permissioned.” You need the state to sign off on your license, your spectrum and content.

The internet, started out as permissionless. Everything goes in terms of innovation and content. However now, with the government’s attempts to move the internet under the auspices of broadcasting and telecom, we move toward permissioned innovation and by extension, permissioned speech.

Worse, this is being done without ever really placing the issue in front of Canadians for input, or to decide if this is something they really want.


5 thoughts on “#AxisOfEasy 219: New Hive Malware Variants Now Encrypt Linux And FreeBSD Systems

  1. If anybody replies that it was Mark Twain said “The world is being run by smart people,.. etc”, don’t believe ’em!
    The phrase is obviously full of 20th Century idioms, – no one in the 19th Century ever talked or wrote like that.
    The author is actually a Canadian! As I’ve already won my DN prize this year, I shall let your correspondents figure out who said it.

Leave a Reply

Your email address will not be published. Required fields are marked *