Today’s #GoodGuysPrevail Update…

Late last month, the U.S. Department of Justice, the U.K. National Crime Agency (NCA), the Federal Bureau of Investigation (FBI), and a host of international law enforcement agencies effectively locked the #LockBit #ransomware gang out of its own infrastructure. This criminal gang, believed to be responsible for the current attack on the Fulton County government in Georgia, has lost control of its public-facing websites and other servers, hindering its ability to victimize individuals and organizations.

Moreover, the seizure by international law enforcement unlocks a trove of content that could aid current and prior victims, notably including decryption keys (that could be shared with victims to recover their data). As if the disruption were not enough good news, the DoJ unsealed indictments today for two Russian nationals involved in deploying #LockBit worldwide.

#Kudos to this enormously complicated and coordinated response to a sophisticated #ThreatActor. For years, our foreign policy has been seeking to catch up with our cyber capability, and it’s rewarding to see these two things coalesce in an action like this. Job well done, all!

#AisA #cybercrime #digitalforensics #karma #justice #forensicinvestigation #lawenforcement #cyberattack #forensicengineering #ransomwareattack #encryption #dfir

Today’s #GoodGuysPrevail Update…

Happy New Year to one and all…well, except perhaps to the targets of this story. Just prior to the new year, the #darknet website for the AlphV/Blackcat #ransomware gang was replaced by a splash-page indicating that it had been seized by the Federal Bureau of Investigation (FBI).

Following this seizure, the U.S. Department of Justice announced that it had obtained the public/private keys controlling the criminal gang’s website and related infrastructure. According to the Cybersecurity and Infrastructure Security Agency, this gang victimized over 1,000 entities (75% of whom were in the U.S.), demanded over $500 million in ransom payments, and received nearly $300 million in extortion proceeds.

This criminal gang victimized some very recognizable companies in the healthcare, financial services, and manufacturing sectors. It also reported one of its victims to the U.S. Securities and Exchange Commission in an attempt to apply leverage to obtain an extortion payment.

Kudos to the international #lawenforcement effort on this victory. In addition to the Federal Bureau of Investigation (FBI) and U.S. Department of Justice, the U.S. Secret Service was also involved. So too were Europol, the German Federal Criminal Police Office, the national police forces of Australia, Spain, Estonia, and Austria, as well as the U.K.’s National Crime Agency (NCA).

#cybercrime #ransomwareattacks #AisA #justice #karma #digitalforensics #investigation #forensicinvestigation #DFIR #incidentresponse

Upcoming Speaking Engagement…

I’m very much looking forward to taking the stage with the inimitable Shawn Tuma in a few weeks. We’ll be covering two broad topics, #AI and #CyberSecurity, couching both in the context of #EnterpriseRiskManagement.

Grant Thornton LLP (US) is proud to be partnering with the FEI Dallas Chapter to deliver this session. This is a breakfast event, hosted by a tremendous organization. Please join us if you can! (Logistics and registration information can be found via the link below.)

#artificialintelligence #riskmanagement #boardofdirectors #cyberriskmanagement #artificialintelligenceforbusiness #businessrisk #ERM #cyberawareness #cyberdefense #cyber #cyberinsurance

Today’s #GoodGuysPrevail Update…

The U.S. Department of Justice announced yesterday that disrupted a global network of computers compromised by the Russian government’s Federal Security Service of the Russian Federation (FSB). This network employs the Snake #malware to steal sensitive content from hundreds of computer systems in at least 50 countries.

The “disruption”, coded by the Federal Bureau of Investigation (FBI), employs a malware technique to destroy malware – effectively issuing commands into this network that caused the Snake malware to overwrite its own vital components. #Karma

The disruption of this malicious network was focused on US-based systems, but the FBI is working with local authorities around the world to assist victims outside the United States. Kudos to the diligent and elegant attack on this scourge, which has dismantled an active FSB operation for over two decades – all via a lawful, court-authorized process. #RuleOfLaw #StudyInContrast

#AisA #justice #digitalforensics #lawenforcement #forensicinvestigation #cybercrime #forensics #investigations #warrant #russianfederation #security

Today’s #GoodGuysPrevail Update…

International #lawenforcement have arrested two individuals, believed to be core members of the odious #DoppelPaymer crime gang. For those who can’t keep all of these gangs straight, this is the group that shut down the University Hospital in Düsseldorf, employing the equally odious #emotet #malware.

The DoppelPaymer group victimized dozens of companies over several years. The US-based victims alone were extorted out of nearly €40M.

Kudos to the diligent #digitalforensic and #lawenforcement collaboration required to perform the attribution and tracing efforts that led to these arrests. Among those involved were the German Regional Police, the Ukrainian National Police, Europol, the Dutch Police, and the United States Federal Bureau of Investigation (FBI).

With any luck, the materials seized during these raids will lead to even more arrests!

#ransomware #cybercrime #forensicinvestigation #ruleoflaw #AisA #digitalanalytics #extortion #criminallaw #cyberattack #cyberrisk

Today’s #GoodGuysPrevail Update…

This one is a bit more of a “landscape” commentary, as it involves the precedent of a U.K. court’s application of court rules directing six different exchanges to cooperate (i.e., cough up customer and transactional details) in a crypto-/cyber-fraud investigation. I say this is a landscape commentary, as it is yet another indicator that jurisdictions are adapting to address the scourge of crypto-related scams in an effort to provide relief to fraud victims.

Kudos to the U.K. court system for expanding its operating procedures to address this pronounced need.

cryptocurrency #ruleoflaw #fraudinvestigations #cyberscams #digitalforensics #digitalassettracing #digitalassetrecovery #assettracing #assetrecovery #forensicinvestigation

Today’s #GoodGuysPrevail Update…

The U.S. Department of Justice recently charged six defendants in four separate crypto-related fraud cases:

• the largest known #NFT scheme charged to date;
• a global #Ponzi scheme involving unregistered securities;
• a fraudulent #ICO; and
• a fraudulent investment fund.

Like prior #GGP updates, these cases reflect the herculean efforts of coordinated #lawenforcement and #digitalforensic efforts. Kudos to the Federal Bureau of Investigation (FBI), the United States Attorneys’​ Offices, the Department of Homeland Security, Office of Inspector General.

If you believe that you are a victim of the Baller Ape Club, EmpiresX, TBIS, and Circle Society schemes, please visit the DOJ website for details on how to submit your “Victim Impact Statement” (and thereby register as a victim).

#ruleoflaw #fraudinvestigations #cybercrime #cryptoassets #digitalassettracing #digitalassetrecovery #forensicinvestigation #forensicaccounting #karma #AisA #digitalassets

Today’s #GoodGuysPrevail Update…

The U.S. Department of Justice announced yesterday that it has shut down (i.e., seized and taken control of the domains governing) several websites serving as both #DDoS attacks and as indexed search engines for breached personal information.

In the Federal Bureau of Investigation (FBI) announcement, the WeLeakInfo[.]to website was specifically referenced. For those who are unaware, this site contained roughly 7 billion indexed records of personal information illegally obtained from over 10,000 #databreaches. This is a 𝐁𝐈𝐆 𝐃𝐄𝐀𝐋.

Kudos to all involved: The Federal Bureau of Investigation (FBI), the U.S. Department of Justice, the National Police Corps of the Netherlands, and the Federal Police of Belgium.

justice #karma #ruleoflaw #digitalforensics #forensicinvestigation #lawenforcement #cybercrime #databreach #cyberforensics #police

Today’s #GoodGuysPrevail Update…

I know that there are many events unfolding in recent weeks with far more gravitas than the link below might indicate. That said, I share today’s update because it’s a testament to the depths that the second-handers of the world will sink to meddle in something designed to be life-affirming — and the importance of resisting such meddling.

For those who don’t know, #EuroVision is an international songwriting competition organized annually by the European Broadcasting Union, featuring participants primarily from European countries. Italian police foiled a series of cyberattacks by a pro-Russian hacking group called “Killnet”. The Killnet attacks were designed to skew the results of this year’s competition, but both the #DDoS and voting-manipulation attacks were unsuccessful.

In case you haven’t heard, the #EuroVision2022 winner was Ukraine.

#AisA #ruleoflaw #digitalforensics #lawenforcement #justice #karma #cybercrime #forensicinvestigation #databreach

Today’s #GoodGuysPrevail Update…

While the use of the verb “forfeit” in the headline of this story may seem confusing, it’s a GREAT turn of events. Simply put, U.S. Department of Justice, Criminal Division prosecutors in the Southern District of Florida have secured one of the largest #cryptocurrency #forfeiture actions ever filed in this country.

This story really resonates with me, as it represents a rather elegant intersection of #cyber and #crypto. The forfeiture action netted about $34M in cryptocurrency, all tied to the illegal #darkweb activity of a South Florida resident — specifically, the sale of online account credentials.

Of additional interest is the method by which this case was brought. In yet another example of inter-agency collaboration among federal, state, and local #lawenforcement, the investigators “followed the money” through a tortuous path, owing to the target’s use of cryptocurrency “tumblers”, “chain hopping”, and other (failed) #moneylaundering techniques.

Kudos to the Internal Revenue Service‘s Criminal Investigation group, the Federal Bureau of Investigation (FBI), the U.S. Department of Homeland Security, the United States Postal Service Inspection Service, and the Drug Enforcement Administration for its combined investigative efforts here.

#ruleoflaw #digitalforensics #digitalassets #assettracing #assetrecovery #forensicinvestigation #justice #karma #AisA