The Impact of the Blue Yonder Ransomware Attack, Wazawaka Arrested, and Court Reverses Sanctions Against a Cryptomixer

The Impact of the Blue Yonder Ransomware Attack, Wazawaka Arrested, and Court Reverses Sanctions Against a Cryptomixer

Want to get our weekly newsletter earlier? Subscribe to receive Beacon in your inbox every Thursday at 10AM.

This Week's Roundup of the Biggest Cybersecurity Stories

US and UK Businesses Affected by Blue Yonder Ransomware Attack

A major software supply-chain company, which counts US and UK food retailers as clients is entering its second week of recovery following a ransomware attack. Hackers hit Blue Yonder impacting the company’s managed services hosted environment. Messages between Blue Yonder and customers show the company working with US-based clients to mitigate any impacts on customers. The incident was also felt by UK supermarket chains Morrisons and Sainsburys. As of yet, no ransomware gang has publicly claimed responsibility for the attack.

Wazawaka Arrested for Ties with Ransomware Gang

Russian law enforcement has arrested ransomware affiliate Mikhail Pavlovich Matveev - also known as Wazawaka - for malware development and involvement in several hacking groups. While details regarding the individual's identity have not been revealed, an anonymous source from RIA Novosti claims it's Matveev. He is accused of developing "specialized malicious software" which he intended to use to encrypt the data "of commercial organizations with subsequent ransom for decryption." 

Court Reverses Sanctions Against Cryptomixer Tornado Cash

US sanctions against cryptocurrency mixer Tornado Cash have been overturned by a federal appeal in court. Cryptocurrency mixers are popular with privacy advocates and cybercriminals alike, with the US Treasury Department targeting Tornado Cash following its alleged facilitation of a $600+ million theft of crypto assets attributed to a cybercriminal group linked to North Korea. The sanctions were overturned on the basis that the smart contracts Tornado Cash is composed of cannot technically be considered property.

The Latest from Searchlight

The 12 Days of Dark Web FAQ: A Mini Webinar Series

Join us for "The 12 Days of Dark Web FAQ" this December. We’ll release a new short video every day up until the 17th of December, answering your most frequently asked dark web questions in under 10 minutes. Watch the mini webinars each day  at 10:00-10:15 EDT (15:00-15:45 PM GMT). Register.

See your digital footprint from a criminal’s point of view with EASM

Our latest blog dives into how using a combination of external attack surface management (EASM) and dark web monitoring allows organizations to see their digital footprint from a cybercriminal's point of view. Read on.

Encrypted Communication Apps: From Telegram to EncroChat

This episode of the podcast explores the criminal underworld of encrypted communications apps and looks at more-extreme encrypted communication devices like EncroChat. Listen on Spotify, Apple Podcasts, and YouTube.

What’s your top priority when investigating threat actors?

Last week we asked our followers what their top priority was when investigating threat actors and the result was: understanding their Tactics, Techniques and Procedures (TTPs). Gathering intelligence on the methods, behaviors, and strategies of threat actors enables better attribution and profiling of cybercriminals. More importantly, it helps security teams to anticipate an adversary's future actions and improve their defenses based on the most likely methods of attack. One way that security teams do this is through the practice of threat modeling, click to link below to learn more about preparing defenses from an "attacker’s point of view". Find out more.

Further Reading

To view or add a comment, sign in

Explore topics