Cash for Cyber Crooks: US Gov Drops $15M Bounty on ALPHV Ransomware Gang

Ready for a cyber manhunt? The US is playing “Who Wants to be a Multi-Millionaire,” offering up to $15 million for ratting out the ALPHV ransomware ringleaders. It’s like a bounty hunter gig, but with less dirt and more data. #InfosecInBrief

Hot Take:

It’s like the Wild West out there, folks, except instead of gunslingers, we’ve got cyber-gangsters, and instead of wanted posters, we’ve got the U.S. government slapping bounties on digital desperados. The latest outlaw to make the most-wanted list is the ALPHV/Blackcat ransomware gang, with Uncle Sam coughing up a cool $15 million for snitches willing to risk getting some digital stitches. And if you’re a Siemens user, better patch up faster than a cowboy with a hole in his chaps. Meanwhile, EncroChat snitches keep sending baddies to the hitching post, and Colorado’s public defenders just got digitally hogtied. Yeehaw, cyber frontier justice!

Key Points:

  • The U.S. State Department is offering a $15 million bounty for help in taking down the ALPHV/Blackcat ransomware gang.
  • ALPHV, which targets critical infrastructure, shrugged off a DOJ and FBI disruption, proving it’s as resilient as a cockroach in a nuclear fallout.
  • Siemens devices are riddled with vulnerabilities like Swiss cheese with holes, so get patching before you’re left with digital holes.
  • The ghost of EncroChat continues to haunt Europe’s criminal underworld, landing a former footballer a 30-year vacation behind bars.
  • Colorado’s Public Defender’s Office is the latest victim of ransomware, proving that justice may be blind, but it’s not immune to cyber shenanigans.
Cve id: CVE-2024-22042
Cve state: PUBLISHED
Cve assigner short name: siemens
Cve date updated: 02/13/2024
Cve description: A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.

Cve id: CVE-2024-23816
Cve state: PUBLISHED
Cve assigner short name: siemens
Cve date updated: 02/13/2024
Cve description: A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application.

Cve id: CVE-2023-51440
Cve state: PUBLISHED
Cve assigner short name: siemens
Cve date updated: 02/13/2024
Cve description: A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.

Need to know more?

Who Wants to Be a Millionaire: Cyber Edition

The U.S. government's bounty program is like a high-stakes game show for cyber snitches, where the prize for ratting out the ALPHV/Blackcat ransomware gang could set you up for life. Although the FBI played whack-a-mole with the gang's website and released a decryption tool, ALPHV bounced back like a bad pop song on the radio. Now, they're taking aim at critical infrastructure worldwide, proving that cybercriminals also believe in the motto "Go big or go home."

Swiss Cheese Security: Siemens Edition

Siemens users are getting a reality check with the discovery of vulnerabilities that are as critical as your morning coffee. It's a buffet of security flaws that could let attackers stuff their faces with your data, and the only antidote is a heavy dose of patching. If you're running on Siemens, it might be time to play cybersecurity whack-a-mole yourself.

EncroChat: The Gift That Keeps on Giving

The infamous EncroChat hack is like a crime drama boxset with new seasons dropping regularly. The latest twist in the tale? A former Scandinavian footballer-turned-drug-runner gets benched for 30 years, thanks to the ever-giving EncroChat leaks. In the underworld, EncroChat has gone from VIP lounge to Titanic faster than you can say "encrypted messaging."

Ransomware Rodeo in Colorado

Poor Colorado public defenders. They're just trying to do their jobs, and bam! Ransomware decides to play judge, jury, and executioner to their network. With systems offline and no access to email or court documents, these legal eagles are left flapping their wings in frustration. The attackers are still at large, and the ransom demands remain a mystery as deep as what's at the bottom of a cowboy's spittoon.

The Unnamed State and the Unnamed Crooks

It's a tale of cyber intrigue featuring unnamed state governments and dastardly crooks. A former employee's admin credentials become the skeleton key to the state's digital kingdom, leading to a data heist worthy of a Hollywood script. But the real kicker? No multifactor authentication. That's like leaving your front door unlocked and wondering why you got burgled. Let's hope this thriller has a sequel where MFA saves the day!

Tags: bounty program, Critical Infrastructure Attacks, EncroChat convictions, MFA importance, public sector cyberattack, ransomware gang, Siemens Vulnerabilities