Log In

Reset Password

Several notorious gangs behind cyberattacks

Experts say the attack on Bermuda is likely to involve ransomware (File photograph)

The Government has yet to confirm if last week’s cyberattack on its IT systems involved ransomware, though experts have said it is the most likely scenario.

Such attacks are carried out by criminal hackers and there are several notorious gangs which regularly claim responsibility.

David Burt said the initial indication was the “sophisticated and deliberate” September 20 attack came from “an external source, most likely from Russia”.

The Premier has not commented further on who may have carried it out, citing an ongoing investigation.

Russian hacking group ALPHV/BlackCat was responsible for a cyberattack on MGM Resorts International ten days before the breach of Bermuda’s systems.

It was reported that a range of services remained offline for days, with the breach affecting websites, online reservations, ATMs, credit card machines, slot machines and room keys at MGM Resort locations across the US.

A malware research group called VX-Underground claimed on X, formerly known as Twitter, that ALPHV compromised the multibillion dollar casino company by calling an MGM Resorts employee and having a ten-minute conversation.

The group claimed responsibility, five days after the attack, on its dark web victim blog.

In July, the same group claimed to have stolen over seven terabytes of confidential data from an NHS trust in East London.

It was reported last year that ALPHV leaked an unspecified amount of compromised data related to the Municipality of Quito in Ecuador.

Forbes described ALPHV earlier this month as "an extremely well-known black-hat actor in the cybersecurity industry“, noting that the CISA, America’s cyber defence agency, issued an alert based on an FBI flash report which said it had ”compromised at least 60 entities worldwide“.

Conti, another notorious Russia-linked gang, claimed responsibility for a ransomware attack on the Government of Costa Rica last year.

It was reported that 27 government bodies were initially targeted, while a second attack carried out by the HIVE hacking group caused chaos within the Central American country’s healthcare system.

A June 2022 article in Wired quoted threat analyst Brett Callow as saying of the Costa Rica attack: “This is possibly the most significant ransomware incident to date.

“I can’t recall another occasion when an entire federal government has been held to ransom like this — it’s a first; it’s quite unprecedented.”

The article reported that Conti demanded $10 million as a ransom payment, later upping the figure to $20 million. When no payment was made, they began uploading files stolen during the breach to Conti’s website.

The attack on Costa Rica was followed by one on Peru, affecting its finance ministry and an intelligence agency.

According to threat intelligence company Recorded Future, the Costa Rica attack ”marked the first time that ALPHV targeted a government entity located in Latin America”.

A November 2022 report from the Security Intelligence blog, which provides analysis from cybersecurity industry professionals, suggested that threat actors — those who intentionally cause harm to IT systems — may begin to target smaller countries because they would not have the resources to thwart an attack and their capacity to retaliate would be far less than larger nations.

Royal Gazette has implemented platform upgrades, requiring users to utilize their Royal Gazette Account Login to comment on Disqus for enhanced security. To create an account, click here.

You must be Registered or to post comment or to vote.

Published September 29, 2023 at 9:50 am (Updated September 29, 2023 at 9:50 am)

Several notorious gangs behind cyberattacks

Users agree to adhere to our Online User Conduct for commenting and user who violate the Terms of Service will be banned.