DailyPost 2760
DAIXIN RANSOMWARE GANG
As in the physical world, the cyber world also has gangs. It would be strange if the most popular cybercrime of the day did not have any gangs, i.e., ransomware. Hacking is the new normal has slowly become a truism to the extent that the organisation breached upon has a history of getting hacked and gang doing it also generally has very chequered cybercrime history. This is where we have reached, and the road ahead does not look any better, likely it’s going to be worse. What nature of upgrade police forces across the world need today and also the right industry support is an important dimension to be acted upon at the earliest.
The latest victim in the Daixin ransomware gangs’ attacks has been the one on Omni hotels. As is the present system of proclaiming an attack, the hotel chain was added to Daixin Team’s dark web leak site. It was two weeks after the massage outage Omni had faced. On 2nd of April Omni confirmed that a cyber-attack was the root cause behind the outage. It impacted reservation, hotel room lock and the point of sale (POS) systems. Claiming this attack to be their mastermind, the Daixin Team is now threatening to publish sensitive customer information if a ransom is not paid.
Though the name of the Hotel is added to the site yet they have as yet not published any proof on their site. Omni Hotels and Resorts on learning of this cyber-attack have acted with alacrity. They immediately took “steps to shut down its systems to protect and contain its data.” Of the certain systems brought down offline for this purpose, most of them have been restored. The investigation being conducted with a leading cybersecurity response team is still ongoing. The company has not divulged the nature of the attack but as BleepingComputer the hotel chain was hit by a ransomware attack and it was manually restoring encrypted servers and backups.
It also says that in all likelihood Daixin would soon leak information allegedly stolen from the compromised servers of Omni Hotels. This leak would include “all records of all visitors from 2017 to the present.” Based on the information divulged by the company so far, the database dump stolen includes 3,539,089 records. In Oct 2022, CISA and FBI warned that Daixin would target the healthcare and public health sector. This group has been associated with many cases in this sector. They indulge in double extortion too. Daixin targets networks by exploiting known vulnerabilities or using compromised VPN credentials. Previously, it has disclosed a data breach caused by malware infecting point-of-sale device in 2016.
RANSOMWARE GANGS ARE MODERN DAYS’ SUPER MAFIAS.
Sanjay Sahay
Have a nice evening.