Free REvil Decryptor Launched

Antivirus vendor Bitdefender has launched a free universal decryption tool to help victims of REvil ransomware, also known as Sodinokibi.

The new tool, which was made available on Thursday, can restore many files impacted by the crypto-locking malware before July 13, 2021. However, the tool’s instructions include the warning that “some versions” of REvil “are not yet decryptable.”

REvil victims can download the tool and a step-by-step tutorial on how to use it via the Bitdefender website. The free decryptor is also from the No More Ransomware project, a public-private collaboration involving Europol, Dutch cybercrime law enforcement, and multiple private security firms.

Bitdefender said that the decryption tool was created in collaboration with “a trusted law enforcement partner” while the investigation into REvil’s criminal activities continues.

“Please note this is an ongoing investigation and we can’t comment on details related to this case until authorized by the lead investigating law enforcement partner,” Bitdefender said in a statement released September 16. 

“Both parties believe it is important to release the universal decryptor before the investigation is completed to help as many victims as possible.”

REvil first came on the cybercrime radar as a Ransomware-as-a-Service (RaaS) operator in April 2019 and grew to become one of the most prolific ransomware gangs on the dark web. 

After successfully extorting millions of dollars from thousands of technology companies, retailers, and managed services providers around the world, REvil’s website went down earlier this year following a major supply-chain attack on IT software provider Kaseya.

“On July 13 of this year, parts of REvil’s infrastructure went offline, leaving infected victims who had not paid the ransom unable to recover their encrypted data,” said Bitdefender.

“This decryption tool will now offer those victims the ability to take back control of their data and assets.”

Bitdefender and its unnamed law enforcement partner suspect that more attacks from REvil could be about to occur. 

“We believe new REvil attacks are imminent after the ransomware gang’s servers and supporting infrastructure recently came back online after a two-month hiatus,” said Bitdefender. “We urge organizations to be on high alert and to take necessary precautions.”

Prison for AT&T Phone-Unlocking Fraudster

A cyber-criminal who defrauded American telecommunications giant AT&T out of more than $200m through a phone-unlocking bribery scheme has been sentenced to prison.

Muhammad Fahd, a 35-year-old citizen of Pakistan and Grenada, led a seven-year conspiracy in which AT&T employees were bribed to unlawfully unlock nearly two million customers’ cell phones for profit.

The plot began in 2012 when Fahd colluded with others to recruit AT&T staff working at a call center in Bothell, Washington. The employees were bribed to use their AT&T credentials to unlock cell phones for ineligible customers.

“Unlocking a phone effectively removes it from AT&T’s network, thereby allowing the account holder to avoid having to pay AT&T for service or to make any payments for purchase of the phone,” said the Department of Justice’s Office of Public Affairs in a statement released September 16.

Fahd used the alias Frank Zhang to contact an AT&T employee through Facebook and offer them large sums of money to secretly unlock phones’ International Mobile Equipment Identity numbers (IMEIs). Fahd also asked the employee to enlist other AT&T staff in the scheme. 

The recruited employees were instructed by Fahd to establish fake businesses and set up bank accounts for those businesses. These accounts were used to give the illusion that the fraudulent payments and fictitious invoices that formed part of the scheme were genuine.

“AT&T’s forensic analysis shows the total number of cellular telephones fraudulently unlocked by members of the scheme was 1,900,033 phones,” said the Office of Public Affairs. 

“AT&T has further determined that the loss it suffered because customers, whose cellular phones were illegally unlocked, failed to complete payments for their cellular telephones was $201,497,430.94.”

When AT&T implemented a new unlocking system in 2013 that made unlocking the IMEIs harder, Fahd hired a software developer to design malware to unlock phones more efficiently and in larger numbers. Fahd then had AT&T employees install the malware on AT&T’s computer system.

Fahd was indicted in 2017 and arrested in Hong Kong in 2018. After being extradited to the US in 2019, in September 2020 Fahd pleaded guilty to conspiracy to commit wire fraud. On September 16, he was sentenced to 12 years in prison and ordered to pay restitution of $200,620,698.

More Tribes Given Enhanced Access to US Crime Data

More Native American tribes are going to be given enhanced access to critical databases containing national crime information for the United States.

In an announcement made September 16, the Department of Justice said that 12 tribes have been newly selected to participate in the Tribal Access Program for National Crime Information (TAP), bringing the total number of federally recognized participating tribes to 108.

TAP was set up in 2015 after tribal leaders raised concerns about not being able to directly access crime data held in federal systems. Using the program, tribes can view shared information for non-criminal justice purposes such as screening employees or volunteers who work with children. 

Information accessible to tribes via TAP includes data on missing persons; registered convicted sex offenders; entered domestic violence orders of protection for nationwide enforcement; criminal history checks; identified and arrested fugitives; entered bookings and convictions; and completed fingerprint-based record checks.

In 2019, the Department of Justice announced that tribal governments already participating in TAP could directly input data and gain access to the FBI’s National Sex Offender Registry (NSOR) using the Tribe and Territory Sex Offender Registry System (TTSORS).

The twelve tribes joining the program are the Confederated Tribes of the Warm Springs Reservation; Cow Creek Band of Umpqua; Fort Belknap Indian Community; Grand Traverse Band of Ottawa and Chippewa; Havasupai Tribe; Lower Brule Sioux Tribe; Menominee Tribe; Mille Lacs Band of Ojibwe; Muckleshoot Tribe; Passamaquoddy Tribe; Shingle Springs Band of Miwok; and United Keetoowah Band of Cherokee.

Under the program, the tribes will be given training as well as software and biometric/biographic kiosk workstations to take mugshots, process fingerprints, and submit information to FBI Criminal Justice Information Services (CJIS) systems.

“Timely access to federal criminal information can help protect domestic violence victims, place foster children in safe conditions, solve crimes and apprehend fugitives on tribal land, among other important uses,” said Deputy Attorney General Lisa Monaco. 

“Increasing tribal access to criminal databases is a priority of the Justice Department and this administration, and essential to many tribal government efforts to strengthen public safety in their communities.”

Cybersecurity is a huge problem. We often hear that. But have you considered that Cybersecurity also has a huge problem? Namely, the gaping gender imbalance in the workforce. Only a minority of the world’s information security workforce are women. According to one study, women in North America represent a mere 14% of the total cybersecurity workforce, while in Europe, it is up to 7%, and in the Middle East, it touches up to only 5%, which is alarming for the global cyber industry.

With so much room for growth and improvement, support for diverse leadership can go beyond providing resources for an organization’s existing team. SentinelOne is going a step further, taking a direct approach to increase diversity not only through its hiring practices and inclusive culture but also by supporting and sponsoring women in cybersecurity events.

One such event was the Women in Cybersecurity (WiCyS) Conference held last week in Denver. This conference brings together women from cybersecurity industries, academia, government, nonprofits, and research to share their knowledge and expertise while networking and mentoring. The event is a two-day conference packed with lightning talks, keynote speakers, panel discussions, workshops, Birds of a Feather sessions, and multiple opportunities to network.

SentinelOne was proud to sponsor the event, kicking it off with a powerful keynote by our Chief People Officer, Divya Ghatak, who talked about the change in culture needing to start right at the top.

Divya Ghatak, Chief People Officer, SentinelOne

“As a female leader, it’s very important for me to support a culture of diversity and inclusion at SentinelOne. It starts right at the top with our leadership team and is core to innovation and hyper-growth.” – Divya Ghatak, Chief People Officer, SentinelOne.

As an organization, gender diversity is a priority to us and we interviewed a few SentinelOne women who were fortunate to represent the company at the WiCyS conference. They spoke about their experience attending the conference and how it feels to be a part of a company that supports the initiative from the ground up. Take a look:

Megan Calidonna, Senior Technical Recruitment Manager

“Being able to sponsor and participate in an event specifically for women in cybersecurity brought me so much joy. As a recruiter, I feel blessed to be able to help guide women coming into cybersecurity.”

Cybersecurity has historically been male dominated, like most of the STEM workforce, and WiCyS has created a space that makes education, networking, and career opportunities in cybersecurity obtainable to the female population. The level of passion, excitement, and talent at this conference was unmatched. We met with women ranging from high school students to proven leaders in this space, and every person was there to empower one another to succeed. I am grateful to work alongside brilliant women who continuously inspire me and support an organization.

Resha Chheda, Director, Product Marketing

“I feel so ​​proud to work in a company with leaders who not only actively promote women in cybersecurity but also recognize the correlation between diversity and business success.”

Like it or not, it’s hard to ignore the white elephant in the room in the form of the very obvious gender imbalance in cybersecurity. I have been in cybersecurity since 2008, and more often than not, I am the only woman working on a given project. Thankfully, the gender gap has not gone unnoticed. Many companies have various initiatives to support and recruit women and empower them to succeed in their careers. WiCyS is one such conference, which provides a fantastic opportunity to meet like-minded leaders. I was blown away by a network of women ready to inspire and lead other women to their own success.

Karen Evenson, Senior Technical Writer

“I love that SentinelOne supports and encourages women to go after their dreams.”

Women in Cybersecurity mean that we have the talent and knowledge to work in a highly technical industry. My experience at the conference allowed me to meet some of these smart, highly technical women that make a difference in both the educational and industrial point of view.

Rochelle Fisher, Director of Knowledge

“I am so proud to be a part of SentinelOne, a company that is not only a top sponsor of WiCyS but also gave the conference a great keynote speaker.”

As a remote worker, meeting one of my team members in real life for the first time was the best part of the experience. And with the great sessions, joyful SentinelOne off-hours, fabulous location, and networking with people of all levels of experience and areas of impact – it is saying something to put one event at the top of the list.

Immediately after returning home, I was able to see the impact the conference had on me. A session on measuring inclusion made me more aware of how I speak with my colleagues. A session on the Dark Web made me more aware of our daily work’s impact on the people who fight crime. You can’t slack off when you know your results are, measurably, making the world a better place! And it’s much easier to communicate with the colleagues we bonded with during the conference.

Colleen Gallagher, Senior Go to Market Recruiter

“I am so proud to work for a company that is making real and tangible efforts to close the gender gap in Cybersecurity.”

I was honored to represent SentinelOne at the WiCyS conference. The best moments were greeting women as they approached the SentinelOne booth and asking them what brought them to SentinelOne.

Most said that they were moved by our Chief of People, Divya Ghatak’s keynote to learn more! The women I met were so passionate about cybersecurity! This group of women is well aware that they are part of a new wave of women entering the field, and they will surely lead the way for others.

Drea London Petter, Senior Director, DFIR

“I saw SentinelOne purple on the WiCyS partner board when they posted it on LinkedIn. It made me very proud to know that SentinelOne’s support for diversity and inclusion was not only cultural but financial as well.”

I started my career in 2003 at Defense Computer Forensics Lab. At that time, there were only three females on our entire floor – I was the only female Airman. The lack of diversity in this field has always been obvious. The margins between minorities and majorities are large, and they reach all the way to the top of the leadership chain.

The WiCyS conference shines a light on those margins and provides women of all ages the support and mentorship needed to close them. I am certainly an advocate for diversity in the workplace – but especially within my Digital Forensic and Incident Response team. As investigators, we are constantly challenged by threat actors, new malware variants, and evolving technology. Our own investigative bias can blind us and slow our ability to respond. The best way to tackle that bias is with a diverse team of investigators who can bring their own perspectives to the table each day. Regarding my experience at the conference – I knew I would love it, but what I loved most was meeting the students and prospective candidates. It was refreshing to see their excitement and passion for the industry.

Vivian Ma, Associate Product Marketing Manager

“I am immensely grateful to SentinelOne for opening up this opportunity to join and foster a community of passionate, ambitious women, create shared experiences and learnings, and advance my cybersecurity knowledge and career. What I gained from attending WiCyS will permeate into my own initiatives at SentinelOne and beyond.”

Women in Cybersecurity means bringing valuable, diverse perspectives to an industry and a challenge. We must combat motivated, innovative adversaries with an even greater degree of ingenuity and intelligence. Attending WiCyS was extremely rewarding in that I was not only able to gain a sense of inclusion and motivation from my own SentinelOne team (all of whom I had not met in person yet) but also from a community of inspiring people spanning various geographic regions, roles, levels of experience, and more.

Suzanne Portugal, Head of Education and Enablement

“I am incredibly proud to be part of a company that supports initiatives like WiCys and holds such high value in diversity and ingenuity in the workplace.”

Women in Cybersecurity is an amazing community of inspiring and collaborative professionals that come together to mentor, network, and knowledge-share with the goal of strengthening the pool of women in Cybersecurity. I was very inspired by the WiCyS conference and grateful to be part of such a great network of women.

Kate Vazansky, VP Global Technical Program Management

“I’m glad we’re a key sponsor, and I look forward to seeing SentinelOne take active, intentional steps to increase our diversity in our workforce around the world as we continue to grow at a rapid pace.”

The Women in Cybersecurity conference was a fantastic experience. The diversity was genuinely remarkable, and I really enjoyed talking to everyone who came to visit us at the career fair.

Conclusion

We as an industry still have a long way to go in creating the gender balance in cybersecurity but awareness is the first step to change. The WiCyS conference is one such avenue that helps open up new horizons for women trying to get into cybersecurity. We are glad that we had the opportunity to sponsor and contribute to the event and to continue making a difference.

Interested in Learning More About Life at SentinelOne?

Learn more about SentinelOne’s values here. Explore global career opportunities with SentinelOne here.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Building A Successful Career at SentinelOne | A Q&A With CTO Ric Smith
How To Build A Great Data Team | A Q&A With Denise Schlesinger
DarkRadiation | Abusing Bash For Linux and Docker Container Ransomware
Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare
Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger
What Is A Malware File Signature (And How Does It Work)?
6 Reasons Why Ransomware Is Not Going To Be Stopped
5 Traits of a Great Endpoint Security System