GandCrab ransomware crooks to shut up shop

By Danny Bradbury

The authors of the GandCrab ransomware strain are shutting their ransomware-as-a-service portal, allegedly walking away with a cool $150m.

The announcement appeared on a hacker forum, and cybersecurity researcher ‘Damian’ tweeted the news on 1 June.

GandCrab, which first appeared in January 2018, operated using a ransomware-as-a-service (RaaS) model – meaning the authors aren’t the only people using it (if they use it at all). Instead, they let others launch their own campaigns with it and take a small cut of the profits.

In a message on the hacking forum, the perpetrators explained that their broader community of customers had made far more money:

For all the good things come to an end. For the year of working with us, people have earned more than $2 billion.

They said that the community earned $2.5m per week on average, adding that they personally earned over $150m per year as part of the cybercrime venture.

We successfully cashed this money and legalized it in various spheres of white business both in real life and on the internet.

GandCrab is a slick operation and its logo, modern web interface, vanity Dark Web URL and unusual choice of the Dash cryptocurrency for payments gives it an innovative and professional veneer.

Read more at https://nakedsecurity.sophos.com/2019/06/04/gandcrab-ransomware-service-shuts-up-shop/

US visa applicants required to hand over social media info

By Lisa Vaas

Visa applicants to the US are now required to submit five years of social media account information.

This will give the government access to personal data we share on social media, such as photos, locations, dates of birth, dates of milestones and more.

For now, the State Department is only requesting account names. Thus, the access to social media account handles will enable the government to get at whatever data we’ve publicly shared.

No passwords required (yet)

However, the idea to request passwords has been floated in the past: In 2017, then-Homeland Security Secretary John Kelly suggested that asking for passwords was under consideration.

The US State Department already collects information on visa applicants such as previous addresses and contact information. The new policy, which went into effect on Friday, requires “most” visa applicants, including temporary visitors, to list their social media “identifiers” in a drop-down menu along with other personal information, the Hill reported.

Those social media identifiers will be used as one part of a background check that includes reviews of watchlists maintained by the US. At this point, the drop-down menu only includes the big social media platforms, though an official told the Hill that the form will soon accommodate all sites that visa applicants may use.

Visa applicants have the option of saying that they don’t use social media, but the official told the publication that lying could lead to “serious immigration consequences.”

Read more at https://nakedsecurity.sophos.com/2019/06/04/us-visa-applicants-required-to-hand-over-social-media-info/

Apple sunsets iTunes

By Lisa Vaas

Sayonara, music lovers: you won’t have Apple’s much-maligned, bloated iTunes to kick around anymore. Instead, you’ll have to aim your kicks in three directions, since Apple has decided to split its 18-year-old digital hub into three standalone desktop apps called Music, Podcasts and TV.

The move was announced on Monday at Apple’s Worldwide Developer Conference.

Splitting up iTunes into three desktop apps will be similar to how those services are already divided on iPhones and iPads. According to CNN, Apple is keeping iTunes as a standalone iOS app and on Windows PCs.

Content storefronts like iTunes have pulled disappearing acts on content before. Like, say, when Apple removed movies from its Canadian Store and left a miffed Canadian man purchased-movie-less.

Fear not (or rather, fear as much as normal, given the above content whisk-aways), for iTunes’ disappearance isn’t going to mean that your libraries or previous purchases are going up in smoke. They’ll be maintained in each new app on Mac computers, an Apple spokesperson told CNN.

Read more at https://nakedsecurity.sophos.com/2019/06/04/apple-sunsets-itunes/