What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-09 20:15:00 | Canadian military: Ransomware attack on contractor didn\'t touch defense systems (lien direct) |
Canada's defense department confirmed Thursday that its systems were not affected by a ransomware attack on engineering giant Black & McDonald. Black & McDonald did not respond to repeated requests for comment, but a spokesperson for Canada's Department of National Defence told The Record that it was aware of a ransomware attack on the company. |
Ransomware | ★★★ | |
|
2023-03-08 15:55:00 | Ransomware group says it stole student data from Minneapolis Public Schools (lien direct) |
The ransomware group behind an [attack on Minneapolis Public Schools](https://therecord.media/minneapolis-public-schools-still-investigating-what-caused-encryption-event) posted a public video allegedly showing screenshots of stolen data after the school district said it was using backups to recover from the incident. The school district – which serves about 34,500 students – faced disruptions last week after a ransomware attack damaged some systems. |
Ransomware | ★★ | |
|
2023-03-07 19:05:00 | Acer says server for repair technicians accessed by hackers (lien direct) |
Taiwanese computer maker Acer has confirmed that it suffered a breach involving the leak of technician documents related to staff manuals, product model documentation and more.
In a statement Tuesday to The Record, the company said there is “no indication that any consumer data was stored on that server.”
“We have recently detected an incident of unauthorized access to one of our document servers for repair technicians,” the company said, noting that the investigation is ongoing.
The statement comes after someone offered 160GB of data for sale on a hacker forum that they claimed came from Acer.
The person selling the database said it had "confidential presentations,” manuals and binaries as well as information on phones, tablets and laptops. The post also says replacement digital product keys and more are included in the database.
Acer has faced several data breaches in recent years, including a headline-grabbing ransomware attack in 2021 that involved a [$50 million ransom demand](https://therecord.media/ransomware-gang-demands-50-million-from-computer-maker-acer) from the REvil cybercrime group. The attack hit the company's back-office network.
The hardware giant also suffered breaches in [2021](https://therecord.media/acer-confirms-second-security-breach-this-year) and [2012](https://www.databreaches.net/acer-india-hacked-20000-user-credentails-leaked/) that involved customer details and login information for Indian retailers and distributors as well as 20,000 user credentials.
Acer is the sixth-largest personal computer maker in the world, with a market share of roughly 6% of all global sales. The company reported [total revenue](https://www.prnewswire.com/news-releases/acer-reports-december-consolidated-revenues-at-nt-22-89-billion-up-21-1-month-on-month-301716400.html#:~:text=9%2C%202023%20%2FPRNewswire%2F%20%2D%2D,ended%20at%20NT%24275.43%20billion.) of about $9 billion in 2022. |
Ransomware | ★★★★ | |
|
2023-03-07 17:55:00 | Northern Essex Community College remains shuttered after cyberattack (lien direct) |
A Massachusetts community college has closed its doors for a second day after a cyberattack took down significant parts of its network.
Northern Essex Community College serves more than 6,000 students across Massachusetts and southern New Hampshire, with campuses in Haverhill and Lawrence.
A spokesperson for the school told The Record that they did not know if the attack was ransomware, and claimed they “do not have evidence of any personal data being compromised.” On Tuesday, the school confirmed it would not open for the day.
“The college will remain closed for business on Tuesday, March 7, 2023. We are still working through details and continuing to put protections in place. We are aiming to be operative by Wednesday, March 8, 2023,” the school [said](https://northernessex.cc/2023/03/necc-update-march-6-2023/?fbclid=IwAR3RRdDFTarOk8sFesOBBOdaJs2bR3YAnuaEsArHPpDLVQDoFuMRqCI5ktI) on a temporary website created after the cyberattack.
“All employees with a NECC laptop should cease using their laptops and are asked to bring their computers in as soon as possible and leave them in your office so that our IT team can install protection-clients and perform forensics.”
The statement adds that remote work will be suspended for the rest of the week due to issues with VPN access, but employees of the college will be required to come to their offices. Microsoft Office 365, Zoom and some web-based services are still functioning, the college said.
On Sunday, the college [said](https://northernessex.cc/2023/03/necc-announcement-mar-5-2023/) it became aware of unauthorized access to its network on or around March 1 and later noticed that several systems were no longer working.
The college contacted law enforcement and cybersecurity experts to help with an investigation. They urged students and employees to regularly change passwords and said anyone whose information may have been accessed will be contacted with guidance.
The attack is the latest in a run of incidents affecting colleges across the U.S. The year started with Massacusets-based Bristol Community College informing students that it was [struggling to recover](https://therecord.media/massachusetts-school-district-community-college-dealing-with-fallout-from-ransomware-attack) from a damaging cyberattack in late December.
Since then, Emsisoft ransomware expert Brett Callow said at least 10 colleges have been hit with ransomware or cyberattacks, including last week's attacks on colleges in Tennessee and Louisiana.
Callow noted that the number of reported ransomware incidents affecting post-secondary schools and K-12 school districts in the U.S. is slightly worse than in previous years, with 13 ransomware incidents reported by the end of February 2021 and 15 attacks [by the end of February 2022](https://www.emsisoft.com/en/blog/43258/the-state-of-ransomware-in-the-us-report-and-statistics-2022/).
“By the end of February this year, there were 19 incidents. The yearly numbers have remained very similar too, having remained within the range of 84 - 89 incidents per year since 2019,” Callow told The Record.
“It's clear that we're not getting a handle on ransomware in the education sector. In fact, the problem may even be getting worse.” |
Ransomware | ★★ | |
|
2023-03-07 14:40:00 | One leader for Cyber Command, NSA has \'substantial benefits,\' report says (lien direct) |
The head of U.S Cyber Command and the National Security Agency testified Tuesday that the two entities should continue to share a leader, citing the conclusions in a recent high-level review that has yet to be shared with the public.
In [written testimony](https://www.cybercom.mil/Media/News/Article/3320195/posture-statement-of-general-paul-m-nakasone/) to a Senate panel, Army Gen. Paul Nakasone directly quoted the review of the “dual hat” leadership structure, which has existed since Cyber Command was established in 2010.
The report found “'substantial benefits that present compelling evidence for retaining the existing structure,'” according to Nakasone, who took over both organizations in 2018. Momentum for splitting the roles increased during the Trump administration.
The Record first reported that the Biden administration had tapped former Joint Chiefs of Staff Chairman Joseph F. Dunford Jr. to lead the review. The team [concluded without a policy recommendation](https://therecord.media/review-of-nsa-cyber-command-leadership-structure-ends-without-official-recommendation) on maintaining or splitting the arraignment, but it leaned heavily toward keeping the two conjoined, despite long-held concerns that the positions are too much for a single person.
Nakasone also wrote that the review “highlighted” CYBERCOM and NSA's work defending U.S. elections from foreign interference, fighting ransomware operators and bolstering the military's other combatant commands as reasons to keep the two together.
Nakasone, one of Cyber Command's original architects, said publicly last year that he met with Dunford's study group and “had an opportunity to share my views.”
“Success in protecting the national security of the United States in cyberspace would be more costly and less decisive with two separate organizations under two separate leaders,” Nakasone wrote in his testimony for the Senate Armed Services Committee.
“The enduring relationship is vital for both organizations to meet the strategic challenges of our adversaries as they mature their capabilities against the United States,” he added.
|
Ransomware Guideline | ★★★ | |
|
2023-03-07 13:05:00 | Israel blames state-sponsored Iranian hackers for ransomware attack on university (lien direct) |
Israeli cybersecurity officials on Tuesday blamed hackers sponsored by the Iranian government for a ransomware attack on the country's leading technology university.
The attack in February forced the Israel Institute of Technology, also known as Technion, to postpone exams and shut down its IT systems. The incident followed what Israeli defense officials said were dozens of attempted Iranian cyberattacks over the past year.
Hackers from a previously unknown group calling itself DarkBit claimed responsibility in a note left on Technion's systems demanding 80 bitcoins ($1.7 million at the time) to enable the university to recover its files.
The note was unusually ideological, criticizing “an apartheid regime” and stating: “They should pay for their lies and crimes, their names and shames. They should pay for occupation, war crimes against humanity, killing the people (not only Palestinians' bodies, but also Israelis' souls) and destroying the future and all dreams we had.”
Israel's National Cyber Directorate on Tuesday attributed the attack to a threat group tracked as MuddyWater, which last year U.S. Cyber Command linked to the Iranian Ministry of Intelligence and Security.
British and American authorities subsequently issued a warning about the hacking group, saying it was targeting a “range of government and private-sector organizations across sectors - including telecommunications, defense, local government, and oil and natural gas - in Asia, Africa, Europe, and North America.”
While Israel and Iran have never been in a declared war against each other, the countries have repeatedly blamed each other for cyberattacks targeting civilian infrastructure, including a steel plant in Iran. Iranian hackers have been blamed for attacks on water systems in Israel.
The attack on the university in Haifa is not the first time that Iranian state-sponsored hackers have been linked to ransomware incidents. A French-Venezuelan cardiologist called Moises Luis Zagala Gonzalez was charged by the U.S. Department of Justice last year with developing the Thanos ransomware and allegedly boasting about it being used by Iranian government-linked hackers.
Another advisory issued in 2022 by cyber authorities in the United Kingdom, United States, Australia and Canada - members of the Five Eyes intelligence alliance - warned that “cyber actors affiliated with Iran's Islamic Revolutionary Guard Corps are exploiting vulnerabilities to launch ransomware operations against multiple sectors.” |
Ransomware Threat Guideline | ★★ | |
|
2023-03-06 14:03:00 | Vice Society ransomware group claims German university as latest victim (lien direct) |
The Vice Society ransomware group added the Hamburg University of Applied Sciences (HAW Hamburg) to its leak site this weekend following an attack that the institution said took place late last year.
HAW Hamburg is one of several German-speaking institutions with a focus on applied sciences to be targeted by ransomware gangs in recent months.
In [a statement](https://www.haw-hamburg.de/fileadmin/PK/PDF/Infos_Art._34_DS-GVO_final.pdf) sent to all employees and students, the university said the attack was on December 29, describing a ransomware incident without using the term itself. The school has about 16,000 students.
“The attackers worked their way manually from decentralized IT systems via the network to the central IT and security components of HAW Hamburg. They also gained administrative rights to the central storage systems via this attack path and thus compromised the central data storage,” the statement explained.
“With the administrative rights obtained, the encryption of various virtualized platforms and the deletion of saved backups were finally started,” it added.
The university warned that “significant amounts of data from various areas” were copied, including usernames and “cryptographically secured” passwords, email addresses and mobile phone numbers.
Despite describing the compromised passwords as “cryptographically secured” the IT team recommended that students and staff change their passwords “for all internal university applications,” adding “in particular, change your password for Microsoft Teams and avoid using passwords that you have already used before.”
The university said it had to rebuild its IT systems, including the existing Microsoft cloud environment, and was “trying to restore a backup of the email data from the old mail server as of December 14.”
Following the attack, HAW Hamburg's IT security said it had “received several reports from students about attempts to log on to Internet portals such as Amazon and eBay by unauthorized third parties.”
“After reviewing all previous reports, and taking into account the attacker group's previous approach, it can be ruled out that the login attempts are related to the security incident at HAW Hamburg or the attacker group,” the team added.
Back in January the Vice Society ransomware group [claimed responsibility](https://therecord.media/vice-society-ransomware-gang-claims-attack-on-one-of-germanys-largest-universities/) for a November attack against the University of Duisburg-Essen in Germany.
Then in February the University of Zurich, Switzerland's largest university, announced it was the target of a “serious cyberattack,” which a spokesperson described to The Record as “part of a current accumulation of attacks on educational and health institutions.”
The week before, the [Harz University of Applied Sciences](https://www.n-tv.de/regionales/sachsen-anhalt/Hochschule-Harz-nach-digitalem-Angriff-offline-article23885755.html) in Saxony-Anhalt, [Ruhr West University](https://www.hochschule-ruhr-west.de/hrwoffline/), and the [EU/FH European University of Applied Sciences](https://www.eufh.de/hochschule/pressemitteilung) all announced being impacted by cyberattacks.
|
Ransomware Guideline Cloud | ★★ | |
|
2023-03-06 14:02:00 | Thousands of appointments canceled after ransomware hits major Barcelona hospital (lien direct) |
A ransomware attack on the city of Barcelona's main hospital has forced thousands of appointments to be canceled, officials announced Monday.
The Hospital Clinic de Barcelona was attacked Saturday, with computers across the institutions' numerous laboratories, clinics and emergency room shut down. Its website was unavailable on Monday.
Officials said that 150 non-urgent operations were canceled on Monday alongside up to 3,000 patient checkups, including radiotherapy visits, because staff can't access patients' clinical records, reported the [El País newspaper](link).
The Ransom House gang - which lists semiconductor company AMD as a previous victim, claiming to have sold data stolen by its "partners" - was responsible for the attack, according to the regional Catalonian Cybersecurity Agency. The gang itself claims on its leak site to “have nothing to do with any breaches” and doesn't “produce or use any ransomware.” It describes itself as a “professional mediators community.”
Segi Marcén, telecommunications secretary for the regional Catalonia government, said that no extortion demand had yet been received but that the hospital would not be making a ransom payment even if one was.
“We will not pay a cent,” Marcén said. Ransomware gangs typically threaten to release stolen data publicly if an extortion payment doesn't come by a certain deadline. As of Monday, nothing from the hospital was on Ransom House's leak site.
Marcén added that the regional government was “focusing on recovering the information” impacted by the attack, although it was not yet clear whether the hospital's data backups were also compromised, El País reported.
Staff at the hospital have been forced to write on paper and do not have access to electronic patient data-sharing systems. The facility's press department announced that urgent cases are being diverted to other hospitals.
“We can't make any prediction as to when the system will be back up to normal,” the hospital's director, Antoni Castells, told journalists, adding that there was a contingency plan to keep services functioning for several days although he hoped the system would be fixed sooner.
Tomàs Roy, the general director of the Catalan Cybersecurity Agency, said the attackers “have used new attack techniques,” but didn't specify what they were.
Recovering from the attack will be “gradual,” reported El País, as IT staff will need to ensure that systems aren't restored while the attackers maintain some access to the system. |
Ransomware | ★★ | |
|
2023-03-06 14:01:00 | Ransomware gang posts breast cancer patients\' clinical photographs (lien direct) |
The ALPHV ransomware group, also known as BlackCat, is attempting to extort a healthcare network in Pennsylvania by publishing photographs of breast cancer patients.
These clinical images, used by Lehigh Valley Health Network as part of radiotherapy to tackle malignant cells, were described as “nude photos” on the criminals' site.
Lehigh Valley Health Network disclosed on February 20 that it had been attacked by the BlackCat gang, which it described as linked to Russia, and stated that it would not pay a ransom.
“Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical,” said the network's president and chief executive, Brian Nester.
Nester added that the incident involved “a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information.”
At the time of the original statement, Nester said Lehigh Valley Health Network's services - including a cancer institute and a children's hospital - were not affected.
However the network's website is currently inaccessible. The Record was unable to contact the network for further comment following its listing on the ALPHV [.onion](https://en.wikipedia.org/wiki/Tor_(network)) website.
Onlookers have been revolted by the attempt to leverage the sensitivities around cancer treatment and intimate images to extort the organization.
Max Smeets, an academic at ETH Zurich - a public research university - and the director of the European Cyber Conflict Research Initiative, [wrote](https://twitter.com/Maxwsmeets/status/1632654116320075776): “This makes me so angry. I hope these barbarians will be held accountable for their heinous actions.”
"A new low. This is sickening," [wrote](https://twitter.com/rj_chap/status/1632465294580133888) malware analyst Ryan Chapman, while Nicholas Carroll, a cybersecurity professional, [said](https://twitter.com/sloppy_bear/status/1632468646873165824) the gang was “trying to set new standards in despicable.”
ALPHV itself celebrated the attack and the attention it brought.
“Our blog is followed by a lot of world media, the case will be widely publicized and will cause significant damage to your business. Your time is running out. We are ready to unleash our full power on you!”
Numerous healthcare organizations have been attacked by ransomware gangs in recent months. The criminal industry persists because of victims who pay, sometimes because their businesses face an existential threat, and sometimes to avoid the negative publicity.
Medibank, one of Australia's largest health insurance providers, stated last November that it would not be making a [ransom payment](https://therecord.media/medibank-says-it-will-not-pay-ransom-in-hack-that-impacted-9-7-million-customers/) after hackers gained access to the data of 9.7 million current and former customers, including 1.8 million international customers living abroad.
The information included sensitive healthcare claims data for around 480,000 individuals, including information about drug addiction treatments and abortions. Outrage at the attack prompted the government to [consider banning](https://therecord.media/australia-to-consider-banning-ransomware-payments/) ransomware payments in a bid to undermine the industry.
Back in January, the hospital technology giant [NextGen Healthcare](https://therecord.media/electronic-health-record-giant-nextgen-dealing-with-cyberattack/) said it was responding to a cyberattack after ALPHV added the company to its list of victims. |
Ransomware Malware | ★★★ | |
|
2023-03-04 13:00:00 | A year of wipers: How the Kremlin-backed Sandworm has attacked Ukraine during the war (lien direct) |  Last November, several Ukrainian organizations were targeted by a new type of ransomware called RansomBoggs. Its operators sent infected computers a ransom note written on behalf of James P. Sullivan - the main protagonist of the animated film Monsters, Inc. In the note Sullivan, whose job in the movie was to scare kids, asked for [… |
Ransomware | ★★★ | |
|
2023-03-03 19:57:24 | U.S. government warns of Royal ransomware attacks against critical infrastructure (lien direct) |  The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory Thursday warning vulnerable organizations of an increased threat posed by Royal ransomware. The guidance is the second warning the U.S. government has issued about Royal ransomware in recent months. In December, the U.S. Department of Health and Human Services (HHS) warned hospitals [… |
Ransomware Threat | ★★★ | |
|
2023-03-03 17:11:07 | Oakland officials say ransomware group may release personal data on Saturday (lien direct) |  The government of Oakland acknowledged on Friday that the ransomware group responsible for the cyberattack on city systems is planning to publish the information it stole. On Thursday evening, the Play ransomware group said it was behind the wide-ranging attack, writing on its leak site that it planned to publish sensitive stolen data on Saturday. [… |
Ransomware | ★★ | |
|
2023-03-01 20:46:22 | Canadian book giant says employee data was stolen during ransomware attack (lien direct) |  Toronto-based Indigo now says that employee data was accessed in a ransomware incident last month. The LockBit gang claims it was the perpetrator |
Ransomware | ★★ | |
|
2023-03-01 18:56:46 | Washington state public bus system confirms ransomware attack (lien direct) |  Pierce Transit, which serves the Tacoma area, said a ransomware attack disrupted systems and necessitated some temporary workarounds |
Ransomware | ★★ | |
|
2023-03-01 00:34:26 | Victims of MortalKombat ransomware can now decrypt their locked files for free (lien direct) |  Cybersecurity firm Bitdefender released a universal decryptor for the MortalKombat ransomware – a strain first observed by threat researchers in January 2023. The malware has been used on dozens of victims across the U.S., United Kingdom, Turkey and the Philippines, according to a recent report from Cisco. Bogdan Botezatu, director of threat research and reporting [… |
Ransomware Malware Threat | ★★ | |
|
2023-02-28 21:26:32 | US Marshals Service becomes latest law enforcement agency hit by hackers (lien direct) |  The U.S. Marshals Service said it was struck by ransomware last week in an attack that affected systems holding sensitive law enforcement data and personally identifiable information related to several suspects. U.S. Marshals Service spokesperson Drew Wade told NBC News late on Monday evening that after consulting with senior officials at the agency, it was [… |
Ransomware | ★★ | |
|
2023-02-28 19:30:13 | DISH tells SEC that ransomware attack caused outages; personal info may have been stolen (lien direct) |  Satellite broadcast giant DISH told the SEC on Tuesday that a ransomware attack is what caused “system issues” that occurred over the weekend. In an 8-K form filing, DISH confirmed rumors that they had been hit with ransomware, warning that on Monday they became aware that “certain data was extracted from the Corporation's IT systems [… |
Ransomware | ★★★ | |
|
2023-02-27 20:46:33 | Minneapolis Public Schools still investigating what caused \'encryption event\' (lien direct) |  Thousands of students in Minneapolis returned to school on Monday after a ransomware attack crippled the school's systems all of last week |
Ransomware | ★★ | |
|
2023-02-24 17:24:24 | Oakland says 311, business license systems still down, but National Guard is helping (lien direct) |  IT experts from the California National Guard and other state agencies are helping Oakland deal with a crippling ransomware attack |
Ransomware | ★★★ | |
|
2023-02-23 14:38:49 | Food producer Dole confirms ransomware attack (lien direct) |  Dole confirmed the incident following a report that an attack had forced some of the company's production plants to close |
Ransomware | ★★ | |
|
2023-02-21 19:19:19 | LockBit gang takes credit for attack on water utility in Portugal (lien direct) |  The LockBit ransomware group has taken credit for a cyberattack on Águas e Energia do Porto - the water utility for the city of Porto |
Ransomware | ★★★ | |
|
2023-02-21 13:16:28 | Irish TV broadcaster says attempted hack will affect programming (lien direct) |  Virgin Media Television, the Irish broadcaster, said on Monday that an attempted hack was going to impact its programming in coming days. The nature of the attack has not been specified, although a spokesperson told The Record it was not a ransomware attack. In a statement the company described identifying “an unauthorized attempt to access [… |
Ransomware Hack | ★★★ | |
|
2023-02-17 21:03:38 | Semiconductor industry giant says ransomware attack on supplier will cost it $250 million (lien direct) |  Applied Materials said that a ransomware attack on part of its supply chain would cost it $250 million in the next quarter |
Ransomware | ★★ | |
|
2023-02-17 13:14:19 | Expect more sanctions and hacking operations on ransomware groups, top Justice official says (lien direct) |  Deputy Attorney General Lisa Monaco said the feds will continue to use sanctions and hacking operations as tools against ransomware groups |
Ransomware | ★★★ | |
|
2023-02-15 21:35:27 | ESXiArgs ransomware has infected hundreds of new targets in Europe, researchers say (lien direct) |  More than 500 European organizations are dealing with new infections of the ESXiArgs ransomware, according to Censys |
Ransomware | ★★ | |
|
2023-02-15 18:44:59 | State of emergency as City of Oakland grapples with ransomware attack (lien direct) |  The City of Oakland has declared a state of emergency one week after a ransomware attack hampered local government operations. In a statement on Tuesday, interim City Administrator G. Harold Duffey said he was issuing the declaration “due to the ongoing impacts of the network outages resulting from the ransomware attack” that began February 8. [… |
Ransomware | ★★ | |
|
2023-02-14 21:59:11 | MortalKombat ransomware found punching targets in US, UK, Turkey, Philippines (lien direct) | Organizations in the U.S. and elsewhere have been hit with the new MortalKombat ransomware, according to researchers at Cisco Talos |
Ransomware | ★★ | |
|
2023-02-14 20:54:27 | Tonga is the latest Pacific Island nation hit with ransomware (lien direct) |  Tonga’s state-owned telecommunications company has been hit with ransomware, it warned customers on Monday. Tonga Communications Corporation (TCC) – one of two telecoms companies in the country – published a notice on Facebook saying the attack may slow down administrative operations. “Ransomware attack has been confirmed to encrypt and lock access to part of TCC's [… |
Ransomware | ★★ | |
|
2023-02-14 18:53:13 | Ransomware attacks on industrial infrastructure doubled in 2022: Dragos (lien direct) |  The number of ransomware attacks on industrial infrastructure grew significantly in 2022, according to cybersecurity firm Dragos |
Ransomware Industrial | ★★★ | |
|
2023-02-14 13:48:55 | ALPHV (BlackCat) ransomware gang claims attack on Irish university (lien direct) |  A darkweb post by the ALPHV ransomware group purports to include employee records from Munster Technological University |
Ransomware | ★★ | |
|
2023-02-13 21:03:20 | Israel\'s top tech university postpones exams after ransomware attack (lien direct) |  Hackers from a previously unknown group called DarkBit demanded about $1.7 million from the Technion technical university. |
Ransomware | ★★ | |
|
2023-02-10 21:43:54 | City of Oakland hit with ransomware attack, but says \'core functions\' are intact (lien direct) |  The City of Oakland confirmed reports that its networks had been hit with ransomware after rumors emerged online that several agencies were having issues with systems on Thursday. City officials did not respond to requests for comment but released a statement on Friday afternoon saying the ransomware attack began on Wednesday night. “The Information Technology […] |
Ransomware | ★★ | |
|
2023-02-10 21:09:22 | More than 18,500 ESXi servers still vulnerable to VMware bug behind initial ransomware spree (lien direct) |  Rapid7 said 18,581 VMware ESXi servers are still exposed to CVE-2021-21974 - a 2-year-old bug being exploited by the ESXiArgs ransomware |
Ransomware | ★★ | |
|
2023-02-10 19:45:08 | December ransomware attack leads to massive data breach from California health network (lien direct) |  Facilities within California's Heritage Provider Network reported a data breach related to a ransomware attack in December |
Ransomware Data Breach Guideline | Heritage Heritage | ★★★ |
|
2023-02-09 22:25:22 | Mount Saint Mary College confirms December ransomware attack (lien direct) |  Mount Saint Mary College – a liberal arts college in New York – confirmed it experienced a ransomware attack in December after a cybercrime group publicly shared details about the incident this week. The Vice Society ransomware gang, a group known for dozens of attacks on K-12 schools as well as colleges and universities, claimed [… |
Ransomware | ★★ | |
|
2023-02-09 13:34:05 | Britain and US make major move against ransomware gangs by sanctioning seven individuals (lien direct) |  The sanctions documents formally link the Conti and Ryuk ransomware gangs and the Trickbot banking trojan to a single criminal organization |
Ransomware | ★ | |
|
2023-02-08 17:14:52 | CISA publishes recovery script for ESXiArgs ransomware as Florida courts, universities reel (lien direct) |  CISA adapted work by two Turkish developers into a script for recovering files affected by ESXiArgs ransomware without having to decrypt them |
Ransomware | ★★★★ | |
|
2023-02-08 00:34:48 | First Linux variant of Clop ransomware targeted universities, colleges but was flawed (lien direct) |  The first Linux variant of the Clop ransomware was rife with issues that allowed researchers to create a decryptor tool for victims. SentinelOne researcher Antonis Terefos said his team observed the first Clop (also stylized as Cl0p) ransomware variant targeting Linux systems on December 26. Clop has existed since about 2019, targeting large companies, financial institutions, [… |
Ransomware Tool | ★★ | |
|
2023-02-07 21:17:45 | Russian crypto exchange exec pleads guilty to laundering Ryuk ransomware funds (lien direct) |  A Russian man pleaded guilty on Monday in an Oregon court on charges related to laundering funds for the Ryuk ransomware group. Denis Dubnikov was arrested in November 2021 in the Netherlands before being extradited to the U.S. last August. Prosecutors accused him, along with 13 co-conspirators whose names were redacted in a federal indictment, [… |
Ransomware Guideline | ★★★ | |
|
2023-02-07 19:19:38 | House approves cybersecurity research bill focused on energy infrastructure (lien direct) |  The U.S. House of Representatives on Monday passed a bill that would provide funding for cybersecurity research with a focus on protecting the country's energy infrastructure. The Energy Cybersecurity University Leadership Act - inspired by the ransomware attack on Colonial Pipeline and several other incidents - proposes grants and other forms of funding to graduate [… |
Ransomware Guideline | ★★★ | |
|
2023-02-07 14:18:24 | LockBit ransomware group threatens Royal Mail with data leak deadline (lien direct) |  The LockBit cybercriminals told the British mail service it has until February 9 to pay up to protect data apparently stolen in January |
Ransomware | ★★★ | |
|
2023-02-06 14:28:11 | \'Massive\' new ESXiArgs ransomware campaign has compromised thousands of victims (lien direct) |  Thousands of servers running an unpatched version of VMware's ESXi product are vulnerable to ransomware, researchers say |
Ransomware | ★★ | |
|
2023-02-02 15:54:42 | QNAP warns of new bug prompting worries of potential Deadbolt ransomware exploitation (lien direct) |  QNAP is warning customers to update their devices after a vulnerability was discovered making thousands of devices susceptible to attack |
Ransomware Vulnerability | ★★ | |
|
2023-02-02 13:57:35 | Ransomware gang attempts to extort UK school by posting files about at-risk children (lien direct) |  The Vice Society group apparently posted files that included safeguarding reports, which record information about at-risk students |
Ransomware | ★★ | |
|
2023-02-01 18:46:19 | \'Global markets\' impacted by ransomware attack on financial software company (lien direct) |  A ransomware attack on Dublin-based software company ION Group has impacted the trading of financial derivatives on international markets. ION Group describes itself as enabling “financial institutions, central banks and corporations to digitize and automate their most business critical processes.” A pop-up notice on its site on Wednesday warned that “a cybersecurity event” that struck [… |
Ransomware | ★★★ | |
|
2023-02-01 17:12:21 | K-12 schools in Tucson, Nantucket respond to cyberattacks (lien direct) |  The disruptions to school networks in Arizona and Massachusetts follow a string of similar K-12 ransomware incidents |
Ransomware | ★★ | |
|
2023-01-31 19:00:45 | LockBit takes credit for November ransomware attack on Sacramento PBS station (lien direct) |  The LockBit ransomware group this week said it was responsible for a November ransomware attack on a public broadcasting affiliate in Sacramento, California. The high-profile cybercrime gang made the claim on the dark web site where it leaks victims’ data. The PBS station KVIE announced the attack on November 23, noting that some of its [… |
Ransomware | ★★★ | |
|
2023-01-31 14:01:13 | British government minister told council to keep quiet after ransomware attack (lien direct) |  An unnamed British government minister told the leader of Redcar and Cleveland Borough Council to keep quiet about the impact of a “catastrophic” ransomware attack two years ago, a parliamentary committee was told on Monday. The pressure from central government to not discuss the impact of the attack “caused us a lot of issues,” said [… |
Ransomware Guideline | ★★ | |
|
2023-01-30 22:00:28 | Ransomware attack on Indianapolis Housing Agency leaks sensitive info on 200,000 residents (lien direct) |  The Indianapolis Housing Agency is notifying more than 200,000 people that their information, including Social Security numbers and more, was leaked during a ransomware attack in that began in September. The federally-funded agency is responsible for providing housing to low-income tenants across Indianapolis. It did not respond to requests for comment in October when the [… |
Ransomware | ★★★ | |
|
2023-01-27 20:45:09 | Ransomware experts laud Hive takedown but question impact without arrests (lien direct) |  The Justice Department’s splashy announcement of the takedown of the Hive ransomware group’s infrastructure on Thursday was reminiscent of other recent high-profile operations against the scourge of ransomware. But the details of the operation set it apart from other ransomware group takedowns in recent years. FBI Director Christopher Wray said agents with the FBI's Tampa [… |
Ransomware | ★★ |
To see everything:
Our RSS (filtrered)
