Category: Conti ransomware

The first news headline that is trending on Google belongs to Costa Rica Government websites. Information is out that Costa Rica’s Public Health System was recently targeted by Hive Ransomware and the incident happened just after a few days of attack by Conti Ransomware Group.

Going deep into the details, Costa Rican Social Security Fund (CCSS)’s website has been pulled down as the database has been targeted by Hive Ransomware Group. It is being reported that Hive encrypted around 30 servers out of 1,500 government servers and the estimated recovery time is unknown.

It’s reported that the disruption tactics have reportedly hit the vaccination and Covid-19 tests deeply.

Previously, Conti demanded $23 million for freeing up the data from encryption, and this time Hive is demanding $11 million for not publicizing the stolen data it siphoned before encryption.

Second is the news that belongs to Switzerland-based Pharma company Novartis. A very less known hacking group named Industrial Spy is claiming to have siphoned some critical data from the company’s R&D servers and is now demanding $500,000 in Bitcoins to return it to the owners. Otherwise, they also issued a warning that they will sell that data on the dark web to interested parties.

However, Novartis claims that the data lying with Industrial Spy is not sensitive and has reassured that it will take all adequate steps not to allow such incidents soon.

The third is the news that belongs to Microsoft. The software giant claims that it has blocked cyber attacks on Israeli firms that could have possibly been generated by a hacking group named ‘Polonium’ linked to Iran’s Ministry of Intelligence and Security.

Reports are in that Polonium was using around 20 OneDrive accounts to virtual abuse Israeli Companies and as soon as it received complaints, it found out the truth that Polonium had links to Tehran and was acting according to its inputs.

Interestingly, those working for Polonium are Lebanese and are seen constantly targeting businesses from Israel and acting according to Iran’s Ministry of Intelligence and Security (MOIS).

 

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.

1.) Conti Ransomware gang reportedly hit Parker Hannifin Corporation in March this year leaking sensitive details to the public. The company that is into the manufacturing of motion control products released a press statement yesterday, stating a breach of its systems in between March 11 and March 14th this year.

Exposed details include personal info of current and former employees, dependant information of Parker’s Group Health Plans, social security numbers, DoBs, addresses, driving license details, some banking info, and insurance coverage dates.

From May 12th this year, Parker began informing all its users who have been affected by the cyber Conti Ransomware gang and assured that it will not bow down to the demands of hackers.

2.) Second, is the news related to the government of Britain: On May 12th 2022, the UK Government pledged to improve the current cybersecurity posture of its civil nuclear reactors as they were vulnerable to cyber attacks from Russian Intelligence.

Since, the Boris Johnson led government has been constantly supporting Ukraine in its war with Russia, NCSC, a cyber arm of GCHQ issued a warning that there is a high probability that all the critical infrastructure operating in United Kingdom might be targeted by digital attacks y Kremlin at any time soon.

For this reason, the Government of the United Kingdom released a National Cyber Strategy 2022 Framework under which the IT infrastructure of all the civil nuclear reactors will be strategically reviewed and bolstered if/when necessary.

Cyber Threats are not new to the government of Britain. But it has made its approach cautious in the vague of a Russian war with Ukraine.

3.) Third is the news related to Elgin County website and email services that went offline in April this year due to leak of sensitive information from a Cybersecurity incident.

Going forward into the details, officials from Elgin County state hackers accessed over 26k files and information related to about 300 people fraudulently and highly sensitive details pertaining to around 53 people were leaked in the attack. This includes health card numbers, social insurance data, financial data and health history belonging to the Elgin County.

Julie Gonyou, the CAO of the County, assured that her staff have taken all necessary precautions to avoid such incidents in future and will provide 12 months of credit monitoring and identity theft protection to all 53 individuals whose sensitive details were accessed by hackers.

 

The post Cyber Attack and Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.

Ireland Health Service (HSE) was cyber-attacked by CONTI Ransomware group in mid last year and news is now out that 80% of the data been stored on the servers of the healthcare services provider was encrypted by the said a gang of criminals.

A detailed probe launched by the US Department of Health and Human Services (HHS) says that the digital assault resulted in severe disruption of health services across Ireland and exposed about 750 GB of data related to COVID-19 vaccines. The criminals not only accessed the data but also sent the details to their remote servers operating in the Russian Federation.

A PDF linked to the probe was released to the media this week, and it states that the Conti gang infiltrated the computer networks of HSE in May 2021 by somehow evading the anti-malware solutions and the threat detection solutions.

Slowly and steadily the gang of notorious cyber criminals encrypted the IT environment of the HSE, leading to 80% of encryption within a few days’ time.

Conti ransomware gang provided a free decryption tool to Ireland’s health service department with a warning that they will sell or publish the stolen data if their demand of $20 million for ransom is ignored.

At the time of the incident, Micheal Martin, the Prime Minister of Ireland, warded off the news that the authorities will pay a ransom. He was adamant about the decision of not paying the ransom because it not only encourages crime but also doesn’t guarantee a decryption key for sure.

Unconfirmed reports from a security company titled VirusTotal stated that some criminal/s uploaded some classified data onto its scanning website that contained details such as email addresses, phone numbers, IP addresses, and physical addresses appearing to be stolen from Ireland’s National Health Care Network.

Ireland’s Government, based on the order of the Department of Justice, launched a probe into the incident and asked VirusTotal to submit the data for analysis.

And the result on whether the information truly belonged to HSE is awaited!

 

The post Conti Ransomware attack on Ireland HSE encrypted 80% of data appeared first on Cybersecurity Insiders.

All these days, Anonymous Group was releasing updates on the cyber attacks it carried out on the critical infrastructure of the Russian Federation in retaliation for Putin’s invasion of Ukraine and Finland in the coming days.

Now, Network Battalion 65, a hackers group related to the Anonymous Group, has released a media update that it infiltrated the network of Roscosmos, the space agency of Russia, and tried to disrupt the operations of some satellites.

Dmitry Rogozin, the ally of the Russian President, condemned the news and added that such fake news stories were being planted by the media run by the west.

He also confirmed that no satellites went out of control on their radar and were conducting their operations normally.

However, Network Battalion 65 claims that it used Conti Ransomware to block the operations of the space agency and steal classical data, which led to the shutdown of several satellite operations connected to imaging and vehicle monitoring systems in Russia.

Highly placed sources from a western media news outlet state that all the Russian spy satellites were taken down and the criminals weren’t ready to unlock the systems even if they are paid millions in ransom and are not bothered even if the figure exceeds double digits.

Australian Cyber Security Centre (ACSC) investigated the incident and concluded that Anonymous might have purchased Conti ransomware from a group offering RaaS services and launched it on the space agency, provided they are paid a large portion in the ransom payment.

NOTE- Roscosmos is a space corporation of the Russian Federation that’s responsible for aerospace research, satellite operations, and cosmonautic programs related to the science and technology of space shuttles.

 

The post Anonymous used Conti Ransomware to down Russian Satellites appeared first on Cybersecurity Insiders.

Panasonic Canada issued a public statement admitting a sophisticated cyber attack on its servers that occurred in February this year. The Japan-based company issued an apology for the incident and assured only its Canadian operations were affected by the malware attack.

Panasonic provided its statement through online technology resource TechCrunch and admitted that some of its processes, systems and networks were compromised.

VX-Underground, a malware research group claims that Panasonic became a victim of Conti Ransomware group’s malware spreading campaign that was into the business of distributing file encrypting malware to large organizations that could pay huge ransoms.

Thus, with the confirmation from the security firm, Panasonic Canada is the 4th firm to be targeted by Conti gang after Shutterfly, Ireland’s healthcare service firm and Fat Face.

Conti’s website claims it siphoned about 2.8 GB of data from the servers of the electronics giant and the stolen information includes HR and accounting department’s details, salary details of employees, spreadsheets and other internal sensitive material.

NOTE 1- Panasonic fell prey to another cyber attack, just within six months from the previous that occurred in November last year.

NOTE 2- Panasonic India was also hit by a ransomware in December 2020 and the hackers reportedly accessed about 4GB of data, including email addresses and financial data. During that time, Russian speaking REvil ransomware hackers were suspected to be behind the incident, as they posted on a dark forum that they were ready to sell the stolen data for $40,000 to anyone willing to pay them the said amount in virtual currency.

 

The post Conti Ransomware group targets Panasonic Canada appeared first on Cybersecurity Insiders.

Conti Ransomware gang targeted Wisconsin-based Snap-on Tools in mid-march this year, stealing 1GB files filled with sensitive data. When the victim failed to pay the ransom, they started threatening to leak the data on their website, which could lead to more trouble for the Kenosha-based company.

Snap-On did not acknowledge the incident as a ransomware genre but did agree that unusual activity was discovered on some of its computer systems compromising personal data related to the staff.

The accessed data by the Conti Ransomware gang includes social security numbers, names, Dobs, and employee identification-related material of snap-on franchisees and associates.

Interestingly, the leaked data started appearing on the Conti website at the end of March this year. However, in the past two days, the stolen information display has been pulled down from the website, suggesting a ransom payment after negotiations.

Meanwhile, information is out that the same ransomware spreading gang also targeted TrustFord UK early this month, partially affecting certain IT services of the used car dealer of Ford Motor Company.

Information Commissioner’s Office (ICO) has launched an investigation into the incident and has asked TrustFord to approach a security firm to access the effect of the cyber attack on the internal IT systems.

TrustFord websites across the UK are open and the trading of cars is going on in full swing.

ICO stated it was notified about the incident by Ford Retail, which also assured that no customer data was compromised in the incident.

NOTE- Google’s Threat Analysis Group (TAG) believes that malware access broker “Exotic Lilly” has acted as a mediator to ransomware gangs like Conti and REVIL and is seen selling access to them for money. Exotic Lilly is a hackers group, possibly linked to the Russian hacking gang Wizard Spider and gets access to the corporate network by launching phishing email campaigns. After obtaining access to different company networks, it puts access to those companies on sale. And from here, the ransomware gangs buy the data, to launch more file-encrypting malware attacks.

 

The post Conti Ransomware gang strikes TrustFord UK and Snap-on Tools appeared first on Cybersecurity Insiders.

1.) Notorious Hive Ransomware group has published details of 850,000 patient records belonging to Partnership HealthPlan of California and said that a portion of data will be sold on the dark web, if the healthcare provider doesn’t bow down to its ransom demands.

As an incident response, the Partnership HealthPlan of California says that it has set up a Gmail address for patients to respond and showed that a team of experts have been pressed to probe the incident.

A press update released by the company states that information such as email addresses, social security numbers, physical addresses of over 850,000 PII were stolen by Hive hackers and all measures were being taken to stop them from posting 400 GB data onto the dark web.

2.) Conti Ransomware group has published on the dark web that it has targeted the servers belonging to Shutterfly, an online store that sells and purchases photography related services via web.

The incident reportedly occurred in December 2021 and the threat actors gained access to their network via a Windows Domain Controller.

Online tech news resource Bleeping computer reported Conti gang encrypted over 4k devices and 120 VMware ESXi servers that stored information belonging to Shutterfly.

3.) Third, a ransomware group dubbed SunCrypt that involves in triple extortion tactics of file encryption, a threat to post data online and launching DDoS attack on victims failing to pay a ransom is doing round on internet. And as per the sources, SunCrypt Ransomware gang is back in business and is slowly picking up in 2022. Minerva Labs, a security firm has endorsed the news and added that the threat group is looking to target only large enterprises and is keeping its ransom negotiations anonymous, to stay away from the tracking radar of law enforcement agencies.

4.) Last, but not the least, is the information regarding how fast the ransomware encrypts files. Researchers from Spunk have found that most of the reputed ransomware groups encrypt servers within a matter of 5 minutes and 50 seconds to encrypt 100,000 files. And the quickest among them is LockBit Ransomware that encrypts over 100 GB data within 4 minutes 9 seconds. Other ransomware forms were found encrypting files in the following time frame- Babuk Ransomware- In 6 minutes 34 seconds for a data of 100GB; Avaddon Ransomware- In 13 minutes 14 seconds for a data of 100GB; RYUK at 14 minutes,30 seconds; REvil in 24 minutes 16 seconds and BlackMatter ransomware in a time frame of 45 minutes. DarkSide that has the history of encrypting databases of Colonial Pipeline took 47 minutes to encrypt data on the victim database and Conti Ransomware at a time of 59 minutes 23 seconds to lock down access to 54GB of data files. Maze and PYSA were slow in doing their work as they were found encrypting a 50GB data file in over 109 minutes.

 

The post Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.