Category: ransomware

Minneapolis Public Schools recently fell victim to a ransomware attack, resulting in the unauthorized release of sensitive student information on the internet. The perpetrators, a group specializing in file encrypting ransomware, have taken to dumping files online, exposing details such as cases of sexual assault, abusive parent records, psychic treatment data, and instances of truancy (unjustified absenteeism).

In response to the data leak, a distressed student pleaded with school authorities to take immediate action. The public disclosure of deeply personal information, including incidents like bedwetting and sleep crying, has caused immense distress and sleepless nights for the victims, as their friends and peers now have access to this information, leading to potential public humiliation.

The breach occurred in March of this year when hackers targeted Minneapolis Public Schools, compromising the data of approximately 36,000 students. The school administration refused to pay the demanded ransom of $1 million, prompting the hackers to release around 300,000 files onto the internet. These files have since been circulated on social media platforms like Telegram, attracting attention from smaller hackers seeking monetary gain.

Reports indicate that similar cyberattacks have occurred in other school districts earlier this year, raising concerns among students in San Diego, Des Moines, Tucson, and Arizona regarding the security of their personal information stored on school servers.

According to a study conducted by Recorded Future, ransomware gangs stole nearly 5 million student records in the United States during 2021. This alarming figure underscores the escalating threat posed by ransomware attacks, making it imperative for educational institutions to take proactive measures to protect their student and staff data from malware infiltration.

To enhance cybersecurity, schools are being strongly advised to implement various preventive measures. These include securing online assets through indemnification and limiting access, ensuring up-to-date software installations, exercising caution when handling emails and messages containing links, accessing only secure websites, promoting basic cyber hygiene practices among employees, storing data backups separately, deploying tools that block malicious domains and provide alerts, and regularly reviewing and enhancing cybersecurity protocols.

By prioritizing robust security measures, educational institutions can effectively safeguard sensitive student information, thwarting the escalating threat of ransomware attacks and preserving the privacy and well-being of their students and staff.

The post Minneapolis Public Schools Faces Data Leak Following Ransomware Attack appeared first on Cybersecurity Insiders.

Granules, the Indian Pharmaceutical company that manufactures Paracetamol has released an official statement that a ransomware attack that targeted its servers last month has resulted in substantial loss of revenue and profitability.

As per the details available to our Cybersecurity Insiders, a noted ransomware group targeted Drug maker on May 25th and the information security incident brought in financial loss that could hit the profit margin to a great extent this year.

Currently, the production of the drugs is going slow, however, the IT staff has restored the pro-duction to normal to a great extent and are sure that the dispatching of stock will return to nor-malcy by early next week.

Granules India has made an official statement that it did not pay any ransom to the criminals and instead recovered the encrypted data through a backup plan.

NOTE- Cyber criminals indulging in malware spread are involving in double extortion tactics were they first steal a portion of data and threaten the victim of encrypting the entire database until a ransom is paid. In case, the victim fails to pay the ransom on time or doesn’t pay heed to the demand, they sell the stolen data for monetary benefits. FBI released a press statement in November 2020 that the victims should not pay the ransom, as it not only encourages crime, but also doesn’t guarantee a decryption key for sure. Also, there is an apparent threat that the ransomware spreading gang can also target the same victim twice or thrice in the same year.

The post Paracetamol maker Granules India hit by ransomware attack appeared first on Cybersecurity Insiders.

A new ransomware named ‘8Base’ is on the prowl and seems to be only targeting companies that do not show seriousness in protecting information of their customers and employees. The said ransomware gang that is into the tactic of double extortion appeared first in March 2022 and remained silent thereafter. However, for the past two months, the criminals are showing a lot of interest in shaming their victims on their blog, sometimes 6 in a day.

According to a report formalized by VMware’s security wing Carbon Black, 8Base Ransom-ware has links to a cyber criminal group dubbed RansomHouse and is into the world of extortion and associated with the hackers linked to another cybercrime group FIN8.

Since, June’ 23, 8Base has targeted more than 67 victims, mostly businesses operating in Brazil and the United States. And is busy seeking opportunity to target firms connected with various industries by September this year.

Malwarebytes threat detection team that followed the criminals confirmed that they are behind businesses that are into manufacturing and construction sector and have downed computer net-works of over 43 companies till date, with more to follow.

On the other hand, news is out that Microsoft will soon announce a special ransomware repel-ling feature for Windows 11 PCs that will block malware attacks of any range by December this year. However, it is unclear whether the new ransomware thwarting feature will be available to individual licenses or only the bulk ones connected in the network.

Additionally, there is no news on how different will be the new feature from the already existing feature of Microsoft Windows Security or whether it will available as a separate download or will be integrated into the current security solution via a special software update.

The post 8Base Ransomware targets only companies neglecting privacy of employees and customers appeared first on Cybersecurity Insiders.

After the military group named Wagner took over the supremacy realms from Putin for a brief period in the last weekend, a new ransomware is said to be threatening all Windows machines operating in the Russian federation.

Wagner ransomware has started taking down computers operating on Microsoft software and is pleading the victim to join the paramilitary group that is getting ready to take down Shoigu, the military general leading Vladimir Putin army.

A note posted on the infected computers urges the victim to stop tolerating the atrocities of authorities and is urging them to wage a war against Shoigu, the Minister of Defense.

Cybersecurity firm Cyble has confirmed the news and added that the malware was written in Russian language and suggests that it was developed to take down systems of Moscow that waged war against Ukraine since February 24th,2022.

Wagner is a private army that is led by Yevgeny Prigozhin and operates beyond law and has powers to take down the government. All these days, the forces from Wagner were used abroad in various intelligence operations and succeeded to a certain extent. But now the group that is linked to far-right extremism and Neo-Nazism has become a fodder for the international media as its policies are going against the Putin led govt and are strongly condemning the national war against Kyiv.

Surprised by the oppose Putin administration is find ways to tackle and bring the situation under control and suspect that some western force is influencing their paramilitary forces to the core.

Currently, there is no news regarding who build Wagner Ransomware, and the military group hasn’t taken the responsibility of the development. However, Reddit is buzzing with a talk that those behind the spread of Chaos Ransomware could be involved in the file encrypting malware filled cyber-attack.

The post Wagner Ransomware targets Russian Computers operating on Windows appeared first on Cybersecurity Insiders.

With the increasing prevalence of smartphones in our daily lives, they have become an integral part of our communication, productivity, and personal data storage. However, as the digital landscape evolves, so do the threats that target our devices. One such threat is smartphone ransomware, a malicious software that can wreak havoc on our digital lives. In this article, we will explore the concept of smartphone ransomware, its potential consequences, and most importantly, the measures you can take to protect yourself from this growing menace.

Understanding Smartphone Ransomware: Smartphone ransomware is a form of malware that encrypts the data on a device and holds it hostage until a ransom is paid to the attacker. This malware can infiltrate your smartphone through various means, such as malicious apps, infected websites, or phishing emails. Once infected, the ransomware takes control of your de-vice and restricts access to your files, photos, and even your entire device, rendering it virtually unusable.

Consequences of Smartphone Ransomware: The consequences of falling victim to smartphone ransomware can be severe. Here are a few potential risks:

1.    Data Loss: Ransomware can encrypt your valuable data, making it inaccessible until you pay the ransom. If you don’t have a backup, you may lose important files, personal photos, or sensitive documents forever.
2.    Financial Loss: Attackers often demand payment in cryptocurrencies, making it difficult to trace and retrieve the funds. Paying the ransom not only encourages further at-tacks but also provides no guarantee that your files will be decrypted.
3.    Privacy Breach: Ransomware can potentially expose your personal and financial in-formation, as attackers may gain unauthorized access to your device during the infection process.

Protecting Yourself from Smartphone Ransomware: While smartphone ransomware poses a significant threat, you can take proactive steps to minimize the risks. Consider the following preventive measures:

1.    Update Software: Keep your smartphone’s operating system, apps, and antivirus soft-ware up to date. Regular updates often include security patches that address vulnerabilities exploited by ransomware.
2.    Exercise Caution: Be mindful of the apps you download and the websites you visit. Stick to reputable app stores, and carefully review user ratings and reviews. Avoid clicking on suspicious links or downloading files from un-trusted sources.
3.    Install Antivirus Software: Utilize a reliable mobile security solution that can detect and prevent ransomware infections. These tools often include real-time scanning and provide an extra layer of protection against malicious apps and websites.
4.    Backup Your Data: Regularly back up your smartphone data to an external source, such as cloud storage or a computer. This ensures that even if your device is compromised, you can restore your files without paying a ransom.
5.    Enable Device Lock and Encryption: Protect your device with a strong password or biometric authentication. Enable encryption settings to safeguard your data from unauthorized access.
6.    Educate Yourself: Stay informed about the latest cybersecurity threats and best practices. Understand common phishing techniques and learn how to identify suspicious emails or messages. Education is a powerful tool in preventing ransomware attacks.

Conclusion

Smartphone ransomware is a growing concern in our increasingly digital world. By understanding the nature of the threat and implementing preventive measures, you can significantly reduce the risk of falling victim to this malicious software. Stay vigilant, keep your software up-dated, and follow best practices for mobile security. By doing so, you can enjoy the benefits of your smartphone without worrying about ransomware compromising your valuable data.

The post Smartphone Ransomware: Understanding the Threat and Ways to Stay Protected appeared first on Cybersecurity Insiders.

Numerous gas and fuel filling stations throughout Canada experienced significant disruptions in processing credit card and reward points-based payments due to a cyber attack on Suncor Energy, the parent company. The attack, suspected to be a form of ransomware, affected a substantial number of systems within the leading synthetic crude oil producer.

While Suncor Energy has not explicitly confirmed the ransomware attack, it acknowledged the incident as a digital assault that impacted its operations. As a result, more than 900 out of a total of 1,500-1,600 gas stations were affected, leading to the inability to process digital transactions. The disruption also impacted the “Carwash Season Pass” service, leaving many customers unable to utilize their regular subscriptions, thereby prompting requests for refunds from the Canadian Oil Company.

In April of this year, a Russian ransomware group called Zarya targeted a Canadian energy company, a fact confirmed by the US Pentagon. Security experts speculate that the recent attack on Suncor Energy may be linked to hackers sympathetic to the ongoing Russian-Ukrainian conflict that commenced on February 24, 2022, and shows no signs of resolution.

NOTE- Ransomware is a form of malware that encrypts data within an infected database until a ransom is paid. In some cases, this type of attack involves double extortion, where hackers steal a portion of the data and hold the remaining information hostage. If the victim fails to pay the ransom within the stipulated time frame, the hackers may proceed to sell the stolen data on the dark web. Additionally, some victims may be targeted multiple times within a year, especially if they pay the initial ransom in exchange for a decryption key. Criminal gangs behind such attacks may then demand further cryptocurrency payments under the threat of tarnishing the company’s image among its partners, customers, and clients.

The post Ransomware attack hits Suncor Energy disrupting fuel station payments across Canada appeared first on Cybersecurity Insiders.

A student of Whitworth University has brought a class action against the university for not keeping student and staff data safe from a ransomware attack that occurred in 2022..

The legal case was slapped against the institute for causing unnecessary anxiety over the loss of privacy and about potential abuse of the data.

Patrick Loyola is the student who filed the suit as the University failed to protect the data storage servers that stored highly sensitive information about former and present students.

Since a breach of violation was witnessed regarding the Washington Consumer Protection Act, the lawsuit obtained importance and could revolutionize the future course of action taken against all cyber-criminal gangs that spread file-encrypting malware and encrypt the servers until a ransom is paid in cryptocurrency.

If we take history into account, a patient of a hospital filed a lawsuit against healthcare for failing to treat her in an emergency, as all the digital information holding systems were compromised in July 2020.

A student has launched legal action against an educational institute in the latest case.

NOTE 1– In August 2022, Whitworth released an official statement that it fell prey to a malware attack that led to fraudulent access of over ONE Terabyte of data. LockBit group was suspected to be behind the incident and a few media resources reported that Whitworth bowed down to the demands of hackers and so could recover the siphoned data on time.

NOTE 2– According to a GuidePoint Security latest GRIT Report, new ransomware groups are emerging into the scene every month, as the operations of old ones are subsiding for various reasons. Malas, 8Base, Rancoz, Blacksuit, Big Gamer, Bolt, Steward, MobileMal are some of the newly released malware versions that can wipe out the encrypted server if the situation demands.

 

The post Student Sues Whiteworth University for Ransomware Attack appeared first on Cybersecurity Insiders.

Nope, says a renowned international bank from UK. Instead, the ransom pay can be covered from a cyber insurance policy, provided it is taken prior to the launch of the attack and covers the costs associated with the malware attack.

Moreover, paying a ransom in a ransomware attack is generally discouraged for several reasons:

No guarantee of decryption: There is no guarantee that paying the ransom will result in the recovery of your files or the decryption of your systems. Attackers may not fulfill their promis-es even after receiving payment.

Funding criminal activities: Paying a ransom contributes to the profitability of ransomware attacks, encouraging cybercriminals to continue their illegal activities and target more victims.

Legal and ethical implications: Paying a ransom could potentially put you in violation of laws and regulations, depending on your jurisdiction. Additionally, it can perpetuate a cycle of crim-inal behavior that undermines the security and stability of the digital ecosystem.

Instead of considering payment, it is advisable to take the following steps if you’ve been affected by a ransomware attack:

Report the incident: Contact your local law enforcement agency or a cybercrime reporting or-ganization to report the attack. They can provide guidance on how to proceed and may be able to assist in the investigation.

Notify your bank: Inform your bank about the situation and work with them to protect your accounts and prevent any fraudulent activity.

Seek professional assistance: Contact a reputable cybersecurity firm or IT professional who can help you assess the impact of the attack, remove the malware, and recover your systems and data, if possible.

Enhance security measures: Strengthen your security measures to prevent future attacks. This may include regularly updating software, using strong passwords, implementing multi-factor authentication, and educating employees about cybersecurity best practices.

Remember, prevention is key when it comes to ransomware attacks. Regularly backing up your important data, staying vigilant for phishing attempts, and keeping your systems up to date with the latest security patches can significantly reduce the risk of falling victim to such attacks.

The post Can we get loan to pay ransom in ransomware attacks appeared first on Cybersecurity Insiders.