Lastest episode - listen now! (Full transcript inside.)
Category: ransomware
1.) A ransomware gang named Medusa is asking for a ransom of $1,000,000 from the Minneapolis Public Schools and has threatened to leak sensitive details if the victim fails to pay the demanded sum on time. MedusaLocker is a new malware variant spreading in the wild since 2021 and has so far targeted educational institutions and two manufacturing firms of electronic products.
Now, the latest victim happens to be the Minneapolis Public School District and the educational institution has made it clear that it will never pay any ransom to the hackers as it has other plans to recover data by various means.
2.) Second is the news related to IceFire Ransomware that has been targeting Windows and Linux machines for the past weeks. SentinelOne security researchers have discovered that the file encrypting malware gang has exploited a vulnerability in IBM Aspera Faspex file sharing software and has, to date, targeted machines operating in Turkey, Iran, Pakistan and the UAE.
3.) Indian Central Bureau of Investigation (CBI) has started a fresh investigation on the ammunition maker Solar Group that manufacturers ammunition and gun parts for the Indian army. A few weeks ago, BlackCat aka Alphv ransomware group alleged to have stolen about 39GB data and demanded a sum from the victim. As it did not respond positively, the gang exposed about 5GB information related to explosives, missile heads, grenades, rockets, as well as propellants.
After a complaint was launched at a police station in Nagpur City, the case was transferred to CBI and a special probe has been launched to reach to the core of the incident.
4.) Next is the news related to a Canada-based company called Black & McDonald. According to a media update, someone launched a ransomware attack against the company that manufactures equipment for military and power plants.
Neal Kelly, the spokesperson for Ontario Power Generation, confirmed the news and assured that they would reveal more details about the incident after the preliminary inquiries were over.
The post Top ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.
According to a press release of Hospital Clinic de Barcelona, the computer systems at a ransomware attack disrupted the said hospital, this cancelling nearly 90 emergency operations and disallowing 3000 patients going for a general checkup.
The attackers conducted the attack on Sunday last week, bringing down lab facilities, emergency operations and pharmacies at 3 major hospitals and external clinics to a halt.
As an efficient backup plan is in place, the major hospital of Barcelona is not intending to bow down to the financial demands of hackers.
City of Oakland is trending on google news headlines as a massive ransomware attack launched early last month has made the hackers post the stolen data onto the web this week. The sensitive details include 10GB of info including personal info like home and address, police investigation related files, bank details and criminal data of the citizens and admin employees.
There is a high possibility that the attack might have taken place last month and since the victim failed to pay the ransom on time, the criminals leaked the data onto the web on March 1st of this year.
Third is the news related to information taken out from a survey conducted by Kaspersky. A study discovered that two out of 5 servers in industrial IT environments were affected by malware in 2022 and the numbers might increase in the current and coming years.
Alarmingly, the raise in the social engineering attacks attributed to the growth rate of malware on systems of the industrial sector.
A joint operation conducted by the German and Ukraine police, in association with Europol and US FBI, has led to arrest of core members from the notorious DopplePaymer Ransomware gang, alleged to be involved in a lot of large-scale attacks since 2019.
Police authorities from Germany believe that the said group of criminals was involved in targeting around 601 companies across the globe, including 37 from the home soil and 69 from the United States.
The most heinous about this crime is that the DopplePaymer targeted University Hospital in Dusseldorf, leading to the death of a 78-year-old patient, because of delayed emergency treatment.
As per the analysis of the Federal Bureau of Investigation (FBI), DopplePaymer is the successor to BitPaymer, a malware developed by Evil Corp, an organization known to steal money from victims’ bank accounts and launching ransomware spread campaigns.
The post Ransomware Attack news headlines trending on Google appeared first on Cybersecurity Insiders.
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.
Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?
A notorious ransomware gang has claimed responsibility for a cyber attack against Vesuvius, the London Stock Exchange-listed molten metal flow engineering company.
Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!
British high street giant WH Smith has revealed that it has suffered a "cybersecurity incident," which has seen hackers gain unauthorised access to its systems, and steal data including information related to current and former employees.
Following what it called a "cybersecurity incident" three weeks ago, Canadian bookstore chain Indigo has not only confirmed that it was hit by a ransomware attack, but also that data related to current and former employees was stolen by hackers.
Read more in my article on the Hot for Security blog.
Ransomware attacks seem to surge day by day on the servers belonging to government agencies and the latest to fall as the victim is the computer network of the US Marshals Service, aka USMS. According to the update provided by the Department of Justice, the incident occurred on February 17th of this year and sensitive details such as PII of employees, administrative data, returns from legal procedures, third party documents and some information related to private detectives was accessed and possibly stolen by hackers.
Unidentified people familiar with the matter state that a single database was infected by the file encrypting malware and has been isolated from the USMS network.
Information is out that the hackers couldn’t compromise the server containing the Witness Security Files Information System database and so the possibility of impact on the threat scale might be low.
If history is considered, a similar incident targeted the servers of the US Marshalls Service in mid 2020, exposing data related to 387,000 inmates and former criminals who were released after completing their jail term. Names, criminals accessed their Date of Births, home addresses, social security numbers and, later found to be operating from Vietnam.
FBI launched an investigation on this issue and discovered that the criminals infiltrated the database after hacking a public server of USMS that keeps a log of housing and movement of prisoners.
Remediation efforts are being undertaken as the federal agency wants to mitigate the associated risks swiftly.
NOTE- United States Marshals Service is a federal law agency that operates under the directions of Attorney General and acts as an enforcement arm to the United States Federal Court to ensure a smooth flow of judiciary operations and constitutional rights.
The post Ransomware Attack on servers of the US Marshals Service appeared first on Cybersecurity Insiders.