Category: ransomware

A ransomware named Play hit an entire judiciary system, therefore forcing the officials to shut down the IT systems since August 13th 2022. Argentina Judiciary of Cordoba is a government-based service that was hit by the malware last week, forcing the officials to use pen and paper for submitting official documents and to purview other administrative tasks.

Cadena 3, a news resource from Argentina, confirmed the attack on the Judiciary system and stated that a cyberattack contingency plan was activated to recover the IT systems and online portal from the pangs of the digital attack.

Microsoft, Cisco, Trend Micro and a third-party firm were hired to investigate the attack, confirm sources.

How the ransomware entered the IT infrastructure of the Court of Cordoba is apparently being investigated, as unconfirmed sources suspect the hand of an insider. As all the encrypted files are ending with (.) play extension, Argentinian Cadena 3 concluded that the attack could have been targeted by Play Ransomware group that was first discovered in June 2022.

The other news that is related to ransomware and trending on Google is about a water utility that supplies drinking water to customers.

South Staffordshire water utility claims that cyber criminals belonging to a noted extortion gang tried their best to compromise the water being supplied to Cambridge Water and South Staffs water customers. However, the cyber criminals failed to take over the control of the supply systems, as the water utility was having robust cyber security measures in place to tackle and neutralize such incidents.

CLOP Ransomware gang is suspected to be behind the attack, as they have posted some stolen documents on the dark web, alleging to have siphoned from the servers of South Staffordshire.

More details are awaited!

 

The post Play Ransomware attack news and Extortion Attempt on Water utility appeared first on Cybersecurity Insiders.

NHS Ransomware attack news has been trending on the Google search engine for the past few days and, as per some report’s security experts, believe that the recovery from the ransomware attack might at least a month for the NHS. As most of the records supplied by Advanced software company like Adastra- a patient management software and eFinancials- a finance management software was deeply infected.

The details of the malware infection emerged when NHS launched an inquiry on the disruption of NHS 111 servers, a medical advice related telephone & online service that is rendered to patients in urgency.

UK government is busy investigating the incident and has taken the issue seriously, as it has disrupted services related to ambulance dispatching, patient referrals, appointment bookings, emergency prescriptions severely.

Second is the news related to a SOVA software that has added ransomware capabilities to itself to evolve into a malicious software that encrypts files on mobile devices.

It is revealed that the malware has taken down over 200 banking and crypto currency targets till date and is aiming to siphon sensitive data from the user’s browser cookies. It blocks the victim from uninstalling by remaining concealed.

Mobile Security firm Cleafy has been tracking down SOVA since Sept’2021 and confirms that the malware has developed into a new malicious software since March this year. By adding 2FA interception, cookie steal, taking screenshots, performing clicks and swipes, copy and pasting files and mainly targeting Gmail, GPay and Google Password manager with substantial code refactoring tactics.

Third is the news related to a new threat actor SolidBit that is actively promoting Ransomware as a service and is interested in recruiting new affiliates via the dark web. Security researchers from CloudSEK have discovered that the group is only interested in taking control of corporate networks and has launched a new ransomware variant with the same name.

Fourth is the news related to 7-Eleven convenience stores that issued a public statement via Facebook confirming a hacker attack on its servers. According to the 7-Eleven Denmark statement, the store that is operating as a business chain was hit by a ransomware group in the early hours of Monday morning. Coincidently, the malware attack took place on the day when the business completed 8 years of operations and that’s really disappointing.

On August 14th, 2022 OneTouchPoint, fondly known as OTP, issued a public statement confirming a ransomware attack that took place on its servers on April 28th, 2022. After the investigation, it was determined that hackers stole details such as individual names, member IDs, and health related info from the servers of OTP. However, there is no valid proof that the siphoned data was used for malicious purposes till date.

 

The post Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.

United States Federal Bureau of Investigation has issued a high alert about a ransomware group named Zeppelin that has been targeted by big corporations operating in US and Europe. News is out that the ransom demand put forward by those involved in Zeppelin spread is huge and is touching double-digit figures of thousands and sometimes up to $2 million in USD.

Taking history into account, Zeppelin was first discovered in the year 2019 and was identified as VegaLocker ransomware. It targeted networks of healthcare firm across North America and Europe.

Suddenly, it slowed down in its activities and became subtle for a few months. Then in the year 2020, it re-emerged as a new ransomware dubbed Zeppelin and targeted organizations that are in education, manufacturing, and defense sectors.

Mainly the actors involved in the said file encrypting malware spread are using phishing, SonicWall vulnerabilities and Remote Desktop Protocols to drop the payloads and were also found targeting NHS employees by passing down infectious macros oriented documents.

So, after analyzing the details of the ransomware spread, FBI has identified Zeppelin as a “Well Organized Cyber Threat” and is encouraging victims to report details about the incident to CISA, or local FBI office or the US Secret Service at a USSS Field Office.

NOTE- In a statement issued by the FBI last week and totally unrelated to Zeppelin, the Biden administration is ready to offer a reward of $10 million to those who give valid intelligence on the Conti Ransomware gang. Those who give the tip-off about the gang leading to arrest will also be paid $5 million, regardless of the country the criminals are living.

 

The post Zeppelin Ransomware alert issued by FBI appeared first on Cybersecurity Insiders.

Ransomware is to blame for the closure of all 175 7-Eleven stores in Denmark on Monday. The retailer closed all of its stores in Denmark after its cash registers and payment systems were brought down in the attack. Initially, 7-Eleven’s Danish division did not say that ransomware was responsible for its problems, simply describing the […]… Read More

The post Ransomware attack blamed for closure of all 7-Eleven stores in Denmark appeared first on The State of Security.

A ransomware attack on a software services provider of UK named ‘Advanced’ is said to have affected the patients of NHS and National Cyber Security Centre in coordination with Information Commissioner’s Office are busy finding the scale of impact the cyber incident could create on the health services provider.

Currently, the identity of the attacker has been withheld, as the investigation is yet to be concluded.

In what is known to our Cybersecurity Insiders, all those customers using Adastra, Caresys, Odyssey, Carenotes, Crosscare, Staffplan and eFinancial software were deeply hit by the attack. And sources confirmed the incident took place on August 4th of this year and for that reason, the NHS 111 was down for days.

NHS that oversees medical services of over 250,000 people across 1,230 hospitals hasn’t reacted to the incident on an official note. However, the spokesperson assured a detailed press release after the preliminary inquiries are completed.

As many critical care patient admissions were hit serious because of the glitch in administrative software, the IT staff are taking all measures to recover from the incident at the earliest.

Government of the UK that is currently busy in picking up its next prime minister has taken a note of the situation and issued a red alert across the kingdom as they do not want to repeat the repercussions seen in the 2017 WannaCry ransomware attack.

As Advanced provides IT and software services to around 42 acute n mental health trusts in Britain, it has hired a third-party forensic firm to investigate the incident to the core.

 

The post NHS Ransomware attack to be seriously probed appeared first on Cybersecurity Insiders.

In May this year, noted networking technology provider Cisco was targeted by a ransomware group that demanded millions to free up data from encryption. On August 10th 2022, Cisco released a press statement that the cyber-attack it experienced a few months ago was targeted by Yanluowang Ransomware Group, that has a history of stealing critical information and disrupt computer operations for its victim for many weeks.

The good news is that the American conglomerate company contained the malware spread on time and blocked the threat actors from sneaking more into the network. But the bad news is that the cyber crooks entered the network and accessed some details related to employees.

After Prima facie, Cisco concluded that no sensitive customer data or employee info was accessed or stolen by Yanluowang, unlike what is being speculated in a certain section of media.

After seeing the press notification of Cisco, hackers behind Yanluowang ransomware group released a portion of data that they allege to have stolen from the American technology company.

Cisco Security Incident Response Team, in coordination with Cisco Talos, launched an investigation deeply and concluded that the Yanluowang gang compromised an employee credential after gaining access to the personal BOX account of the said employee. But found no guilty of the employee as the account details were siphoned from a browser extension. Perhaps an inquiry is pending in this matter!

Cisco Talos concluded Yanluowang was tied up to other group of threat actors, including UNC2447 and Lapsus$ threat group.

 

The post Yanluowang Ransomware Attack on Cisco confirmed appeared first on Cybersecurity Insiders.

Research carried out by Reversing Labs suggests that a new ransomware is invading government related Linux Systems in South Korea and the malware is mainly targeting industries and pharmaceutical companies.

Cybersecurity researchers from Reversing Labs suggest the ransomware name is GwisinLocker and is probably being developed and distributed by a state funded group of North Korea.

“Gwisin” means Ghost or Spirit in Korea and evidence gathered shows that the malware was being created by a little-known threat actor with the same name.

Like all other ransomware variants, Gwisin is also indulging in double extortion tactics. Like first stealing data from the servers of the victim and then encrypting the entire database until a ransom is paid.

The exact amount that is being demanded is yet to be known. But information is out that the victims of GwisinLocker. Linux victims need to log on to the website of the said ransomware group to either negotiate or pay the ransom. And as the website is only accessible through dark web, Reversing Labs could not authenticate the exact amount being demanded by the hackers.

NOTE 1- All the encrypted PCs hit by Gwisin are termed as Gwisin Ghosts.

NOTE 2- According to 2021 research conducted by Cisco Talos, each month around 13 new ransomware variants are detected. And every month at least one or two groups quit the business. All because of the increased surveillance conducted by the law enforcement agencies on cryptocurrency payments by increasing vigil on the blockchain network.

 

The post New ransomware targeting critical Linux Servers in South Korea appeared first on Cybersecurity Insiders.

1.) First news is about a cyber attack on two energy companies operating in Luxembourg. According to the web, two energy firms Creos and Enovos, both business units of Encevo Group, were targeted by a ransomware attack on the night of July 22 this year. However, electricity and gas supply weren’t disrupted by the digital disruption.

The ransomware group that targeted Encevo remains a mystery, as the European energy operator is not willing to disclose before the completion of a security investigation, which might take two full weeks from now on.

2.) Solana Networks that help in building applications and software related to blockchain infrastructure and cryptocurrency have admitted via Twitter that threat actors have siphoned money worth $5 million from user wallets that can be a resultant of tinkering of block explorer.

It is worth noting that the cyber attack details are still unfolding and might take a bigger landscape in the coming days. So far, investigations made by blockchain audit firm OtterSec have revealed that the attack has resulted in account drains of over 8000 users and the count is still on.

3.) Third is the news related to ransomware. A German company named Semikron that is into the manufacturing of electronics was recently targeted by LV Ransomware variant and the ransomware operators are threatening to release the stolen 2TB data related to the company if their ransom demands are not taken seriously.

Semikron has informed the German Federal Office for Information Security about the incident and also hired a 3rd party security firm to investigate the incident.

4.) Fourth is the news related to a European Missile Making company dubbed MBDA which has denied all hacking allegations made on the dark web last month. The arms maker denied any cyber incident hitting its IT infrastructure to steal 60GB of data related to the R&D and said that some hackers were deliberately spreading misinformation on the dark web about the hack of its servers, that did not take place in real.

Law enforcement authorities from Italy are investigating the incident and the staff of MBDA are offering their full cooperation to track down the culprits.

5.) China’s ride operator DIDI was slapped with a fine of $1.3 billion by the Chinese Cybersecurity Regulator for violating Cybersecurity related data laws in the region. The year long probe finally ended after the Cyberspace Administration of China (CAC) considered DIDI disrespecting 3 major data laws regarding data protection and security.

CAC discovered in its investigation that the ride service offering company was taking the screen shot information of its users through its smartphone camera and was also collecting images and videos of its users without their knowledge or consent. Since it was using all the collected data for a facial recognition project, it clearly breached the privacy laws prevailing in the region and so was supposed to pay a hefty penalty.

6.) In July last week of this year, South Korean Smartphone maker Samsung announced the introduction of a new feature into its new Galaxy smart phones. The feature dubbed as “Repair Mode” will be introduced into all the upcoming models of Galaxy to ensure utmost protection to the personal data while the device is being repaired by a repair technician.

Repair Mode of Samsung Galaxy devices will allow users to disclose what type of data needs to be exposed to the repairing person and what should be kept as private.

7.) Finally, this news is about a ransomware report compiled by Menlo Security. It was discovered in a survey that at least a third of organizations have experienced a ransomware attack once a week, with every 1 among them experiencing the attack once in a day.

Ransomware study conducted by Menlo Security also found that security professionals were coming under immense pressure as businesses were facing sophisticated threats like ransomware attacks, that is making them worried as their employees, despite repeated warning, were still found clicking on links or malicious attachments.

 

The post Cyber Attack related 7 news headlines trending on Google appeared first on Cybersecurity Insiders.