Ionut Ilascu reports: Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware. The threat actor did not leave a note explaining the move and all of a sudden replaced all the victims on their leak site with a short instruction on how…
Category: Malware
Nearly 73,500 patients’ data affected in ransomware attack on eye clinic in Singapore
Kenny Chee reports: A ransomware attack earlier this month has affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic, the third such reported incident in a month. The information included names, addresses, identity card numbers, contact details and clinical information such as patients’ clinical notes and eye scans,…
Advisories are published, but are enough entities reading them and taking precautions?
Three advisories have been released this week about threat actor groups. One involves ALTDOS, one involves HIVE, and one involves the “OnePercent Group,” whose name may not sound familiar to many. ALTDOS (Joint Advisory) It appears that ALTDOS is getting some serious attention from Singapore’s CSA and other agencies in Singapore. These threat actors who…
AZ: 200 Kingman residents affected by city’s cyber attack; cause still not determined
AP reports: A recent investigation into a massive cyberattack against the city of Kingman shows that up to 200 residents had their personal information breached, yet the city still can’t explain how their system was infiltrated. Kingman city officials said the completed investigation revealed that a “limited number” of residents’ information were affected by the…
Update on Eskenazi Health Cyber Incident
Eskenazi has issued an updated notice about their security incident. They talk about “if they find” PII or PHI, but the reality is that this site already saw and reported that there was such information in the data dumped by Vice Society. From this site’s perspective, the only question is how many employees and patients…
Pysa threat actors’ script shows exactly the files they’re after
Lawrence Abrams reports: A PowerShell script used by the Pysa ransomware operation gives us a sneak peek at the types of data they attempt to steal during a cyberattack. […] Yesterday, MalwareHunterTeam shared a PowerShell script with BleepingComputer used by the Pysa ransomware operation to search for and exfiltrate data from a server. This script is designed…