O’Ryan Johnson reports: Multiple ConnectWise partners have had their customers hit with ransomware through a software flaw that the company revealed last week with one having several end users compromised, according to a source who spoke on condition of anonymity. Tampa, Fla.-based ConnectWise confirmed that the vulnerability in ConnectWise Automate – which the company announced…
Category: Malware
Why weren’t patients told that their data was dumped publicly?
On May 13, DataBreaches.net reported that Ako ransomware operators revealed that they had attacked North Shore Pain Management in Massachusetts. The threat actors announced the attack and dumped some of the practice’s files when the medical practice did not pay their ransom demand. The data dump, consisting of more than 4 GB of more than…
UCSF updates progress recovering from ransomware attack
On June 4, I noted that NetWalker ransomware operators had reportedly added the University of California at San Francisco to their website where they name victims who have not paid their ransom demands. When I checked back today, I do not see UCSF still listed on NetWalker’s site, which is curious. But I also see…
Pennsylvania health system hit by NetWalker ransomware
NetWalker ransomware operators have added Crozer-Keystone Health System to their list of victims who have not paid their ransom demands. In a post on the threat actors’ website today, they note that they will start dumping data in six days if the Pennsylvania-based health system does not meet their demands. Their public threat does not…
Care New England website remains down; no evidence found of data exfiltration
Brian Amaral provides an update on what sounds like a ransomware attack: Care New England’s investigation into ongoing IT problems hasn’t turned up any evidence of unauthorized access to patient information, the nonprofit’s president and CEO said Wednesday. Dr. James Fanale said Care New England, which includes Kent Hospital, Women & Infants Hospital and Butler…
Cognizant reports the April ransomware attack to California
Lawrence Abrams reports: On April 17th, Cognizant began emailing their clients to warn them that they were under attack by the Maze Ransomware so that they could disconnect themselves from Cognizant and protect themselves from possibly being affected. This email also contained indicators of compromise that included IP addresses utilized by Maze and file hashes for the kepstl32.dll,…