—– A DataBreaches.net report by Dissent and Chum1ng0 —– Since 2018, threat actors known as “Pysa” (for “Protect Your System Amigo”) have used mespinoza ransomware to lock up victims’ files after exfiltrating a copy of them. In early 2020, alerts about these “big-game hunters” were published by both the FBI and CNIL . Since then,…
Category: Commentaries and Analyses
Suspect File updates the Blackbaud incident tally for the education sector
Courtesy of Suspect File, this update to the list of educational entities impacted by the 2020 Blackbaud ransomware incident: UPDATE (5) of 31.07.2021 (June / July 2021) Total number of people involved 7,984,697 (+5,907) In the update of 07/31/2021, 3 new Institutions affected by the Blackbaud Data Breach are added. As of 30.05 2021, the…
Westfield IT director stops what appeared to be active cyber security breach after clerk-treasurer issues third-party contract
Did a city’s IT Director stop a breach in progress or did he just interrupt a forensic investigation by a firm that had been hired but never identified to his office? Anna Skinner reports on what seems to be a case of Westfield officials either not communicating well with each other, or not trusting each…
New destructive Meteor wiper malware used in Iranian railway attack
Lawrence Abrams reports: A new file wiping malware called Meteor was discovered used in the recent attacks against Iran’s railway system. Earlier this month, Iran’s transport ministry and national train system suffered a cyberattack, causing the agency’s websites to shut down and disrupting train service. The threat actors also displayed messages on the railway’s message boards…
NC: Sandhills Center remains silent after threat actors claim to have hacked them and exfiltrated 634 GB of their files
Update of September 4: Sandhills subsequently issued a press release that indicates that they could not confirm that the data came from them. See the follow-up report here. Original post: Sandhills Center in North Carolina manages public mental health, intellectual/developmental disabilities and substance use disorder services for the citizens of Anson, Guilford, Harnett, Hoke, Lee,…
The Life Cycle of a Breached Database
Brian Krebs writes: Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look…