David Oberly of Blank Rome writes: Today, data breaches continue to proliferate at a rapid pace, often spurring consumer class action litigation in their wake. Oftentimes, a successful data breach suit can empty a corporate defendant’s coffers. For example, Equifax was recently forced to shell out $575 million to settle a major data breach class…
Category: Commentaries and Analyses
Nefilim Ransomware Attack Uses “Ghost” Credentials
Dan Kobialka reports: Sophos researchers have discovered a Nefilim ransomware attack in which an unmonitored account belonging to a deceased employee was used to infiltrate more than 100 systems. During the cyberattack, a Nefilim threat actor exploited vulnerable Citrix software, Sophos indicated. The actor gained access to the Citrix admin account and stole the credentials for a domain…
Chainalysis in Action: U.S. Authorities Disrupt NetWalker Ransomware
There are a number of entities who can take a bow for their part in yesterday’s news about NetWalker. Read Chainanalysis’s post about their role: Today, the U.S. Department of Justice (DOJ) announced a coordinated international law enforcement action to disrupt the NetWalker ransomware, including the seizure of nearly half a million dollars in cryptocurrency, the disablement…
NetWalker ransomware leak site seized (UPDATE2)
At some point within the past 24 hours, the dedicated ransomware leak site operated by NetWalker ransomware threat actors was seized by law enforcement. The notice says that it was seized by the FBI in coordination with the U.S. Attorney’s Office for the Middle District of Florida, the Computer Crime and Intellectual Property Section of…
Deepfakes Expose Cracks in Virtual ID Verification
One of the things I have come to understand from reading research reports from GeminiAdvisory.io is that criminals are quite nimble and creative as conditions change, the market changes, or new security protocols are adopted. So now that financial institutions, cryptocurrency exchanges, and businesses deploy more sophisticated techniques to verify identity virtually, how are criminals…
NC: Haywood County Schools Sends Data Breach Notices for August Ransomware Attack
Becky Johnson reports: Hundreds of current and former Haywood County Schools employees got letters this month informing them their private information could have been compromised in a cyberattack against the school system. A cybercriminal ring hacked the school’s servers in August and attempted to blackmail the school system into paying a ransom in exchange for…