Bridgit Sullivan writes: Phobos is a type of Advanced Encryption Standard (AES) ransomware that was first seen in October 2017 but became increasingly active in 2019. Also referred to as Phobos NextGen or Phobos Not Dharma, Phobos ransomware is extremely similar to the Dharma and Crysis ransomware family due to the same Dharma codebase. It…
Category: Commentaries and Analyses
VA sending letter to 1,501 Montana vets about business associate ransomware incident
The Great Falls Tribune reports: The U.S. Department of Veterans Affairs Veterans Health Administration on Thursday announced actions taken to protect veterans’ personal information following a recent privacy breach involving files from the Montana VA Health Care System. Officials said they were notified June 4, by former contractor Benefits Recovery Specialists Inc. of “a data…
Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements
There’s been a rare sighting of a 2020 HHS settlement of HIPAA charges. An almost 10-year old report of what would be a relatively small breach led to an investigation that uncovered persistent failures to implement the HIPAA Security Rule. From HHS: Metropolitan Community Health Services (Metro), doing business as Agape Health Services, has agreed…
Inside REvil Extortionist “Machine”: Predictive Insights
A new paper by AdvIntel is out, and it looks at the psychology of REvil, something that it obviously of great interest to me: We have investigated REvil’s discourse and behavior by applying the methodologies and concepts of criminal psychology to identify the group’s unique characteristics revealed by their recent involvement in large, ethically questionable…
No-Log VPNs Exposed Users’ Logs and Personal Details for All to See
Ugh. vpnMentor reports: A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see. ….. Each of these VPNs claims that their services are “no-log” VPNs, which means that they don’t record any user activity on their respective apps. However, we found multiple…
Citrix denies dark web claim of network compromise and ransomware attack
Simon Sharwood reports: Citrix has taken the unusual step of rebutting dark web discourse that alleges its networks have been compromised. A Wednesday post penned by CISO Fermin J. Serna says the company is aware of “threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix network,…