Release Date: May 16, 2023 Alert Code: AA23-136A Summary Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs)…
Category: Commentaries and Analyses
HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000
As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the leak in 2018. This site also reported when MedEvolve issued a statement months later, and again two years later when HHS got them to notify patients. Today, the U.S….
New York audit: School districts unprepared for cyber attacks
Kathleen Moore reports: Student data, including names, birth dates and addresses, are not always kept secure by school districts or the state Education Department, the state Comptroller’s Office found in an audit issued Tuesday. The Education Department “has not taken the fundamental steps or improved the technical controls needed to secure its own critical systems,” the…
Justice Department Announces Five Cases as Part of Recently Launched Disruptive Technology Strike Force
Cases Mark Strike Force’s First Enforcement Actions Since Established WASHINGTON – The Justice Department today announced criminal charges in five cases and four arrests from five different U.S. Attorney’s offices in connection with the recently launched multi-agency Disruptive Technology Strike Force. The Disruptive Technology Strike Force is co-led by the Departments of Justice and Commerce…
Ransomware Charges Unsealed Against Russian National in District of Columbia
WASHINGTON – An indictment was unsealed today in the District of Columbia charging a Russian national with participating in a global ransomware campaign which deployed ransomware variants against victims in the District of Columbia, the United States, and around the world. Mikhail Pavlovich Matveev, alleged to use the online monikers Wazawaka, m1x, Broriscelcin, and Uhodiransomwar,…
Insured companies more likely to be ransomware victims, sometimes more than once
Maria Korolov reports: Back in 2019, fewer than 20% of enterprises suffered repeat ransomware attacks, while during the pandemic, the percentage rose to around 30%. And it didn’t stop with the pandemic, with 38% of organizations surveyed in 2022 reporting two or more successful ransomware attacks, those that attackers were able to lock systems, encrypt…