Reuters reports: DaVita said on Monday it had become aware of a ransomware incident that has encrypted some elements of its network, prompting the dialysis firm to implement measures to limit the effect of the breach. The company discovered the cyberattack on Saturday, but added it “cannot estimate the duration or extent of the disruption…
Category: Malware
Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns
From Europol: Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025. In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet,…
When the victimizers become the victims…. RansomHub the victim of a takeover?
In February, RansomHub was described as the leading Ransomware-as-a-Service group and as a pervasive threat to critical sectors. Weeks later, Trend Micro analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware. RansomHub was clearly developing and making a significant impact in the ransomware ecosystem. But in the blink of an eye, it seemed,…
Unmasking EncryptHub: Help from ChatGPT & OPSEC blunders
KrakenLabs writes: This is the second part of Outpost24’s KrakenLabs investigation into EncryptHub, an up-and-coming cybercriminal who has been gaining popularity in recent months and is heavily expanding and evolving operations at the time of writing. We’ve already published one article explaining EncryptHub’s campaigns and TPPs, infrastructure, infection methods, and targets. This article will follow a different approach. We’ll…
16 months after they experienced a ransomware attack, Dameron Hospital notifies those affected
In 2017, Dameron Hospital in Texas reported a breach to the California Attorney General’s Office. No copy of its breach notification was uploaded to California’s breach site, and Dameron did not respond to this site’s email asking for details of the breach. The incident never appeared on HHS’s public breach tool, so we never found…
Sensitive data was leaked in 2024 Highline Public Schools ransomware attack
Caitlyn Freeman reports: Personal information including Social Security numbers was compromised during the ransomware attack that hit Highline Public Schools in September, officials announced Wednesday. School officials noticed malicious activity on its servers Sept. 7. The district closed schools for two days after the attack, which was later labeled a ransomware attack. After a nearly five-month investigation, officials…