A May 1 announcement by PENNCREST School District in Pennsylvania begins: Over the weekend, the PENNCREST School District became aware of a situation, believed to be a ransomware event, which has disrupted certain aspects of our operations. We quickly took steps to implement our Cybersecurity Incident Response Plan. Following our plan, we shut down and…
Category: Malware
Montana State University update on “cyberattack” doesn’t disclose it’s ransomware
Montana State University was hit with a cyberattack on April 20. They are still working to recover from it. Here is their latest update: Campus network update: NetID password changes, service status page Sent at 8:18 a.m. Friday, April 28, via email to students, faculty and staff. As work continues to return Montana State University’s…
The Untold Story of the Boldest Supply-Chain Hack Ever
Kim Zetter has a fascinating piece on the run-up to the SolarWinds attack. Here’s a snippet: In fact, the Justice Department and Volexity had stumbled onto one of the most sophisticated cyberespionage campaigns of the decade. The perpetrators had indeed hacked SolarWinds’ software. Using techniques that investigators had never seen before, the hackers gained access…
Suffolk, without a cyberattack recovery plan, hires chief to create one
Vera Chinese reports: Suffolk County’s new chief security information officer, announced Monday by County Executive Steve Bellone, will be charged with creating a recovery plan for potential cyberattacks in the future, administration officials said. The lack of a stand-alone recovery plan before a breach was discovered Sept. 8 likely contributed to the amount of time it has taken…
Ransomware Gang Claims Edison Learning Data Theft
Krystal Kuykendall reports: The Royal Ransomware is claiming to have infiltrated public school management and virtual learning provider Edison Learning, posting on its dark web data leak site on Wednesday, April 26, that it had stolen 20GB of the company’s data “including personal information of employees and students” and threatening to post the data “early next…
Bits ‘n Pieces (Trozos y Piezas)
CL: Saville Row attacked by BlackCat Saville Row, a Chilean clothing store, was added to BlackCat’s leak site on April 21. Sample files provided by the threat actors included internal Saville Row documents such as invoices and purchase orders. DataBreaches found no notice of any incident on the store’s website or social networks. They did…