Akshaya Asokan reports: A newly identified financially motivated hacking group is deploying Basta ransomware as part of an ongoing extortion campaign that began early this year. Google Mandiant, which uncovered the campaign, tracks the group as UNC4393. Since Basta is not publically marketed and is available on invitation-only basis, Mandiant researchers believe UNC4393 is likely the “primary…
Category: Malware
Ever More Toxic Ransomware Brands Breed Lone Wolf Operators
Mathew J. Schwartz reports: The downfall of previously high-flying ransomware operations Alphv and LockBit has shaken up the criminal underground, turning some former affiliates into lone operators and causing some under-the-radar groups to rack up record extortion payments. Ransomware incident response firm Coveware said in a report that 10% of all ransomware attacks it monitored…
OneBlood Target of Ransomware Event; Blood Community Rallies to Help as Urgent Call for Donors is Issued
From OneBlood: OneBlood, the not-for-profit blood center serving much of the southeastern United States is experiencing a ransomware event that is impacting its software system. OneBlood is working closely with cyber security specialists, and also federal, state and local agencies as part of their comprehensive response to the situation. “OneBlood takes the security of our…
RADAR and DISPOSSESSOR shift to R-a-a-S model
In April, Jim Walter of SentinelOne wrote an article about how some ransomware affiliates were teaming up with others to get paid if they had been cheated by previous partners. Perhaps the best-known recent example of this occurred after ALPHV allegedly secured a $22 million ransoms from Change Healthcare and then absconded with the money…
Northeast Rehabilitation Hospital Network’s “incident” was a ransomware attack with data leaked, but they haven’t said that.
Northeast Rehabilitation Hospital Network (“NRHN”) is a comprehensive network of physical rehabilitation services that includes four inpatient hospitals and 25+ outpatient rehabilitation clinics. It also provides pain management and specialized pediatric outpatient rehabilitation. On July 19, NRHN notified the U.S. Department of Health & Human Services (HHS) of a “hacking/IT incident” that affected 501 patients. The “501” is…
North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers
Hacking Group Known as “Andariel” Used Ransom Proceeds to Fund Theft of Sensitive Information from Defense and Technology Organizations Worldwide, Including U.S. Government Agencies A grand jury in Kansas City, Kansas, returned an indictment on Wednesday charging North Korean national Rim Jong Hyok for his involvement in a conspiracy to hack and extort U.S. hospitals…