UY: Ministry of Transport and Public Works victim of ransomware attack Uruguay’s Ministry of Transport and Public Works (MTOP) was hit by a ransomware attack on October 17. On November 9, MTOP reported that it was back to normal after the ransomware attack, adding that it had recovered critical information and restored the affected services….
Category: Malware
#StopRansomware: Cuba Ransomware
Joint Cybersecurity Advisory Product ID: AA22-335A December 1, 2022 TLP:CLEAR The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Cuba ransomware IOCs and TTPs associated with Cuba ransomware actors identified through FBI investigations, third-party reporting, and open-source reporting. This advisory updates the…
Brazilian debt collection firm pays Hive $500k ransom while SuspectFile spectates it all
Marco A. De Felice (aka @amvinfe) had a bird’s eye view of negotiations between a Brazilian credit recovery and financial solutions firm and the Hive ransomware team. He also got to track the victim’s payment over wallets. Reading his partial transcript from the negotiations, the victim quickly went from an offer of $50k — an…
Vanuatu officials turn to phone books and typewriters, one month after cyber attack
At the end of October, the tiny South Pacific archipelago of Vanuatu was hit by a cyberattack with devastating consequences. They officially acknowledged the incident as an attack on November 5. Now, almost a month later, they are still struggling to recover. Christopher Cottrell reports: One month after a cyber-attack brought down government servers and…
Hackers are locking out Mars Stealer operators from their own servers
Zack Whittaker reports: A security research and hacking startup says it has found a coding flaw that allows it to lock out operators of the Mars Stealer malware from their own servers and release their victims. Mars Stealer is data-stealing malware as a service, allowing cybercriminals to rent access to the infrastructure to launch their…
De: Klinikum Lippe hospital decrypts data after “intensive negotiations” with ransomware attackers
The Klinikum Lippe describes itself as one of the largest municipal hospitals in Germany and part of the University Hospital OWL of the University of Bielefeld. On November 17, they detected a significant cyberattack that impacted all three of their locations: Detmold, Lemgo, and Bad Salzuflen. From its own statements, it appeared that the hospital…