December 07, 2022 TLP:CLEAR Report: 202212071400 Executive Summary Royal is a human-operated ransomware that was first observed in 2022 and has increased in appearance. It has demanded ransoms up to millions of dollars. Since its appearance, HC3 is aware of attacks against the Healthcare and Public Healthcare (HPH) sector. Due to the historical nature of…
Category: Malware
Lawsuits come, lawsuits go (settle), Friday edition
Three more recent announcements of lawsuit settlements involving healthcare entities. Two of the following involve ransomware and Massachusetts entities; the third is a phishing attack on an Arkansas entity. North Shore Pain Management and Resolve I.T. North Shore Pain Management has set aside $200,000 to settle a class action lawsuit that claimed the company and…
IL: Knox College president addresses ransomware incident as notorious group claims credit
Samuel Lisec reports: Hive Ransomware Group, a FBI-identified criminal organization, has appeared to claim credit for ongoing “disruptions” to Knox College’s computer systems. In an email sent to a number of Knox students on Wednesday, a group claiming to be Hive says it has encrypted “critical infrastructure and data,” compromised the college’s backup servers and mined sensitive…
Bits ‘n Pieces (Trozos y Piezas)
MX: Jalisco Congress Attacked by Play The Congress of Jalisco announced that it has been affected by a ransomware attack on December 6 by a group called “Play.” The attack encrypted 14 servers and some employees have received extortion demands seeking payment for a decryption key. At a press conference, the President of the Board…
New Ransom Payment Schemes Target Executives, Telemedicine
Brian Krebs has an interesting write-up about some of the goings-on involving ransomware groups targeting the healthcare sector. Krebs cites Alex Holden of Hold Security, a Milwaukee-based cybersecurity firm. Holden’s team reportedly gained visibility into discussions among members of two different ransom groups: CLOP (a.k.a. “Cl0p” a.k.a. “TA505“), and a newer ransom group known as Venus. Readers…
Cybersecurity firm ‘sniffed out’ hacked Tirupati hospital data on dark web. Now, it’s a ‘victim’ too
Regina Mihindukulasuriya reports on some eyebrow-raising claims. Last week, Bengaluru-based cybersecurity firm CloudSEK claimed it had found patient data from Sree Saran Medical Centre (SSMC) in Tirupati being sold on the dark web. This week, the company has itself become the victim of a cyber attack. Over 6-7 December, CloudSEK updated its blog about the…