John Aguilar reports: The demand was big: $5 million to unlock Wheat Ridge’s municipal data and computer systems seized by a shadowy overseas ransomware operation. The response was defiant: We’ll keep our money and fix the mess you made ourselves. Read more at The Denver Post.
Category: Malware
LockBit ransomware builder leaked online by “angry developer”
Lawrence Abrams reports: The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang’s newest encryptor. In June, the LockBit ransomware operation released version 3.0 of their encryptor, codenamed LockBit Black, after testing it for two months. […] Regardless of how the private ransomware builder was leaked, this…
ALPHV/BlackCat ransomware family becoming more dangerous
Alex Scroxton reports: The developer or developers behind the ransomware-as-a-service (RaaS) family known variously as ALPHV, BlackCat and Noberus, have been hard at work refining their tactics, techniques and procedures (TTPs) and today are probably more dangerous than ever before, according to intelligence from Symantec. The ALPHV/BlackCat/Noberus operation – which Symantec tracks as Coreid (aka FIN7, Carbon Spider)…
IL: Some residents’ personal information possibly compromised in Quincy ransomware incident
Back in May, DataBreaches reported on a significant ransomware attack of Quincy, Illinois’s systems. Quincy paid ransom at the time to get a decryption key. Now KHQA reports: Some residents of Quincy may have had their personal information compromised when the city was hit by a cybersecurity attack earlier this year. The city said the…
Update: SERV Behavioral Health System Issues Notice of Breach
On August 6, DataBreaches reported that the Hive ransomware team claimed to have attacked SERV Behavioral Health System and encrypted SERV’s files on May 26. The listing was added to Hive’s site on July 14. SERV did not respond to email inquiries from DataBreaches in July. Time passed, but Hive never added any “proof pack”…
Scoop: Tift Regional Medical Center victim of ransomware attack in July
DataBreaches has learned that Tift Regional Medical Center in Georgia was the victim of a ransomware attack in July. Although the hospital was negotiating with the Hive ransomware group, negotiations recently broke off. According to communications shared exclusively with DataBreaches, the breach started on July 14 and ended on August 8. During that time, Hive…