Emma Dukes reports: Wirral University Teaching Hospital Trust said the incident began on Monday evening (November 25), with staff members at the hospital telling LiverpoolWorld that a “cyber attack” had caused the computer systems to go down. The Trust – which comprises Arrowe Park Hospital, Clatterbridge Hospitals and the Wirral Women and Children’s Hospital – confirmed that a “major…
Category: Malware
Ransomware: Hunters International decentralizes storage
Reporting this via a Google translation of an article originally published in French. Valéry Rieß-Marchive reports: The brand provides its affiliates with Linux software allowing them to maintain complete control over the data stolen from their victims. The file is called “storage_linux_x64.” It is an executable for Linux. It is among the data of two…
Rockford Gastroenterology Associates notifies 147,253 patients of December 2023 cyberattack
In December 2023, DataBreaches added Rockford Gastroenterology Associates (“RGA”) to a list of possible ransomware victims after seeing a listing for them on the leak site for threat actors known as RA World. However, it wasn’t until September 2024 that RGA posted a notice on its website, and not until October that they notified HHS…
Ransomware Group Cooperation: A Growing Challenge in the Fight Against Cybercrime
Marco A. De Felice (aka @amvinfe) of SuspectFile and DataBreaches have often shared information with each other about threat actors or incidents, including what may appear to be second attacks or maybe just a re-listing of a previous attack. He has recently taken a look at listings of data claimed by two or more groups to…
Hibernation is Over? Akira Ransomware: Published Over 30 New Victims on their DLS (updated)
Adi Bleih reports: The Akira ransomware group has been active since March 2023, targeting diverse industries across North America, the UK, and Australia. Operating as a Ransomware-as-a-Service (RaaS) model, Akira employs a double-extortion strategy by stealing sensitive data before encrypting it. According to their leak site, the group claims to have compromised over 350 organizations….
Phobos Ransomware Administrator Extradited from South Korea to Face Cybercrime Charges
Russian National Alleged to Have Coordinated Sale, Distribution, and Operation of Phobos Ransomware as Part of International Hacking and Extortion Conspiracy The Justice Department unsealed criminal charges today against Evgenii Ptitsyn, 42, a Russian national, for allegedly administering the sale, distribution, and operation of Phobos ransomware. Ptitsyn made his initial appearance in the U.S. District Court for…