Jonathan Greig reports: The legislature of Argentina’s capital city announced a ransomware attack this week, saying that its internal operating systems were compromised and WiFi connectivity was down. In several tweets, the account for the legislature of Buenos Aires said the attack began on Sunday and took down the building’s WiFi network, among other systems….
Category: Malware
Three Iranian Nationals Charged With Engaging In Computer Intrusions And Ransomware-Style Extortion Against U.S. Critical Infrastructure Providers
NEWARK, N.J. – An indictment was unsealed today charging three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims, U.S. Attorney Philip R. Sellinger and National Security Division Assistant Attorney General Matthew Olsen announced today. As alleged in the indictment, from October 2020 through the present, Mansour…
A busy morning for those tracking ransomware in the healthcare sector
It is turning out to be a somewhat busy morning here because three new incidents in the healthcare sector reportedly involved ransomware or ransom attempts. DataBreaches was already aware that Medical Associates of the Lehigh Valley notified HHS of a breach impacting 75,268 patients, but their notification letter reveals that this was a ransomware attack….
Lorenz ransomware breaches corporate network via phone systems
Sergiu Gatlan reports: The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. Arctic Wolf Labs security researchers spotted this new tactic after observing a significant overlap with Tactics, Techniques, and Procedures (TTPs) tied to ransomware attacks…
LockBit updates leak site with post about Sud-Francilien hospital
After weeks of information and misinformation leaking out, and after some outstanding reporting by Valéry Rieß-Marchive on LeMagIT, LockBit 3.0 has publicly confirmed that they are responsible for the attack on South Francilien Hospital Center (CHSF). Consistent with the usual rhetoric we see from threat actors in such circumstances, LockBit tries to put responsibility on…
Ransomware gangs switching to new intermittent encryption tactic
Bill Toulas reports: … SentinelLabs has posted a report examining a trend started by LockFile in mid-2021 and now adopted by the likes of Black Basta, ALPHV (BlackCat), PLAY, Agenda, and Qyick. These groups actively promote the presence of intermittent encryption features in their ransomware family to entice affiliates to join the RaaS operation. Read more at…