First, the good news (such as it is): a ransomware attack on Christus Health by Avos Locker has not impacted patient care. Now, the bad news: the threat actors acquired — and have already leaked — a lot of sensitive information on patients and employees. On May 11, Avos Locker added Christus Health to their…
Category: Malware
Conti claims to have inside information on Costa Rica, escalates threats
DataBreaches previously reported on the situation in Costa Rica, where the government has declared a national emergency following a ransomware attack by Conti. What is of special note in this incident are Conti’s escalating threats in their attempt to get their ransom demands paid and the self-identification of the affiliate involved (who calls themself “unc1756”)….
PA: Ransomware group claims to have hit Mercyhurst University
You may need to add Mercyhurst University in Pennsylvania to any list of post-secondary educational entities hit by ransomware. SuspectFile notes that the university has not confirmed any breach and LockBit has not posted any proof (yet?). But SuspectFile notes the irony that one month after one of the university’s four colleges participated in Cyber…
Hacker and Ransomware Designer “Nosophoros” Charged for Use and Sale of Ransomware, and Profit Sharing Arrangements with Cybercriminals
A criminal complaint was unsealed today in federal court in Brooklyn, New York, charging Moises Luis Zagala Gonzalez (Zagala), also known as “Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” a citizen of France and Venezuela who resides in Venezuela, with attempted computer intrusions and conspiracy to commit computer intrusions. The charges stem from Zagala’s use and sale of…
MS: Vicksburg-Warren School District sends notifications for “Grief” ransomware incident in 2021
On May 12, 2022, Vicksburg-Warren School District in Mississippi issued a breach notification. Its explanation begins, “On or around May 28, 2021, VWSD detected unusual activity within its digital environment.” Investigation revealed that files with personal information “may have been accessed or acquired.” The “may have been” seems a bit vague given that threat actors calling…
Conti abandons all pretense at professionalism, issues increasingly strident threats as Costa Rica struggles
Conti ransomware actors have created a national emergency in Costa Rica, where the government declared a state of emergency. Multiple government agencies have reportedly been impacted by an attack in April and the government’s refusal to pay the ransom demands. Kevin Collier of NBC reported: The official declaration, published on a government website Wednesday, said that the attack…