Although some threat groups or affiliates have sworn off attacking the medical sector with ransomware, not all have. On Sunday evening, June 2, Special Health Resources (“SHR”) posted a notice on their Facebook account: We are currently experiencing technical difficulties and on Monday, our health centers will only see patients who are actively sick. All…
Category: Malware
RansomHouse: investigation and findings by Analyst1
Analyst1 has published a report on RansomHouse: RansomHouse: Stolen Data Market, Influence Operations & Other Tricks Up the Sleeve. The Executive Summary of the report by Anastasia Sentsova begins: This research aims to identify connections between RansomHouse, and other groups based on the investigation of multiple crossclaims of victims. Emerging after the Babuk source code…
Never heard of the Embargo ransomware group? SuspectFile provides some insight.
Marco A. De Felice (aka @amvinfe) writes: Embargo is yet another ransomware group emerging in the digital extortion landscape, a group that some industry analysts compare to the much more well-known Alphv group. However, programming similarities do not align with the statements made by a group member during our interview. The program used by Embargo…
FBI Cyber Lead Urges Potential LockBit Victims to Contact Internet Crime Complaint Center
FBI Cyber Division Assistant Director Bryan Vorndran on June 5 highlighted the Bureau’s “ongoing disruption” of the LockBit ransomware group and its affiliates, and urged potential victims to contact the Bureau’s Internet Crime Complaint Center (IC3). The Bureau now has more than 7,000 LockBit decryption keys in its possession, Vorndran said in a keynote at the…
Update: London NHS hospitals revert to paper records after cyber-attack
Denis Campbell and Dan Milmo report: A cyber-attack thought to have been carried out by a Russian group has forced London NHS hospitals to resurrect long-discarded paper records systems in which porters hand-deliver blood test results because IT networks are disrupted. Guy’s and St Thomas’ trust (GSTT) has gone back to using paper, rather than computers, to…
RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks
Jai Vijayan reports: In recent attacks involving the ominously growing RansomHub ransomware, attackers have exploited the so-called ZeroLogon flaw in the Windows Netlogon Remote Protocol from 2020 (CVE-2020-1472) to gain initial access to a victim’s environment. Prior to deploying the ransomware, the attackers have used several dual-use tools, including remote access products from companies like Atera…