Bill Toulas reports: A regional U.S. government agency compromised with LockBit ransomware had the threat actor in its network for at least five months before the payload was deployed, security researchers found. Logs retrieved from the compromised machines showed that two threat groups had compromised them and were engaged in reconnaissance and remote access operations….
Category: Malware
At small and rural hospitals, ransomware attacks are causing unprecedented crises
Marion Renault reports: At 12:08 p.m. on a Monday, a Sky Lakes Medical Center employee tapped an email link. Within minutes, that click cracked open the Oregon hospital’s digital infrastructure for cybercriminals to infiltrate. By the time IT staff started looking into it, “everything was being encrypted,” said John Gaede, director of information services. On…
AlphaV claims attack on Florida International University (updated)
It’s been a while since DataBreaches.net reported on data security incident involving Florida International University in Miami, but if AlphaV’s claims are true, they have been breached again. AlphaV (“BlackCat”) added FIU to their leak site and claim: In our design the following information: -Personal information of students and teaching staff, including confidential data, SSN,…
War stirs up cybercrime
(Machine translation of German-language article at zdf.de). Peter Wering reports: ….. Russian groups are currently making little ransom from ransomware attacks…. That is why Russian IT criminals have partially relocated their activities to Ukraine. There they are attacking Ukrainian IT infrastructure on behalf of the Kremlin. But they also use the Internet connections there to…
Hackers use Conti’s leaked ransomware to attack Russian companies
Lawrence Abrams reports: A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. […] However, the tables have now turned, with a hacking group known as NB65 now targeting Russian organizations with ransomware attacks. Read more at BleepingComputer.
East Tennessee Children’s Hospital updates information on ransomware incident
On March 15, this site noted that the East Tennessee Children’s Hospital had posted a notice about an IT security incident. At the time, they did not identify the incident as a ransomware incident. DataBreaches.net subsequently found some explanation for that notice — a listing on a Russian-language forum offering data from ETCH with numerous…