BBC reports: Scotland’s environmental watchdog has said it could take years to fully recover from a cyber attack. The Scottish Environment Protection Agency (Sepa) had more than 4,000 digital files stolen by hackers on Christmas Eve. Chief executive Terry A’Hearn revealed it is now building a new IT system from scratch. Sepa said it had backup…
Category: Malware
Arrested Clop gang members laundered over $500M in ransomware payments
Catalin Cimpanu reports: The members of the Clop ransomware gang that were arrested last week in Ukraine as part of an international law enforcement action also operated money laundering services for multiple cybercrime groups. According to cryptocurrency exchange portal Binance, the group engaged in both cyber-attacks and “a high-risk exchanger” that laundered funds for the Clop ransomware…
Westfield clerk, mayor battle over spyware installed on city hall computers
Richard Essex reports: Spyware was found on all of the computers in the Westfield clerk treasurer’s office, and now she and the mayor are battling in court about it. This particular software allows remote access to all the data stored in that office, which includes information for a dozen city bank accounts, and personal information…
City of Liege, Belgium hit by ransomware
Catalin Cimpanu reports: Liege, the third biggest city in Belgium, has suffered today a ransomware attack that has disrupted the municipality’s IT network and online services. Following the attack, most of the city’s civil status and population services are down, Liege officials said on a status page today. Read more on The Record.
Brazil medical firm Fleury hit by cyberattack
Jake Spring reports: Brazilian medical lab company Fleury SA (FLRY3.SA) said in a securities filing that a cyberattack had resulted in a partial outage of its information technology systems on Tuesday. Read more on Reuters. Update of June 27: REvil (Sodinokibi) ransomware operators have added Fleury to their leak site. The threat actors claim to have acquired…
LV Ransomware Group Repurposed REvil Binary, Researchers Find
Dennis Fisher reports: Researchers have discovered that the LV ransomware that has been in use since late 2020 is actually a modified version of the REvil ransomware binary that is being distributed by a separate threat group. An analysis of the LV ransomware binary by Secureworks Counter Threat Unit researchers shows that LV is a version of…