Vitali Kremez, Al Calleo, and Yelisey Boguslavskiy report: This report illustrates some of the new and existing Tactics, Techniques, and Procedures (TTPs) of the Ryuk ransomware variants that Advintel has witnessed throughout their investigations in 2021. Initial Attack Vector: RDP Brute Force / Other Means of Initial Attack Vector Ryuk operators gain initial access to…
Category: Malware
BR: The National Library website falls victim to a ransomware attack and goes offline
Wellington Arruda reports (translation): Last Sunday [April 11], the National Library website was the target of a ransomware attack and needed to be taken down. The agency, linked to the Special Secretariat for Culture, opted to shut down the servers to alleviate the potential problems caused and new invasions. However, last Tuesday [April 13] the site was activated again, and…
UK: Latest on ransomware attack on 24 schools near Bristol
Harris Federation is not the only school academy trust hit by ransomware recently. Also hit in March was the Castle School Education Trust (CSET). As reported by Bristol Live, that attack affected not only CSET’s seven schools but 17 others maintained by the local authority who relied on the academy group’s IT infrastructure. While no ransom…
FR: The Bourbon Group hit by a cyber attack
Bourbon Group is a French firm involved in maritime and offshore shipping services in 44 countries. Le Figaro and AFP report (translation): The maritime services group for the Bourbon oil industry has been hit by a cyber attack that locks up its computer system, it said Tuesday. Christelle Loisel, vice president of communication said, stating…
IT: Asti DOCG consortium targeted by hackers
The Consortium for the Promotion of Asti has a mission: to promote the value of Asti DOCG and Moscato d’Asti wines — in Italy and in the world. Elisabetta Testa reports that they have suffered an attack (translation): The attack, which affected the servers of an external company, resulted in the temporary suspension of the…
Cyber attacks on the municipalities of Brescia, Caselle Torinese and Rho: first stolen data published
Marco A. De Felice has an update on some Italian municipalities hit by DoppelPaymer ransomware. This site has previously reported that Brescia and Rho had been hit, but now De Felice reports that DoppelPaymer operators have started dumping data from Brescia, Caselle Torinese, and Rho: The three municipalities decide not to pay the ransom requested…