On March 3, this site noted that a security incident affecting Manitoba school districts sounded like a ransomware attack on Edsembli. Yesterday, Nunavut’s Department of Education confirmed it was a ransomware attack on the territory’s school information system that stores grades, attendance and student enrolment. That system is maintained by Edsembli. No data has reportedly…
Category: Malware
Br: Hacker attack compromises operation of Celg-GT applications and files
Felipe Cardoso reports (translation): Celg Geração e Transmissão (Celg GT) – reported, on the morning of this Friday, the 19th, that it suffered, during the night, a cyber attack that left access to the entire corporate network of applications and files compromised. It has not yet been possible to identify the extent of the damage…
The Ransomware Plague: Is LATAM Surrendering to Digital Extortion?
This Research is the third part of the AdvIntel LATAM Series. To see other blogs within this series please visit: Part 1: Latin America Threat Landscape: The Paradox of Interconnectivity Part 2: Cyber Exploration: The Geostrategic Quest of APT Groups in LATAM Part 3: Economic Growth, Digital Inclusion, & Specialized Crime: Financial Cyber Fraud in…
REvil ransomware has a new ‘Windows Safe Mode’ encryption mode
Lawrence Abrams reports: The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files. Windows Safe Mode is a special startup mode that allows users to run administrative and diagnostic tasks on the operating system. This…
Acer Data Breach, Sodinokibi ransomware group publishes first stolen data
Marco A. DeFelice reports: The Sodinokibi (REvil) ransomware group publishes on its website, within the Tor networks, the first documents stolen from Acer during a recent cyber attack. Acer, headquartered in Taipei, Taiwan, is one of the world’s leading manufacturers of computers, monitors, HD Ready televisions, virtual reality devices, smartphones and many other electronic products….
CISA-FBI Joint Advisory on TrickBot Malware
CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on TrickBot malware. A sophisticated group of cyber criminals are using phishing emails claiming to contain proof of traffic violations to lure victims into downloading TrickBot. TrickBot is a highly modular, multi-stage malware that provides its operators a full suite of…