Lawrence Abrams reports: The Fonix Ransomware operators have shut down their operation and released the master decryption allowing victims to recover their files for free. Fonix Ransomware, also known as Xinof and FonixCrypter, began operating in June 2020 and has been steadily encrypting victims since. Read more on BleepingComputer.
Category: Malware
Ransomware attack on Netgain Technology compromised info of Ramsey County home visit clients
Deanna Weniger reports: Ramsey County government offices have been hacked … again. On Friday, the county sent a notification to 8,700 clients of its Family Health Division letting them know that their data may have been accessed on or around Dec. 2. Netgain Technology LLC, a vendor that provides technology services to Ramsey County, advised the county…
GA: Crisp Regional Health Services falls victim to ransomware attack
Kim McCullough and Bobby Poitevint report: Crisp Regional Health Services was recently the victim of a ransomware attack, which affected some of the systems and encrypted files, according to a release from the hospital. “Workflow was never compromised, patient care was never compromised,” said Brooke Marshall, the community relations and foundation director. Officials said they…
UKRI issues statement about ransomware attack
GC reports: The UK Research and Innovation (UKRI) has sustained a cyber attack adversely affecting several of its web assets, which has resulted in data being encrypted by a third party. After reporting the incident to the National Crime Agency, the National Cyber Security Centre and Information Commissioner’s Office, UKRI stated that at this point…
Ca: Cyber security incident at Peel District School Board causes system outage
City News reports: Peel District School Board says it’s in the process of getting back to normal operations after a cyber security incident on January 26th that resulted in the encryption of files and systems. Releasing a statement on Twitter Thursday evening, the PDSB says there’s no reason to believe any personal or sensitive information…
Nefilim Ransomware Attack Uses “Ghost” Credentials
Dan Kobialka reports: Sophos researchers have discovered a Nefilim ransomware attack in which an unmonitored account belonging to a deceased employee was used to infiltrate more than 100 systems. During the cyberattack, a Nefilim threat actor exploited vulnerable Citrix software, Sophos indicated. The actor gained access to the Citrix admin account and stole the credentials for a domain…