Sergiu Gatlan reports: The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide. The FBI says in a TLP:WHITE Private Industry Notification (PIN) shared on Wednesday that Egregor claims to have already hit and compromised more than over 150 victims…
Category: Malware
Ryuk gang estimated to have made more than $150 million from ransomware attacks
Catalin Cimpanu reports: The operators of the Ryuk ransomware are believed to have earned more than $150 million worth of Bitcoin from ransom payments following intrusions at companies all over the world. In a joint report published today, threat intel company Advanced Intelligence and cybersecurity firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed…
Greater Baltimore Medical Center restoring electronic medical records after ransomware incident
Hallie Miller reports: One month after a crippling ransomware incident, Greater Baltimore Medical Center is beginning to restore the Towson hospital’s electronic medical records, officials said this week. GBMC previously disclosed little about the Dec. 6 cyberattack, which disrupted the health care system’s communication and data-keeping infrastructure and forced it to take systems offline and reschedule…
Personal data of ANWB customers may have been stolen after a cyber attack
ANP reports that ANWB (the Royal Dutch Touring Club) has sent an email to former and current members to warn them that their data may have been compromised in cyber attack. The attack was not on ANWB’s own system, it seems, but a collection agency that they use for delinquent accounts — Trust Krediet Beheer…
Belgian consultancy Finalyse emerges unscathed from ransomware attack
Pieterjan Van Leemputten reports that one of Avaddon’s victims successfully aborted a ransomware attack and was able to restore from backup. And worse for the attackers, Finalyse reportedly isn’t concerned about the 98 GB Avaddon claims to have exfiltrated. The attackers posted a screencap of the directory to pressure Finalyse, but it seems to have…
“Without Undue Delay, Part 1:” Update on earlier ransomware cases
In November, DataBreaches.net published a commentary arguing that patients need to be notified sooner of ransomware dumps even if HIPAA would seem to allow up to 60 days. As a companion to that piece, this site looked at 30 claimed ransomware attacks on U.S. healthcare entities that had been revealed on dedicated leak sites by…