While some ransomware threat actors claim that they will not attack medical entities, others have not made any such pledge. In “Without Undue Delay,” DataBreaches.net noted that Egregor ransomware threat actors had added Dyras Dental in Michigan to their leak site in September. As I reported in that paper: The data dumped by the attackers as…
Category: Malware
Ransomware-as-a-service: The pandemic within a pandemic
Intel 471 released a new article today that is significant for shining some light into some otherwise murky areas. They write, in part: Intel 471 has been tracking over 25 different ransomware-as-a-service crews over the past year, ranging from well-known groups that have become synonymous with ransomware, to newly-formed variants that have risen from the…
City of Saint John hit by ‘significant’ cyber attack
CBC reports that one of my favorite Canadian locales has been hit by a cyberattack. There’s been a “significant” cyber attack against the City of Saint John, according to a news release from the municipality on Sunday evening. The city’s 911 communication system is working, but other services such as online payments systems, email and…
Egregor ransomware causes printers to spit out ransom notes
In a somewhat novel approach to ensuring that their victim knows they have been hacked and their systems locked up, the Egregor threat actors sent messages to some Cencosud stores. Some video was shared on Twitter by @Irlenys: El #ransomware que le pegó a Cencosud es #Egregor. La ransom note empezó a salir en las…
Seine-Saint-Denis. Cyberattack at Bondy town hall: a complaint has been filed
Maëlys Dolbois reports: Since Thursday, November 12, 2020, the City of Bondy (Seine-Saint-Denis ) has been fully mobilized against a cyberattack affecting municipal services. “Our services are undergoing a massive cyber attack which renders a large part of the city’s IT equipment inoperative. In particular, e-mail boxes are affected, ”said the City. Read more on Actu. h/t, @Chum1ng0
Correction and Update: Mount Locker team denies responsibility for Sonoma Valley Hospital attack
On November 9, DataBreaches.net published “Without Undue Delay” which catalogued health sector ransomware attacks where attackers had dumped patient data as part of an attempt to pressure their victims into paying ransom. That report was a companion to a post arguing that patients need to be notified sooner of ransomware dumps than HIPAA’s 60-day window…