Trisha Anderson, Ashden Fein and James Yoon of Covington & Burling write: On September 30, 2020, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Multi-State Information Sharing and Analysis Center (“MS-ISAC”) released a joint guide synthesizing best practices to prevent and respond to ransomware. This guide was published the day before OFAC and FinCEN released their…
Category: Malware
FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft
Genevieve Stark, Andrew Moore, Vincent Cannon, Jacqueline O’Leary, Nalani Fraser, and Kimberly Goody of FireEye write: Mandiant Threat Intelligence recently promoted a threat cluster to a named FIN (or financially motivated) threat group for the first time since 2017. We have detailed FIN11’s various tactics, techniques and procedures in a report that is available now by…
Universal Health Services reports restoration of services and its IT network three weeks after massive ransomware attack
Universal Health Services issued an update to its status following a massive ransomware attack on September 27. Here is the full text of their October 12 update: Universal Health Services (UHS) confirms that the UHS IT Network has been restored at Corporate and across all Acute Care hospitals, enabling connections to all major systems and…
UK: Hackney Hacked as Council Investigates Attack
Dan Raywood reports: London’s Hackney Council has reported it has “been the target of a serious cyber-attack which is affecting many of our services and IT systems.” According to a statement from Philip Glanville, mayor of Hackney, council officers have been working closely with the National Cyber Security Centre, external experts and the Ministry of Housing, Communities and Local…
Tyler Technologies finally paid the ransom to receive the decryption key
Pierluigi Paganini reports: Tyler Technologies has finally decided to paid a ransom to obtain a decryption key and recover files encrypted in a recent ransomware attack. Tyler Technologies, Inc. is the largest provider of software to the United States public sector. At the end of September, the company disclosed a ransomware attack and its customers reported…
AU: Spotless hit by ransomware attack
Ry Crozier reports: Spotless Group, the Downer-owned facilities services provider, is the latest high-profile Australian company to fall victim to ransomware attackers. iTnews learned that the company had been attacked on Friday last week, and a Downer spokesperson confirmed the infection. “We are investigating suspicious activity involving unauthorised access to a number of Spotless servers,” a…