There’s an update to the Haywood County Schools ransomware attack previously noted on this site. Lawrence Abrams reports that it was SunCrypt ransomware that was used in the attack, and although the district resumed remote learning on August 31, some school services remain impacted. As part of the double extortion and leak site model that…
Category: Malware
Ca: Ministry of Justice victim of cyberattack that resulted in members of the public receiving emails with emotet
The following is a Google translation of a recent news story by Hugo Joncas: Hackers have managed to infiltrate the Justice Department’s system, and even send malware to citizens who traded with these addresses. The ministry was careful not to warn the public about the attack, but after many questions from our Bureau of Investigation,…
MA: Somerset Berkley Regional High School a victim of ransomware attack
Herald News Staff reports: Somerset Berkley Regional High School was a victim of a ransom-ware attack, according to a letter sent to parents by Superintendent Jeffrey Schoonover. Oh July 17, some high school computer systems were encrypted, which means they could no longer operate. Read more on Taunton Daily Gazette. h/t, @VERISDB
DLL Fixer leads to Cyrat Ransomware
Karsten Hahn writes about a new ransomware, Cyrat: While hunting for new malware we often use Yara rules to find suspicious samples. One of my generic ransomware hunt rules found this new ransomware sample. At the time it had only 2 detections on Virustotal. The first submission date is 25. August 2020. […] The malware…
OH: Mansfield City Schools: No personal data compromised during cyber attack
Katie Ellington reports: No “personal information” was accessed during a recent cyber attack on Mansfield City Schools, according to superintendent Stan Jefferson. Jefferson sent a letter to staff and district families Tuesday morning addressing the incident. “We want to assure you that we successfully contained the threat and at no time was any of the…
Amphastar Pharmaceuticals discovers that threat actors had exfiltrated employee data in May ransomware attack
On July 21, the DoppelPaymer ransomware threat actors added Amphastar Pharmaceuticals to their leak list. They also uploaded a number of files as proof of access and exfiltration. It was because of that listing that Amphastar eventually discovered that employee data had been stolen in a May attack. On August 27, Amphastar sent notification letters…