On June 4, I noted that NetWalker ransomware operators had reportedly added the University of California at San Francisco to their website where they name victims who have not paid their ransom demands. When I checked back today, I do not see UCSF still listed on NetWalker’s site, which is curious. But I also see…
Category: Malware
Pennsylvania health system hit by NetWalker ransomware
NetWalker ransomware operators have added Crozer-Keystone Health System to their list of victims who have not paid their ransom demands. In a post on the threat actors’ website today, they note that they will start dumping data in six days if the Pennsylvania-based health system does not meet their demands. Their public threat does not…
Care New England website remains down; no evidence found of data exfiltration
Brian Amaral provides an update on what sounds like a ransomware attack: Care New England’s investigation into ongoing IT problems hasn’t turned up any evidence of unauthorized access to patient information, the nonprofit’s president and CEO said Wednesday. Dr. James Fanale said Care New England, which includes Kent Hospital, Women & Infants Hospital and Butler…
Cognizant reports the April ransomware attack to California
Lawrence Abrams reports: On April 17th, Cognizant began emailing their clients to warn them that they were under attack by the Maze Ransomware so that they could disconnect themselves from Cognizant and protect themselves from possibly being affected. This email also contained indicators of compromise that included IP addresses utilized by Maze and file hashes for the kepstl32.dll,…
OR: Keizer city computers hacked and ransomed for $48,000
Eric A. Howald reports: The city of Keizer’s computer system was hacked on Wednesday, June 10, and officials were only able to regain access to the data by paying the perpetrators a $48,000 ransom. At this point, no sensitive data appears to have been accessed or misused. Read more on The Keizer Times.
Google Alerts catches fake data breach notes pushing malware
Ionut Ilascu reports: Fraudsters recently have started to push fake data breach notifications for big company names to distribute malware and scams. They’re mixing black SEO, Google Sites, and spam pages to direct users to dangerous locations. Google Alerts helps to spread these fake notifications as the service monitors search results for user-defined keywords. Scammers created…