Shaun Nichols and Gareth Corfield report: Internal confidential documents belonging to some of the largest aerospace companies in the world have been stolen from an industrial contractor and leaked online. The data was pilfered and dumped on the internet by the criminals behind the DoppelPaymer Windows ransomware, in retaliation for an unpaid extortion demand. Read…
Category: Malware
London firm on standby to test therapeutics for COVID19 notifies volunteers about March attack by Maze Team
Hammersmith Medicines Research (HMR) in London takes pride in their record as specialists in pharmacology phase 1 and early phase 2 clinical trials — the kinds of trials that are needed before new medications can be approved for use by the public — and the kinds of trials that will be needed if new therapeutics…
Delaware urology practice hit with ransomware in January
On March 27, Brandywine Urology Consultants in Delaware began notifying the U.S. Department of Health and Human Services (HHS) and their patients about a ransomware attack. The attack occurred on January 25, and the practice became aware of it on January 27. Importantly, they state that the electronic medical records system (“EMR”) was not attacked…
Another COVID-19 Research Firm Targeted by Ransomware Attack
The Hammersmith Medicines Research (HMR) facility in London is not the only firm working on research to understand or treat COVID-19 that has been recently attacked with ransomware. While Maze Team attacked HMR in March, another team using Sodinokibi ransomware (the REvil team) was attacking 10x Genomics in California. The attack was disclosed on April…
Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do
Microsoft is doing its bit to help hospitals and care facilities to protect themselves from human-operated ransomware attacks. In a blog post published today, they write, in part: While a wide range of adversaries have been known to exploit vulnerabilities in network devices, more and more human-operated ransomware campaigns are seeing the opportunity and are jumping on…
REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation
From Intel471’s Malware Intelligence Team: REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725. REvil is highly configurable and allows operators to customize the way it behaves on the infected…