Paul Pedro reports: The five regional hospitals affected by a ransomware cyberattack are confirming that charting systems started coming back online last week and have continued this week. “As we continue to bring systems online, we are closely monitoring system integrity during network restoration at each institution,” hospital officials said in a statement on Thursday morning. “This…
Category: Malware
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors
Ryan Tomcik, Adrian McCabe, Rufus Brown, and Geoff Ackerman write: Earlier this year, Mandiant’s Managed Defense threat hunting team identified an UNC2975 malicious advertising (“malvertising”) campaign promoting malicious websites themed around unclaimed funds. This campaign dates back to at least June 19, 2023, and has abused search engine traffic and leveraged malicious advertisements to affect…
Prolonged internet outage forces Henry County Schools to return to basics
Leon Stafford reports: Under normal circumstances, Henry County teacher Samantha Hawthrone’s third graders would pull out their Chromebooks when building pie charts and histograms. But last week, Hawthrone’s Austin Road Elementary School class was constructing bar graphs the old-fashioned way — on paper printed out for each student. Instead of building the charts using a…
Covenant Care patient and employee data being leaked by ransomware group
In November, Hunters International claimed that they had attacked Covenant Care. Since that time, they have been leaking what appears to be more and more patients’ protected health information (PHI) and employees’ personal information. Covenant Care operates services providing skilled nursing, residential care, therapy services, and home health care at 29 locations in California and…
Russian banker of Hive ransomware network arrested in Paris
The following is an automatic machine translation of an article by Le Figaro with AFP: A Russian, suspected of having recovered in cryptocurrencies the money taken from French victims of the powerful Hive ransomware , dismantled in January, was arrested last week, AFP learned on Tuesday December 12 from the judicial police. The suspect, ”…
Ransomware Group Publishes Stolen Medical Data
Paul Sisson reports: Though Tri-City Medical Center got its operations back up and running 17 days ago, ransomware extortion efforts appear to be ongoing against the Oceanside hospital. Earlier this week, a cybersecurity expert noted in a message on X, formerly called Twitter, that “INC RANSOM”, a well known group of cyber extortionists, announced its possession of records stolen…