September 12, 2023 TLP:CLEAR Report: 202309121400 Akira Ransomware Executive Summary Akira is a Ransomware-as-a-Service (RaaS) group that started operations in March 2023. Since its discovery, the group has claimed over 60 victims, which have typically ranged in the small- to medium-size business scale. Akira has garnered attention for a couple of reasons, such as their…
Category: Malware
Chambersburg Area School District answers some questions about ransomware attack, won’t say if they paid hackers
A statement and FAQ by the Chambersburg Area School District, as shared by TriState Alert, appears below.The district offers its reasons (translation: excuses) for not answering the questions parents and the public really want to know: did the district pay ransom, and was personal information acquired by the attackers? Although the district did not name…
Conti member indicted for role in 2021 Scripps Health ransomware attack
On September 7, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), in coordination with the United Kingdom, sanctioned 11 individuals who are alleged to be part of the Russia-based Trickbot cybercrime group. At the same time, the U.S. Department of Justice (DOJ) unsealed indictments against nine individuals in connection with the…
Hospital Sisters Health System’s CFO exits as it continues to handle ‘cybersecurity incident’
On August 29, DataBreaches reported that Hospital Sisters Health System (HSHS) and Prevea Health appeared to have been the victims of a ransomware attack. As of today, the notice on Prevea Health states, “HSHS and Prevea are experiencing a systemwide outage of clinical and administrative applications.” Prevea continues to describe it as a temporary outage….
MGM Resorts hit in disruptive cyberattack
Long-time readers may recall a story in January 2017 about a luxury hotel that reportedly paid extortion to ransomware attackers because guests were locked in their rooms. Some of the story was ultimately considered to be fake news, although the whole scenario initially seemed possible at the time. Fast forward more than six years and …
Rhysida claims responsibility for attacks on two U.S. health systems: Prospect Medical Holdings, Singing River Health
On August 3, Prospect Medical Holdings disclosed a ransomware attack that affected some of its 16 hospitals and 10 clinics, including three hospitals in Connecticut and hospitals run by Crozer Health. Although they have made some progress with recovery, a note on their website today states, “Prospect Medical Holdings, along with all Prospect Medical facilities,…