In February, RansomHub was described as the leading Ransomware-as-a-Service group and as a pervasive threat to critical sectors. Weeks later, Trend Micro analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware. RansomHub was clearly developing and making a significant impact in the ransomware ecosystem. But in the blink of an eye, it seemed,…
Category: Malware
Unmasking EncryptHub: Help from ChatGPT & OPSEC blunders
KrakenLabs writes: This is the second part of Outpost24’s KrakenLabs investigation into EncryptHub, an up-and-coming cybercriminal who has been gaining popularity in recent months and is heavily expanding and evolving operations at the time of writing. We’ve already published one article explaining EncryptHub’s campaigns and TPPs, infrastructure, infection methods, and targets. This article will follow a different approach. We’ll…
16 months after they experienced a ransomware attack, Dameron Hospital notifies those affected
In 2017, Dameron Hospital in Texas reported a breach to the California Attorney General’s Office. No copy of its breach notification was uploaded to California’s breach site, and Dameron did not respond to this site’s email asking for details of the breach. The incident never appeared on HHS’s public breach tool, so we never found…
Sensitive data was leaked in 2024 Highline Public Schools ransomware attack
Caitlyn Freeman reports: Personal information including Social Security numbers was compromised during the ransomware attack that hit Highline Public Schools in September, officials announced Wednesday. School officials noticed malicious activity on its servers Sept. 7. The district closed schools for two days after the attack, which was later labeled a ransomware attack. After a nearly five-month investigation, officials…
Cyberattack Forces Tribal Casino to Shut Down Slots
Fiona Simmons reports: A tribal casino hotel in Minnesotahas become the latest victim of cybercrime targeting the gambling sector. Because of that, the property was forced to temporarily shut down many of its systems until the problem was resolved. The Junction Casino Hotel, a property in the Lower Sioux Indian Community, just suffered a cybersecurity breach. As…
National Defense Corporation victim of ransomware attack; discloses breach and declines to pay any ransom.
According to National Defense Corporation (NDC), AMTEC is a manufacturer of lethal and non-lethal ammunition, explosives, and cartridges for military and law enforcement use. They write, “Globally, AMTEC is the largest volume producer of 40mm Grenade Ammunition and Fuzing. Their capabilities include precision assembly, explosive load, assemble and pack, metal forming and plating, and primary…