The Office of Inadequate Security
In 2023, a ransomware attack against Lehigh Valley Health Network by AlphV (BlackCat) involved the threat actors leaking nude photos of some cancer patients. In reporting on one of the first class action lawsuits launched against LVHN, DataBreaches pointed out how significant this situation and litigation might be, in part, because of the nude photos…
Mark Feuerborn and Isabel Cleary report: Columbus’ massive data leak has been described as a ransomware attack, but the city’s head of technology revealed something new Monday night about the incident: not only was there no ransom, attempts to negotiate with the hackers behind it went unanswered. The Columbus City Council was on break through August,…
Sergiu Gatlan reports: American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. Headquartered in Chandler, Arizona, the chipmaker has around 123,000 customers from multiple industry sectors, including industrial, automotive, consumer, aerospace and defense, communications, and computing…
Pierluigi Paganini reports: Cicada 3301 is a new ransomware-as-a-service (RaaS) operation that appeared in the threat landscape. The group appears to be very active and already listed 23 victims on its extortion portal since mid-June. The following image shows the list of victims published by the gang on its Dark Web leak site. […] The…
Summary of Alert: The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS) (hereafter referred to as the authoring organizations) are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have…
Jonathan Greig reports: More than 210 organizations have dealt with ransomware attacks launched by the RansomHub group since February, according to an advisory from several U.S. cybersecurity agencies. The FBI joined the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services (HHS) in publishing an advisory on Thursday about RansomHub — which has…