The Justice Department today unsealed two indictments charging a Russian national and resident with using three different ransomware variants to attack numerous victims throughout the United States, including law enforcement agencies in Washington, D.C. and New Jersey, as well as victims in healthcare and other sectors nationwide. According to the indictment obtained in the District…
Category: Malware
Ransomware corrupts data, so backups can be faster and cheaper than paying up
Simon Sharwood reports: Ransomware actors aim to spend the shortest amount of time possible inside your systems, and that means the encryption they employ is shoddy and often corrupts your data. That in turn means restoration after paying ransoms is often a more expensive chore than just deciding not to pay and working from our…
CrowdStrike finds new ransomware-as-a-service group targeting VMWare ESXi servers (5 tips to fight back)
Nancy Liu reports: CrowStrike discovered a new ransomware-as-a-service (RaaS) group — MichaelKors (formerly Qilin) — targeting VMWare ESXi servers since last month. The VMWare ESXi is a hypervisor that runs and manages virtual machines (VMs) directly on a dedicated host’s hardware. The products associated with the ESXi platform include VMware vSphere Hypervisor, vCenter, ONE Access or Identity…
Philadelphia Inquirer hit by cyberattack causing newspaper’s largest disruption in decades
AP reports: The Philadelphia Inquirer experienced the most significant disruption to its operations in 27 years due to what the newspaper calls a cyberattack. The company was working to restore print operations after a cyber incursion that prevented the printing of the newspaper’s Sunday print edition, the Inquirer reported on its website. Read more at…
Ransomware attack on PharMerica affected 5.8 million patients
While the Fortra/GoAnywhere data breach by Clop is shaping up to be the biggest, or one of the biggest, breaches affecting HIPAA-covered entities and business associates in 2023, an attack by Money Message on PharMerica is currently the largest single breach reported so far this year, with almost 6 million affected. On April 8, DataBreaches…
Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol
Jurgita Lapienytė reports: Unlike most ransom campaigns, CheckMate, discovered in 2022, has been quiet throughout its operations. To the best of our knowledge, it doesn’t operate a data leak site. That’s quite unusual for a ransomware campaign since many prominent gangs brag about big targets and post them as victims on their data leak sites….