Marco De Felice reports: After being VICTIM OF THE BLACKBAUD DATA BREACH in May of last year, Southern Arkansas University is now facing a new data theft by the Sodinokibi (REvil) ransomware group. A few minutes ago, the Sodinokibi Ransomware group published a series of screenshots on its website regarding some data exfiltrated during the cyber attack against the…
Category: U.S.
NYS Department of Financial Services Announces Cybersecurity Fraud Alert
Cyber Criminals Targeting Websites to Steal Private Consumer Information and Use for Benefits Fraud Regulated Entities Are Advised to Review Security Controls for Public-Facing Websites The New York State Department of Financial Services (“DFS”) today issued a cybersecurity fraud alert (“Alert”) to all of its regulated entities. The Alert describes a widespread cybercrime campaign to steal consumers’ nonpublic information (“NPI”) from…
Jones Day disputes claimed breach; points to hacked vendor; hacker points back to them (UPDATE2)
Although Jones Day failed to respond to multiple inquiries sent to it by this site about a ransomware attack claimed by CLOP threat actors*, the giant law firm apparently responded to inquiries by the Wall Street Journal. Their statement, however, omits important information and has been disputed by the threat actors. WSJ reports, in part:…
Could an ex-employee be planting ransomware on your firm’s network?
We’ve all seen too many instances where vengeful former employees have tried to sabotage their former employer’s network. Even when their employers remember to revoke access for the individual, they often find other ways in — like using a former colleague’s credentials or having previously created another user on the system with credentials. But would…
Preliminary settlement approved in 21st Century Oncology 2015 breach case
Long-time readers may remember that 21st Century Oncology had a slew of serious problems going back to 2013 including a rogue employee-related breach that they were alerted to by law enforcement, and litigation under the False Claims Act that resulted in them paying $34.7 million for billing for medically unnecessary tests. But of note, in…
Threat actors claim to have stolen Jones Day files; law firm remains quiet
Over on AdvIntel, Tyler Combs has a post about threat actors attacking law firms. Many of us are already aware of a number of law firms who have been attacked and who have had their firm’s files dumped publicly when they refused to pay ransom demands, but if the biggest law firms fall prey, what…