February 27, 2024: SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware….
Yes, Change Healthcare breach was us — BlackCat
Zack Whittaker reports that the ongoing cyberattack at Change Healthcare has been confirmed as a ransomware attack, with executives of the firm linking it to AlphV (BlackCat). Reuters was the first to report the claimed attribution to BlackCat, but until now, there has been no confirmation from BlackCat. Minutes ago, BlackCat informed DataBreaches that yes,…
loanDepot notifying 17 million customers after ransomware attack in January
On February 16, BlackCat added loanDepot to their dark web leak site, but without any data as proof. At the time, they claimed that LoanDepot had shown up in the negotiation chat, and had offered $6 million for the data and a decryptor, but allegedly claimed they could offer more after the weekend. But after…
School cyber incidents on Long Island: Reported cases rose sharply in 2023
Craig Schneider reports: Long Island schools saw a big increase in the number of reported computer hacks and other cyber incidents in 2023 compared to the prior year, and human error continued to be a major cause of exposing sensitive student information such as special education disabilities and disciplinary problems, records show. Island schools suffered…
Zalkin law firm settles suit by clients whose sex abuse details were hacked by BlackCat
The Zalkin Law Firm (“Zalkin”), a San Diego firm advocating for sexual abuse survivors nationwide, was sued in September after BlackCat gained access to the firm’s system and exfiltrated 523 clients’ personal information, including sexual abuse details. On their dark web leak site, the threat actors claimed to have exfiltrated 415.63 GB of sexual harassment…
As expected, LockBit is back already
Only five days after an international law enforcement effort seized LockBit’s leak sites, 34 servers, and 14,400 rogue email accounts used to support infrastructure and extortion, LockBit3.0 has reappeared with a new Tor site that looks like the old one. There are half a dozen entries on it at this time. One of the listings…