Ransomware operators often do their research on their victim to know what assets to go after. Here’s an example where threat actors did their research, but were perhaps too greedy in their demands. Gareth Corfield reports: The criminals who took out Scotland’s Dundee and Angus College made a ransom demand that precisely added up to…
Warning after 75,000 ‘deleted’ files found on used USB drives
BBC reports: Cybersecurity researchers discovered about 75,000 files after buying 100 of the drives on an internet auction site. Some USB drives contained files named “passwords” and images with embedded location data. All but two of the drives appeared empty, but the team said it had been “worryingly easy” to retrieve data. Read more on…
Sodinokibi/REvil ransomware gang pwns British housing biz via suspected phishing attack
Gareth Corfield reports: A social housing provider in Norwich, England, has said it was hit with the Sodinokibi ransomware following what it assumes was a successful phishing attack. Flagship Group revealed last night that its systems were compromised by a “cyberattack” on Sunday, 1 November. Read more on The Register. The attack is not (yet)…
Almost 11 million patients impacted by Blackbaud incident — and still counting
Earlier this week, Marianne Kolbasuk McGee had a follow-up piece on the Blackbaud ransomware incident. As part of her update, she reported that Blackbaud would not provide answers when asked about the number or names of clients involved in the incident who had patient data or medical information of donors involved. McGee notes: A snapshot…
Lawrence General Hospital notifying patients of breach
Lawrence General Hospital in Massachusetts is notifying patients of a breach that occurred in September. In their disclosure, LGH notes that on September 19, they discovered a “data security incident that disrupted the operations of our IT systems.” Their investigation determined that an unauthorized party “may have accessed its IT systems between September 9, 2020…
Israeli companies targeted with new Pay2Key ransomware
Catalin Cimpanu reports: Several companies and large corporations from Israel have been breached and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli networks. The first attacks were seen in late October but have now grown in numbers while also remaining contained…