The City of Oakland has learned that it was recently subject to a ransomware attack that began on Wednesday night. The Information Technology Department is coordinating with law enforcement and actively investigating the scope and severity of the issue. Our core functions are intact. 911, financial data, and fire and emergency resources are not impacted….
Search Results for: ransomware
Clop ransomware claims to be behind GoAnywhere zero-day attacks
Sergiu Gatlan reports: The Clop ransomware gang claims to be behind recent attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations. The security flaw, now tracked as CVE-2023-0669, enables attackers to gain remote code execution on unpatched GoAnywhere MFT instances with their administrative…
Dallas Central Appraisal District paid $170,000 to Royal ransomware attackers
Graham Cluley reports: A Dallas state agency has admitted to paying $170,000 to hackers after it suffered a ransomware attack. The Dallas Central Appraisal District (DCAD) that determines the value of all of the county’s real and personal property for taxation purposes, publicly disclosed that it had been hacked on November 8, 2022. The agency had…
CISA Alert (AA23-040A): #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Summary Note: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to…
New ESXiArgs ransomware version prevents VMware ESXi recovery
Lawrence Abrams reports: New ESXiArgs ransomware attacks are now encrypting more extensive amounts of data, making it much harder, if not impossible, to recover encrypted VMware ESXi virtual machines. Last Friday, a massive and widespread automated ransomware attack encrypted over 3,000 Internet-exposed VMware ESXi servers using a new ESXiArgs ransomware. Preliminary reports indicated that the devices were breached…
U.S. and U.K. sanction TrickBot and Conti ransomware operation members
Lawrence Abrams reports: The United States and the United Kingdom have sanctioned seven Russian individuals for their involvement in the TrickBot cybercrime group, whose malware was used to support attacks by the Conti and Ryuk ransomware operation. […] Today, the United States and the United Kingdom have sanctioned seven individuals for their involvement in the…