#ransomware
#ransomware

Black Basta, Bl00dy ransomware gangs exploiting ConnectWise vulns | Computer Weekly

Ransomware gangs exploit ConnectWise ScreenConnect vulnerabilities with high CVE scores.

Multiple threat actors using leaked build of LockBit target unpatched organizations. [ more ]

TechCrunch

Researchers say easy-to-exploit security bugs in ConnectWise remote access software now under mass-attack | TechCrunch

Two easy-to-exploit flaws in ConnectWise ScreenConnect are being mass-exploited by hackers.

Hackers are using the vulnerabilities to deploy ransomware and steal sensitive data. [ more ]

Theregister

CISA's ransomware warnings helped critical orgs fix 852 bugs

US government's CISA is actively assisting critical infrastructure organizations in addressing vulnerabilities exploited by ransomware gangs to prevent attacks. [ more ]

Theregister

CISA boss: Secure software needed to stop ransomware

Make software secure by design to combat ransomware attacks and enhance cybersecurity measures. [ more ]

Theregister

3 days ago

CISA spreads Black Basta advice amid Ascension infection

US security agencies issued advisories on Black Basta after the group claimed responsibility for a cyberattack on a healthcare provider. [ more ]

TNW | Data-Security

Meet the leader of LockBit, the 'most active ransomware gang ever'

LockBit's alleged leader, Dmitry Khoroshev, unmasked by Cybercrime hunters, known for leading the most active ransomware group causing billions in damages. [ more ]

ITPro

Russian LockBit mastermind unmasked by law enforcement

Authorities unmask leader of LockBit ransomware group after international law enforcement disruption led by UK NCA, imposing sanctions and revealing US reward for his arrest. [ more ]

WIRED

The Alleged LockBit Ransomware Mastermind Has Been Identified

Law enforcement monitoring cybercriminal activities can lead to arrests and disruption of operations. [ more ]

ITPro

Medical equipment supplier NRS Healthcare confirms ransomware attack

Healthcare equipment provider NRS Healthcare faces ransomware attack with over 600k documents stolen by RansomHub group. [ more ]

Nextgov.com

UnitedHealth CEO grilled over 'clear national security threat' from Change Healthcare hack

Senators questioned UnitedHealth CEO on recent ransomware cyberattack. [ more ]

Theregister

UnitedHealth CEO: 'Decision to pay ransom was mine'

Cybercriminals used stolen credentials to access Change Healthcare's systems, prompting CEO Andrew Witty to pay a $22 million ransom, emphasizing the importance of cybersecurity measures. [ more ]

WIRED

4 weeks ago

Change Healthcare's New Ransomware Nightmare Goes From Bad to Worse

Change Healthcare faces cyberattack with stolen medical and financial data being sold by ransomware group. [ more ]

Theregister

Second ransomware gang says it's extorting Change Healthcare

Change Healthcare faces second ransomware attack shortly after recovering from first one.

RansomHub demands ransom from Change Healthcare, threatening to sell stolen data if payment not made. [ more ]

morehealthcare-industry

cyberattack

cyberscoop.com

3 days ago

Ransomware used in attack that disrupted US hospitals

A ransomware cyberattack disrupted operations at Ascension, one of the largest U.S. health care systems. [ more ]

Darkreading

Nissan Oceania Breached; 100K People Affected Down Under

Nissan faces cyberattacks history

Sensitive personal data exposed in recent attack [ more ]

morecyberattack

cyberattack

MedCity News

Answering 7 Key Questions About Change Healthcare's Cyberattack

Change Healthcare hit by cyberattack affecting patient prescriptions

Federal government steps in to address fallout and digital bottlenecks

Russian-speaking cybercriminal group BlackCat known for ransomware attacks and data leaks [ more ]

www.fastcompany.com

Who is Blackcat, the hacker group that has disrupted UnitedHealth and pharmacies everywhere?

Blackcat ransomware group identified as responsible for cyberattack on UnitedHealth's Change Healthcare business

Multiple law enforcement agencies investigating Blackcat ransomware group for disrupting critical infrastructure [ more ]

www.databreaches.net

Yes, Change Healthcare breach was us BlackCat

Change Healthcare cyberattack confirmed as ransomware attack linked to BlackCat (AlphV)

Attack impacted pharmacies and hospitals, causing prescription and payment processing issues [ more ]

TechCrunch

LoanDepot says about 17 million customers had personal data and Social Security numbers stolen during cyberattack | TechCrunch

LoanDepot confirmed data breach impacting 17 million customers' sensitive information.

Other loan and mortgage companies also targeted by cyberattacks in recent months. [ more ]

morecyberattack

Databreaches

CISA Alert CodeAA23-353A: ALPHV BlackCat

#StopRansomware advisories provide TTPs and IOCs to help organizations protect against ransomware.

ALPHV Blackcat ransomware targeting healthcare sector since mid-December 2023. [ more ]

lockbit

TechCrunch

Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn | TechCrunch

The high-risk flaws in ConnectWise ScreenConnect are being exploited by hackers to deploy LockBit ransomware.

Two vulnerabilities, an authentication bypass bug and a path traversal bug, are actively exploited to plant malicious code remotely. [ more ]

www.fastcompany.com

The LockBit cybercrime takedown shows FBI is getting more media savvy

LockBit responsible for 25% of internet ransomware

Law enforcement successfully took down LockBit gang [ more ]

Ars Technica

LockBit ransomware group taken down in multinational operation

Law enforcement agencies disrupt cybercrime gang LockBit, arresting key members and seizing core technology.

LockBit responsible for billions in damages through ransomware attacks targeted at high-profile institutions worldwide. [ more ]

morelockbit

Coindesk

U.S. DOJ Identifies and Charges LockBit Ransomware Gang Leader with Fraud, Extortion

U.S. authorities identified Dmitry Khoroshev as LockBit ransomware gang mastermind, offering $10M reward. [ more ]

ITPro

Nearly 70 software vendors sign up to CISA's cyber resilience program

Nearly 70 leading US software companies are committing to incorporating secure by design principles into their products to enhance cyber resilience. [ more ]

ComputerWeekly.com

Enhance identity controls before banning ransomware payments | Computer Weekly

Ransomware payments should be banned to prevent funding cybercriminals, but SMEs may struggle to recover from data loss. [ more ]

Theregister

US healthcare org Ascension is battling a 'cyber' incident

Healthcare organization Ascension in the US experiences a cybersecurity event affecting its network. [ more ]

Theregister

UnitedHealth's 'egregious negligence' led to that ransomware

Cybersecurity negligence led to ransomware infection at Change Healthcare. [ more ]

Theregister

4 days ago

Ransomware negotiator weighs in on the payment debate

Ransomware attacks surged in 2023, raising concerns about negotiation regulation and payment bans. [ more ]

Theregister

6 days ago

Over 500k Ohio Lottery lovers notified of data theft

Cybercriminals stole personal data of over 500,000 Ohio Lottery gamblers, offering credit monitoring to affected individuals. [ more ]

Exponential-e Ltd.

2 days ago

Black Basta ransomware group's techniques evolve, as FBI issues new warning in wake of hospital attack

Security agencies warn about Black Basta ransomware group after Ascension cyberattack. [ more ]

TechCrunch

UnitedHealth data breach should be a wakeup call for the UK and NHS | TechCrunch

Ransomware attack on UnitedHealth Group highlights the risk of entrusting sensitive data to companies with irresponsible data protection practices. [ more ]

Los Angeles Times

Glendale teachers surprised to find their taxes already filed -- fraudulently

The Glendale Unified School District experienced a ransomware attack resulting in the fraudulent filing of taxes for hundreds of employees. [ more ]

Ars Technica

3 weeks ago

Hackers are carrying out ransomware experiments in developing countries

Hackers target developing countries for ransomware testing before attacking richer nations. [ more ]

TechRepublic

3 UK Cyber Security Trends to Watch in 2024

Cyber attacks named top risk for businesses in the U.K. for the first time.

AI, zero days, and IoT security identified as significant trends in cyber security for 2024. [ more ]

Theregister

5 days ago

Critical infrastructure security needs everyone's help

Cyberattacks on critical infrastructure are increasing rapidly, posing significant threats globally. [ more ]

Ars Technica

3 days ago

Black Basta ransomware group is imperiling critical infrastructure, groups warn

Black Basta ransomware group causing havoc in critical infrastructure sectors. [ more ]

Theregister

2 days ago

NCSC and insurers target ransom payments with guidebook

The NCSC partners with insurance associations to release guidance book on avoiding ransom payments. [ more ]

Theregister

4 hours ago

Crims abusing Microsoft Quick Assist to deploy ransomware

A cybercrime gang is exploiting Microsoft's Quick Assist for social engineering attacks leading to Black Basta ransomware infections. [ more ]

ITPro

1 day ago

What you need to know about the new NCSC ransomware guidance

NCSC partnered with insurance bodies to reduce ransom payments by educating victims on the risks and consequences. [ more ]

CyberScoop

Exploitation of vulnerabilities almost tripled as a source of data breaches last year

Attacks exploiting vulnerabilities increased by 180% driven by MOVEit hack. [ more ]

ComputerWeekly.com

Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly

Handling ransomware attacks requires weighing up asset value and determining the best recovery strategy. [ more ]

TechCrunch

Change Healthcare hackers broke in using stolen credentials - and no MFA, says UHG CEO | TechCrunch

Hackers exploited stolen credentials without multi-factor authentication to breach Change Healthcare's systems, leading to massive health data exfiltration in a ransomware attack. [ more ]

Theregister

London

'Cybersecurity incident' closes London Drugs' pharmacies

London Drugs closed all stores due to a cybersecurity incident [ more ]

ITPro

Windows 11 Pro and CDW - Overcoming today's escalating cyberthreats

Security concerns should not impede business growth. Windows 11 Pro devices help mitigate cybersecurity risks. [ more ]

Tripwire

3 weeks ago

"Junk gun" ransomware: the cheap new threat to small businesses

Cheap, unsophisticated ransomware like 'junk gun' poses a serious threat to organizations, despite not making headlines like other advanced variants. [ more ]

Forbes

3 weeks ago

Marketing

Malvertising Slips Through: Boosting Digital PR And Ad Safety Is Vital

Digital ad tools by mar-tech startups are crucial, but malvertising poses significant threats exploiting trust and mimicking legitimate brands. [ more ]

Harvard Business Review

4 weeks ago

Business intelligence

How to Stay Ahead of a Cybersecurity Breach with the Right Resilience Strategy - SPONSOR CONTENT FROM COMMVAULT

Cybercriminals are advancing their tactics, causing widespread ransomware attacks across organizations of all sizes. [ more ]

ComputerWeekly.com

Artificial intelligence

CISOs not yet convinced to invest in AI | Computer Weekly

CISOs are concerned about AI cyber threats but prioritize existing risks like ransomware and vulnerabilities over hypothetical AI-orchestrated attacks. [ more ]

TechCrunch

A ransomware gang is leaking Change Healthcare's stolen patient data | TechCrunch

Cybercriminals published stolen medical records to extort payment from Change Healthcare. [ more ]

ComputerWeekly.com

Seven ways to be sure you can restore from backup | Computer Weekly

Regular testing is crucial for the effectiveness of a disaster recovery plan.

Understanding critical systems and dependencies is essential for successful backup testing. [ more ]

TechRepublic

Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted

Backups do not guarantee safety from ransomware attacks; compromised backups significantly increase the likelihood of paying ransom and recovery costs. [ more ]

Above the Law

Law

Cybersecurity Statistics In 2024: Is Your Law Firm Protected?

71% of users admitted to taking risky actions in cybersecurity, despite being aware of the risks.

MFA is seen as a valuable tool for protection, although not foolproof against attacks like Evil Proxy and ransomware. [ more ]

Databreaches

Law

True or false, Friday law enforcement edition

Law enforcement is making progress in disrupting ransomware groups.

Seizing onion sites and servers without arresting leaders may allow groups to reemerge. [ more ]

www.npr.org

Law

Global law enforcement effort cracks down on LockBit ransomware group

Law enforcement from 11 countries disrupts major cybercrime group Lockbit

Lockbit made over $120 million through ransomware attacks [ more ]

ComputerWeekly.com

Qilin ransomware gang claims cyber attack on the Big Issue | Computer Weekly

A ransomware gang called Qilin claimed responsibility for breaching the Big Issue Group's IT systems and stealing 550GB of confidential data.

The stolen data includes personnel info, contracts, financial statements, and personal addresses like passport scans and payroll information. [ more ]

Exponential-e Ltd.

Ransomware: lessons all companies can learn from the British Library attack

The British Library faced a major cyber incident with data encryption and exfiltration by Rhysida ransomware gang.

British Library refused to pay ransom, emphasizing adherence to the UK's policy against such payments. [ more ]

Theregister

Vans says cyber crooks didn't nab customers' financial info

35.5 million customers notified of identity threat

No evidence of credit card or bank account details stolen [ more ]

Theregister

Yacht dealer to the celebs attack claimed by Rhysida gang

Rhysida ransomware group is claiming responsibility for the cyberattack on MarineMax.

Rhysida is holding a seven-day auction for the stolen data, offering a potential plan B payout if the victim refuses to pay ransom. [ more ]

Theregister

Crypto scams more costly to US than ransomware, feds say

Investment fraud led to the largest financial loss in cybercrimes last year at $4.57 billion, mostly targeting victims seeking quick returns through cryptocurrency.

Scammers utilize social engineering tactics like romance or confidence scams to transition into crypto investment fraud, along with appealing scams claiming to recover lost funds. [ more ]

www.theguardian.com

British Library did the right thing by not paying cybercriminals | Letter

Refusing to pay ransoms discourages cybercriminals

Collaboration key to combat ransomware attacks [ more ]

www.mercurynews.com

Larry Magid: How to avoid or recover from a ransomware attack

Ransomware encrypts data demanding ransom.

Backups are essential in preventing data loss from ransomware attacks. [ more ]

Theregister

Stanford University failed to detect intruders for 4 months

Stanford University's cybersecurity incident involved ransomware and went unnoticed for over four months.

27,000 people affected by the attack received data breach notices and offered free credit monitoring and identity theft recovery services. [ more ]

ComputerWeekly.com

British Library opens up over ransomware attack to help others | Computer Weekly

Ransomware attack on British Library

Importance of transparency in cybersecurity incidents [ more ]

www.theguardian.com

Ransomware groups warned there is no money in attacking British state

Ransomware gangs targeting state institutions may not receive payments.

NCSC policy is clear against ransom payments for attacks on publicly-funded institutions. [ more ]

www.npr.org

One reason school cyberattacks are on the rise? Schools are easy targets for hackers

School systems nationwide are increasingly at risk of cyberattacks, including ransomware demands.

Cybersecurity incidents in educational institutions can have a significant impact on daily operations and pose serious threats to sensitive data. [ more ]

eLearning Industry

The Role Of Content Marketing In Educating Clients About Cybersecurity Threats

Content marketing is key in educating clients about cybersecurity threats.

Top cybersecurity threats include phishing, malware, and ransomware. [ more ]

The Atlantic

The Health System Was Too Easy a Target for Hackers

Cybercriminals exploit vulnerabilities more effectively than regulators.

Ransomware attacks on essential infrastructure have wide-ranging consequences. [ more ]

ComputerWeekly.com

Banning ransomware payments back on the agenda | Computer Weekly

Ransomware is a severe cybersecurity threat to businesses.

There is increasing support for banning ransomware payments in the cybersecurity industry. [ more ]

TNW | Data-Security

New call to ban ransomware payments divides cybersecurity sector

Ransomware expert urges banning ransom payments due to the significant threat it poses to businesses.

Industry professionals express concerns about enforcing a ban on ransom payments, citing potential unintended consequences. [ more ]

Theregister

Experts echo calls for ransomware ban as LockBit rallies

Ransomware payments ban call is growing

Financial challenges in banning ransomware payments [ more ]

TechCrunch

Should we ban ransom payments? | TechCrunch

Banning ransom payments is complex

US government's approach to ransom payments is evolving [ more ]

Theregister

LockBit's claim of fresh ransomware payments denied

The LockBit ransomware gang continues operations despite law enforcement action

Speculation that the gang may have suffered significant setbacks [ more ]

Theregister

Ransomware crews lean into infostealers for initial access

Infostealers are gaining popularity among cybercriminals for easy access into organizations' IT environments.

Methods such as brute-force attacks, credential stuffing, and exploiting vulnerabilities are common ways for cybercriminals to gain access to systems. [ more ]

Theregister

ALPHV lists Change Healthcare, claims 6TB stolen data

ALPHV/BlackCat cybercrime gang claimed responsibility for ransomware attack at Change Healthcare

Cyber criminals often exaggerate claims of stolen data to pressure victims to pay up quickly [ more ]

ComputerWeekly.com

75% of third-party breaches target software, IT supply chains | Computer Weekly

Approximately 75% of cyber security breaches through third-parties occur after attacking entities in the victim's supply chain. Third-party breaches contribute to about 29% of all breaches recorded by SecurityScorecard. [ more ]

WIRED

Ransomware Groups Are Bouncing Back Faster From Law Enforcement Busts

Law enforcement's actions against ransomware groups often lead to short-lived disruptions.

Ransomware groups, like BlackCat, can quickly regroup and restart their attacks with impunity. [ more ]

Databreaches

If you pay ransom, you may not get your data back and worse, you probably WILL get hit again - Cybereason Survey

Paying ransom encourages more attacks

Organizations that pay ransom are likely to be targeted again [ more ]

BleepingComputer

Cactus ransomware claim to steal 1.5TB of Schneider Electric data

Cactus ransomware gang claims 1.5TB data stolen from Schneider Electric.

Ransomware group threatens to leak stolen data if ransom not paid. [ more ]

Databreaches

Unpicking LockBit - 22 Cases of Affiliate Tradecraft

GOLD MYSTIC threat group operates LockBit RaaS since mid-2019

Disruptive action taken against LockBit RaaS operation by international law enforcement [ more ]

Databreaches

Updating: In "Cronos," law enforcement took down 34 Lockbit servers

Law enforcement seized control of LockBit's infrastructure and arrested key actors.

Authorities disrupted LockBit's criminal enterprise by seizing servers, freezing cryptocurrency accounts, and issuing arrest warrants. [ more ]

Databreaches

Developing: LockBit disrupted by law enforcement

LockBit3.0 dark web blog seized by law enforcement.

LockBit services disrupted due to international law enforcement action. [ more ]

Databreaches

Reward Offers for Information to Bring Hive Ransomware Variant Co-Conspirators To Justice

The Department of State is offering a reward of up to $10,000,000 for information on the Hive ransomware group's key leaders.

The reward also includes up to $5,000,000 for information on anyone involved in Hive ransomware activity. [ more ]

TechCrunch

US sanctions LockBit members after ransomware takedown | TechCrunch

The U.S. government sanctioned two members of the LockBit hacking gang.

Sanctions against individuals make it harder for hackers to profit from ransomware. [ more ]

www.independent.co.uk

Hacker website taken over by UK-led law enforcement operation

Law enforcement takes over LockBit's website distributing ransomware.

International cooperation for cybercrime investigations. [ more ]

www.france24.com

International investigation disrupts infamous ransomware gang LockBit

Law enforcement agencies disrupt LockBit ransomware syndicate

LockBit linked to thousands of cyberattacks globally

International collaboration key in dismantling LockBit [ more ]

TechCrunch

Why are ransomware gangs making so much money? | TechCrunch

Ransomware gangs had a lucrative year in 2023

Known ransomware payments almost doubled in 2023 [ more ]

Harvard Business Review

Why Data Breaches Spiked in 2023

Data breaches continue to increase yearly, with a 20% rise from 2022 to 2023.

Primary reasons for increased data theft: cloud misconfiguration, new ransomware attacks, vendor system exploitation. [ more ]

Theregister

ALPHV claims cyberattacks on Prudential Financial, LoanDepot

Ransomware group ALPHV/BlackCat claimed attacks on Prudential Financial and LoanDepot.

Victims advised not to pay ransom to cybercriminals and risk data disclosure. [ more ]

TechCrunch

Why are ransomware gangs making so much money? | TechCrunch

Ransomware gangs had a lucrative year in 2023 with record-breaking earnings.

2023 saw an escalation in ransomware tactics, but a drop in payments due to improved cyber defenses. [ more ]

Databreaches

Reward for Information: ALPHV/Blackcat Ransomware as a Service

The U.S. Department of State is offering a reward of up to $10 million for information on the leadership of the ALPHV/Blackcat ransomware group.

The FBI has helped victims restore their systems and prevent $99 million in ransom payments. [ more ]

ComputerWeekly.com

Southern Water customer data was taken in ransomware attack | Computer Weekly

Southern Water confirms customer data stolen in ransomware attack

Data stolen includes customer names, birthdates, bank account details [ more ]

Theregister

Southern Water cyberattack will affect swathe of customers

Between 5 and 10 percent of Southern Water's customers had their data stolen in a cyberattack.

Southern Water has still not confirmed if ransomware was involved in the attack. [ more ]

Theregister

Romania ransomware crisis pinned to third-party incident

The outbreak of ransomware cases in Romanian hospitals is linked to an incident at a service provider that operates a healthcare management platform used by hospitals across the country.

Over 100 hospitals in Romania have been affected, with some disconnected from the internet and others having their files encrypted. The scale of the ransomware emergency is comparable to the WannaCry attack on NHS trusts in 2017. [ more ]

Theregister

Free Rhysida ransomware recovery tool published

Researchers have discovered a vulnerability in the random number generator used by the Rhysida ransomware, allowing them to decrypt victims' data.

A free recovery tool has been released by the Korea Internet and Security Agency (KISA) to help victims of the Rhysida ransomware. [ more ]

Theregister

Jet engine dealer to major airlines discloses cyber snafu

Willis Lease Finance Corporation suffered a cybersecurity incident that led to data being posted on a ransomware group's leak blog.

The company took swift action to contain and remediate the incident, and believes it has fully contained the unauthorized activity. [ more ]

WIRED

How 3 Million 'Hacked' Toothbrushes Became a Cyber Urban Legend

AI surveillance software tracked people on the London Underground to detect crime

Ransomware payments reached a record-breaking $1.1 billion in 2023 [ more ]

ReadWrite

U.S. insights company shows ransomware hackers drew in $1bn across 2023

Ransomware hackers extorted $1bn across 2023, a significant increase from the previous year.

The biggest ransomware attack of 2023 was carried out by the CL0P Ransomware Gang, exploiting a 'Zero-Day' vulnerability. [ more ]

Iapp