Ransomware

The US Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) has released a brief detailing the tactics and techniques used by the Royal and Black Cat ransomware. HC3 says that both strains of ransomware have been used to “aggressively target” the US health sector. Note Read the analysis even if …

Norwegian ship classification society DNV says it has taken its ShipManager’s IT servers offline following a ransomware attack. DNV estimates that the incident may have affected as many as 1,000 vessels. The organization says that “all users can still use the onboard, offline functionalities of the ShipManager software.” [A ship classification society “is a non-governmental …

Updated on 2023-01-06: Texas Emergency Medical Services Agency Breach Affects More than 600,000 People MedStar Mobile Healthcare, which provides ambulance services to 15 cities in Tarrant County, Texas, has disclosed a data breach. The incident affected sensitive health data for some of the organization’s patients. The breach affects as many as 612,000 people. The incident …

Updated on 2023-01-08: MegaCortex decrypter Romanian antivirus maker Bitdefender has published a decrypter for the MegaCortex ransomware that will allow past victims to recover their encrypted files without paying the ransom. Updated on 2023-01-06:: MegaCortex Ransomware Decryptor A decryptor for the MegaCortex ransomware is now available. The tool was developed as a joint effort by …

CentraState Medical Center in New Jersey is operating under electronic health record (EHR) downtime following a cybersecurity incident that began last month. The medical center is also sending patients to other hospitals in the area due to the IT disruptions. Note Despite LockBit’s actions, hospitals and medical remain top targets for attackers. Even so, don’t …

Updated on 2023-01-04: The Guardian is Still Working to Recover From Cyber Incident UK news publication The Guardian is still working to recover from a “serious network disruption” due to what is likely a ransomware attack that began on December 21. Two weeks after the fact, employees are being told to continue to work from …

Updated on 2023-01-03: Rail Technology Company Wabtec Suffers Apparent Ransomware Attack In June 2022, rail technology company Wabtec learned of suspicious activity on its network and following an investigation, learned that intruders had managed to install malware on the company’s systems in mid-March 2022. Wabtec determined that sensitive data, including non-US national ID numbers, non-US …

Updated on 2023-01-05: Port of Lisbon ransomware attack The administration of the port of Lisbon (Portugal) suffered a ransomware attack over Christmas. The port’s activity wasn’t disrupted. However, the subsequent disruptions were caused by a planned workers’ strike. Updated on 2022-12-29: Port of Lisbon Hit with Cyberattack The Port of Lisbon (Portugal) has confirmed that …

Updated on 2022-12-30: Canadian Mining Company Hit with Ransomware Canada’s Copper Mountain Mining Corporation (CMMC) suffered a ransomware attack in late December. CMMC isolated affected systems and took other systems down as a precaution. The company’s mill was shut down so engineers could determine whether its control systems were affected. Note Copper Mountain had predefined …

Updated on 2023-01-11 SF BART ransomware The San Francisco Bay Area Rapid Transit (BART) is investigating an intrusion of its IT network after the Vice Society ransomware gang claimed to have compromised the agency via a blog post on their dark web leak site. The agency’s spokesperson told The Record that “no BART services or …

Ohio’s state Supreme Court has ruled that ransomware is not physical damage and is therefore not covered under a property insurance policy held by EMOI, an Ohio medical billing company. The court overturned a lower court ruling, finding in favor of Owners Insurance Company. Note Fully understand your cyber insurance limitations, including scheduling regular reviews …

Updated on 2023-01-05: SickKids ransomware attack The LockBit ransomware gang has apologized for its attack on the Sick Kids Hospital chain and released a free decrypter to help the victim recover files without paying. Updated on 2023-01-02 LockBit apologized for the attack on SickKids, Canada, and released a free decryptor for the hospital. It claimed …

Updated on 2022-12-22: Ransomware strains go Rust The Agenda (Qilin) and the Nokoyawa ransomware strains have been ported to Rust, following in the footsteps of BlackCat, Hive, and RansomExx. Read more: Agenda Ransomware Uses Rust to Target More Vital Industries Nokoyawa Ransomware: Rust or Bust Overview: Nokoyawa ransomware Fortinet has published a report on the …

Updated on 2022-12-22 The FBI warned against threat actors using search engine ads to promote websites propagating ransomware or exfiltrating login credentials from crypto exchanges and financial institutions. Read more: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users Overview: FBI recommends ad blockers In a PSA this week, the FBI recommended …

Updated on 2022-12-29 Play ransomware Fortinet researchers have a technical breakdown of the new Play ransomware operation. Read more: Ransomware Roundup – Play Ransomware Updated on 2022-12-23 Palo Alto Networks Unit 42 researchers observed the active exploitation of the OWASSRF vulnerability. So far, eight organizations have seen the exploitation activity against Microsoft Exchange servers. Read …