Newsletter Archive - "eCrime.ch Ransomware Highlights"
For 2026-01-28
|
|
|
2026-01-23 Wisner Baum Data Breach Notice to Consumers
2026-01-27 |
|
What Happened: Like many other organizations, we recently identified unauthorized access to certain computer systems and immediately took steps to secure and protect your information. We first became aware of the incident on October 9, 2025, when we detected unusual activity on our computer network. We immediately secured our systems and engaged independent cybersecurity professionals to assist. The investigation determined that an unauthorized third party accessed our network between October 8 and October 9, 2025, and may have obtained certain files.
|
|
|
|
Article language: in English - Industry: Museums, Historical Sites, and Zoos - Organisation/company: Staatlichen Kunstsammlungen Dresden
|
|
Dresden State Art Collections pummeled by cyber incident
2026-01-27 |
|
Germany's Dresden State Art Collections, or SKD which manages 15 museums and is among the oldest museum networks in Europe had its online ticket sales, visitor services, and shop disrupted by a cyberattack last week, according to The Record, a news site by cybersecurity firm Recorded Future.
While digital and phone services have been limited by the intrusion, SKD continues to accept visitors, with tickets purchased online prior to the incident scannable on site. Additional details regarding the attack's perpetrators and motives, as well as the timeline of total systems restoration, remain uncertain. However, SKD emphasized that its physical and technical security systems were not impacted by the intrusion. |
|
|
|
Article language: in English - Industry: Financial Services - Organisation/company: Enviro-Hub Holdings Ltd.
|
|
Enviro-Hub Reports Ransomware Attack With No Material Operational Impact So Far
2026-01-27 |
|
Enviro-Hub Holdings Ltd. has shared an announcement.
Enviro-Hub Holdings has disclosed that its group servers were recently hit by a ransomware attack, with an unknown party gaining unauthorised access to its systems. The company says it moved quickly to contain and remediate the breach, brought in external cybersecurity experts, and, based on preliminary assessments, does not expect any material impact on its business operations at this stage. The group has reported the incident to Singapore’s Personal Data Protection Commission and is continuing investigations, while advising shareholders and potential investors to exercise caution in trading its shares as it monitors for any further material developments. |
|
|
|
Article language: in English - Industry: Hospitals and Health Care
|
|
Annual Threat Report - Health Sector 2026 - Health-ISAC - Health Information Sharing and Analysis Center
2026-01-26 |
|
The report features insights from the Health-ISAC Ransomware Events Database, Indicator Sharing program, Physical Security, and Targeted Alerts initiative, showcasing the community-felt impacts of major threats to the global health sector in 2025.
The report features data-driven insights from the Health-ISAC Ransomware Events Database, Physical Security assessments, and the Targeted Alerts initiative, which distributed more than 1,200 warnings to the sector in 2025. These findings showcase the community-felt impacts of major threats, including the rise of AI-driven attacks and significant supply chain vulnerabilities. |
|
|
|
Article language: in English
|
|
A Romanian has been sentenced in France to 4 years in prison for ransomware cyberattacks, with damages amounting to nearly 1 million euros.
2026-01-24 |
|
Alexandru M., a 44-year-old Romanian, was sentenced in Paris to 5 years in prison, of which 1 year is suspended, for his involvement in cyberattacks with the ransomware 'Umbrella', which targeted companies in Europe. Arrested and extradited to France in June 2024, he was held in custody, and the court also imposed a 3-year ban on possessing weapons, as well as the confiscation of assets.
The investigation was triggered after complaints related to attacks that affected various companies and local communities, causing estimated damages of nearly 1 million euros. Similar attacks were reported in Germany, Spain, Italy, and Sweden between 2020 and 2024, and judicial proceedings were extended internationally. Another defendant, Toma D., was acquitted in this case. |
|
|
|
Article language: in English - Industry: Government Administration - Organisation/company: Winona County, MN
|
|
Winona County suffers ransomware attack | News | winonapost.com
2026-01-24 |
|
Winona County was the victim of a ransomware attack this week, affecting computer networks and phone systems. Many of the county’s phone lines and at least some internal networks are down, county staff said. Emergency communications including 911 are still operational.
“We recently identified and responded to a ransomware incident affecting our computer network,” County Administrator Maureen Holte wrote in a statement on Friday afternoon. “Upon discovery, we immediately initiated an investigation to assess the scope and impact of the incident. We are working closely with third-party cybersecurity and data forensics experts and local, state and federal law enforcement. Our IT Department and cybersecurity team are actively testing and analyzing our systems. … We will provide an update when more information becomes available and thank you for your patience as we implement business continuity measures.” |
|
|
|
Actor/variant: ShinyHunters - Article language: in English
|
|
Okta SSO accounts targeted in vishing-based data theft attacks
2026-01-23 |
|
Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft.
|
|
|
|
Actor/variant: Zeppelin - Article language: in English
|
|
Leader of ransomware crew pleads guilty to four-year crime spree | CyberScoop
2026-01-23 |
|
Russian national pleaded guilty to leading a ransomware conspiracy that targeted at least 50 victims during a four-year period ending in August 2022.
Ianis Aleksandrovich Antropenko began participating in ransomware attacks before moving to the United States, but conducted many of his crimes while living in Florida and California, where he’s been out on bond enjoying rare leniency since his arrest in 2024. Antropenko pleaded guilty in the U.S. District Court for the Northern District of Texas earlier this month to conspiracy to commit money laundering and conspiracy to commit computer fraud and abuse. He faces up to 25 years in jail, fines up to $750,000 and is ordered to pay restitution to his victims and forfeit property. |
|
|
|
Actor/variant: Osiris - Article language: in English
|
|
Osiris: New Ransomware, Experienced Attackers?
2026-01-22 |
|
A new ransomware family called Osiris was used in an attack targeting a major food service franchisee operator in Southeast Asia in November 2025.
While this Osiris ransomware shares a name with a ransomware family from 2016, which was a variant of the Locky ransomware, there is no indication that there is any link between these two families. Investigation by the Symantec and Carbon Black Threat Hunter Team found that this threat is unique and appears to be a completely new ransomware family. Nothing is known yet about who developed Osiris and if it is run as a ransomware-as-a-service (RaaS) but there are some indications that the attackers who used it were previously associated with Inc ransomware. A wide range of living off the land and dual-use tools were used in this attack, as was a malicious Poortry driver, which was likely used as part of a bring-your-own-vulnerable-driver (BYOVD) attack to disable security software. The exfiltration of data by the attackers to Wasabi buckets, and the use of a version of Mimikatz that was previously used, with the same filename (kaz.exe), by attackers deploying the Inc ransomware, point to potential links between this attack and some attacks involving Inc. |
|
|
|
Article language: in German - Industry: Ground Passenger Transportation - Organisation/company: Verkehrsgesellschaft Main-Tauber
|
|
VGMT und Mobilitätszentrale von Cyberangriff betroffen / Main-Tauber-Kreis
2026-01-24 |
|
Die Geschäftsstelle der Verkehrsgesellschaft Main-Tauber (VGMT) sowie die Mobilitätszentrale in Lauda sind Ziel eines Cyberangriffs mit einer Schadsoftware geworden. Dies ist am Mittwochmorgen festgestellt worden. Nach aktuellem Kenntnisstand wurden Server und Dateien im Netz der Verkehrsgesellschaft verschlüsselt. Ob es zu einem Abfluss von gespeicherten Daten kam, ist zum jetzigen, frühen Zeitpunkt unklar. Dies gehört zum Gegenstand der weiteren Ermittlungen.
|
|
|
|
Article language: in German - Industry: Entertainment Providers - Organisation/company: Energy Gruppe Schweiz
|
|
Radio Energy Hacker Angriff: 85'000 Menschen betroffen
2026-01-22 |
|
Das grösste Privatradio der Schweiz wurde am Dienstag gehackt. Betroffen sind Gewinnerinnen und Gewinner von Konzerttickets.
|
|
|