Newsletter Archive - "eCrime.ch Ransomware Highlights"
For 2024-04-28
|
Article language: in English - Industry: Freight and Package Transportation - Organisation/company: Arawak Port Development Ltd. / Nassau Container Port
|
|
Important Notice: Service Interruption Due to Security Incident | Nassau Container Port
2024-04-26 |
|
On April 18th, our systems experienced a ransomware attack that temporarily disrupted our usual operations. The impact is unknown at this time; however, we continue to assess and manage the situation to minimise the impact to our customers and partners. Please be assured that we are treating this matter with the utmost seriousness and urgency.
|
|
|
|
Actor/variant: Cactus - Article language: in English
|
|
Sifting through the spines: identifying (potential) Cactus ransomware victims – Fox-IT International blog
2024-04-25 |
|
The effectiveness of the public-private partnership called Melissa [2] is increasingly evident. The Melissa partnership, which includes Fox-IT, has identified overlap in a specific ransomware tactic. Multiple partners, sharing information from incident response engagements for their clients, found that the Cactus ransomware group uses a particular method for initial access. Following that discovery, NCC Group’s Fox-IT developed a fingerprinting technique to identify which systems around the world are vulnerable to this method of initial access or, even more critically, are already compromised.
|
|
|
|
Actor/variant: LockBit 3.0 - Article language: in English
|
|
Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News
2024-04-25 |
|
Convicted cybercriminal Mikhail Vasiliev has been sentenced to nearly four years in jail after pleading guilty last month to eight counts of cyber extortion, mischief and weapons charges.
|
|
|
|
Article language: in English
|
|
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
2024-04-25 |
|
The program would warn organizations running software or hardware with vulnerabilities being exploited by ransomware gangs.
The Cybersecurity and Infrastructure Security Agency plans to fully launch by year’s end an automated vulnerability warning program to alert organizations that are running software with vulnerabilities being exploited by ransomware gangs, the agency’s director, Jen Easterly, said Wednesday. |
|
|
|
Article language: in English
|
|
Coalition reveals uptick in cyber insurance claims driven by ransomware in 2023 - SiliconANGLE
2024-04-24 |
|
As ransomware payments hit $1 billion globally, Coalition ransomware severity dropped by 54%. Ransomware severity, frequency, and demands all dropped in 2H 2023, though not enough to offset the surge in 1H.
Ransomware frequency was up 15% YoY, and severity was up 28%, to an average loss of more than $263,000. When policyholders found it reasonable and necessary to pay a ransom, Coalition helped policyholders negotiate demand amounts down by an average of 64%. |
|
|
|
Article language: in English
|
|
Ransomware Evolution | How Cheated Affiliates Are Recycling Victim Data for Profit
2024-04-24 |
|
Learn how data leak site operators like RansomHub and Dispossessor are feeding a new extortion cycle as the ransomware ecosystem evolves.
|
|
|
|
Article language: in English
|
|
Ransomware Task Force: Doubling Down
2024-04-24 |
|
In April 2021, the Ransomware Task Force (RTF) published Combating Ransomware: A Comprehensive Framework for Action (“the Report”), which outlined 48 recommendations for industry, government, and civil society to undertake in order to deter and disrupt the ransomware ecosystem, and to help entities prepare for and respond to attacks at scale. In the three years since its publication, we have continued to see governments and the private sector step up commitments to addressing this threat. However, ransomware remains a major national security threat based on its cost to the economy and impact on critical services availability. The rate and scale of attacks is not diminishing and may be growing. For the first time ever, Chainalysis reported that ransomware payments had surpassed $1 billion in 2023.
|
|
|
|
Article language: in English
|
|
Ransomware Groups are Rebranding - As ‘Services’
2024-04-24 |
|
Ransomware groups are rebranding and making friends with businesses. This was one of the key points made by cybersecurity expert Lisa Forte, partner at Red Goat Cybersecurity, when she mounted the stage to discuss Risk: From Mountain Top to Board Rooms at this year’s Qualys EMEA Security Conference, London.
In her opening remark, Forte highlighted that for business leaders to make key cybersecurity decisions toward de-risking their business operations, they need to factor in these elements: identifying and understanding risk, detecting vulnerability, and ‘prioritize and remediate,’ ‘respond and monitor.’ |
|
|
|
Article language: in English
|
|
Hackers use developing countries as testing ground for new ransomware attacks
2024-04-24 |
|
Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia and South America before targeting richer countries that have more sophisticated security methods.
Hackers have adopted a “strategy” of infiltrating systems in the developing world before moving to higher-value targets such as in North America and Europe, according to a report published on Wednesday by cyber security firm Performanta. |
|
|
|
Article language: in English
|
|
Veeam Launches Most Complete Support for Ransomware - from Protection to Response and Recovery - with Acquisition of Coveware
2024-04-23 |
|
Coveware by Veeam will bring industry-leading cyber-extortion incident response services and proactive enterprise preparedness to Veeam’s existing ransomware protection and recovery capabilities. Coveware will offer forensics and remediation capabilities through the Veeam Data Platform, as well as proactive services to Veeam Cyber Secure customers
|
|
|
|
Article language: in English
|
|
City of Sydney caught in OracleCMS breach | Information Age | ACS
2024-04-23 |
|
The personal details of thousands of individuals and data held by a number of public institutions have been posted online after a call centre operator was hacked by an infamous ransomware gang.
Lockbit has now targeted OracleCMS, which operates call centres for a number of clients across Sydney, Melbourne, Brisbane, Perth and Adelaide. |
|
|
|
Article language: in English
|
|
Singapore records 741 ransomware attacks in 2023
2024-04-23 |
|
Overall, 287,413 ransomware incidents targeted businesses across Southeast Asia (SEA) from January to December 2023.
Singapore experienced 741 ransomware incidents in 2023, according to data from Kaspersky cybersecurity solutions. |
|
|
|
Actor/variant: RansomHub - Article language: in English - Industry: IT Services and IT Consulting
|
|
Change Healthcare Finally Admits It Paid Ransomware Hackers—and Still Faces a Patient Data Leak | WIRED
2024-04-23 |
|
The company belatedly conceded both that it had paid the cybercriminals extorting it and that patient data nonetheless ended up on the dark web.
More than two months after the start of a ransomware debacle whose impact ranks among the worst in the history of cybersecurity, the medical firm Change Healthcare finally confirmed what cybercriminals, security researchers, and Bitcoin's blockchain had already made all too clear: that it did indeed pay a ransom to the hackers who targeted the company in February. And yet, it still faces the risk of losing vast amounts of customers' sensitive medical data. |
|
|
|
|
|
Carpetright is latest British business to be hit by cyber attack as hackers target company HQ to affect hundreds of customer orders | Daily Mail Online
2024-04-22 |
|
Flooring chain Carpetright is the latest British business to be hit by a cyber attack affecting hundreds of customer orders.
Hackers targeted the company HQ in Purfleet, Essex on Tuesday, sending malware to gain unauthorised access. Carpetright's network was taken offline due to the cyber attack but bosses insist that the virus was isolated before any data was swiped. However phone lines are still down with callers met with the automated message 'Thank you for your patience while we work on a solution'. |
|
|
|
Article language: in German - Industry: IT Services and IT Consulting - Organisation/company: Swisspro AG
|
|
Cyberangriff auf BKW-Tochter Swisspro
2024-04-23 |
|
Das Unternehmen bestätigt uns einen Ransomware-Angriff.
Anfang April sind die zur BKW Building Solutions Gruppe gehörenden Swisspro-Gesellschaften Ziel eines Cyberangriffs geworden. Dies bestätigt das Unternehmen auf Anfrage von inside-it.ch. "Auf der alten IT-Umgebung der Swisspro wurde Ransomware entdeckt", schreibt die BKW-Medienstelle. |
|
|
|
Article language: in Italian - Industry: Medical and Diagnostic Laboratories - Organisation/company: Synlab Italia srl
|
|
Siamo ad informarvi dell’avvenuto attacco cybercriminale di tipo ransomware
2024-04-22 |
|
L’attacco si è verificato nelle prime ore del 18/04/2024 e SYNLAB ne è venuto effettivamente a conoscenza alle ore 07.00. Appena venuti a conoscenza, il reparto IT ha provveduto all’esclusione dell’intera infrastruttura aziendale dalla rete e allo spegnimento di tutte le macchine nel rispetto delle procedure di sicurezza informatica aziendali.
|
|
|
|
Actor/variant: Mallox - Article language: in Korean
|
|
TargetCompany 공격자의 MS-SQL 서버 공격 사례 분석 (Mallox, BlueSky 랜섬웨어) - ASEC BLOG
2024-04-22 |
|
AhnLab SEcurity intelligence Center(ASEC)은 최근 MS-SQL 서버를 대상으로 한 공격들을 모니터링하던 중 TargetComapny 랜섬웨어 그룹이 Mallox 랜섬웨어를 설치하고 있는 사례를 확인하였다. TargetComapny 랜섬웨어 그룹은 주로 부적절하게 관리되는 MS-SQL 서버를 공격하여 Mallox 랜섬웨어를 설치하고 있다. 이러한 공격은 수 년째 지속되고 있지만 여기에서는 새롭게 확인된 악성코드를 통해 과거 Tor2Mine 코인 마이너, BlueSky 랜섬웨어를 유포했던 공격 사례와의 연관성을 정리한다.
이번 공격은 기존 사례들과 유사하게 부적절하게 관리되고 있는 MS-SQL 서버가 그 대상이 되었다. 공격자는 무차별 대입 공격 및 사전 공격으로 MS-SQL 서버를 공격한 것으로 추정되며 SA 계정에 로그인한 이후 Remcos RAT을 설치하였다. 공격이 이루어지고 4시간이 지난 후에는 Remcos RAT을 이용해 원격 화면 제어 악성코드를 추가적으로 설치하였다. 공격자는 이러한 악성코드들을 통해 감염 시스템을 조사하고 정보를 탈취하였을 것으로 추정된다. 그리고 또 다른 공격에서는 29시간이 지난 후 Mallox 랜섬웨어를 설치하여 감염 시스템을 암호화하려고 시도하였다. |
|
|
|
Article language: in Swedish - Industry: Transportation, Logistics, Supply Chain and Storage - Organisation/company: Skanlog A/S
|
|
Leverantör utsatt för hackerattack – varubrist hotar Systembolaget
2024-04-23 |
|
Logistikbolaget Skanlog blev utsatt för en ransomware-attack vilket kan leda till varubrist på Systembolaget.
|
|
|