Ransomware Gang Claims Attack on Capital Health

January 9, 2024 at 09:06AM The LockBit ransomware gang claimed responsibility for a November 2023 cyberattack on Capital Health. The healthcare organization restored all systems and services following an investigation of the incident. The gang stole over 10 million files including medical confidentiality data, and threatened to make the information public unless a ransom of … Read more

The Week in Ransomware – December 29th 2023 – LockBit targets hospitals

December 29, 2023 at 03:40PM Summary: This week, there was minimal research on ransomware, with focus on new attacks and LockBit affiliates targeting hospitals. Notable incidents include Yakult Australia’s cyber incident, Ohio Lottery’s system shutdown, LockBit attacks on German hospitals, and new ransomware variants discovered by PCrisk. Microsoft again disabled a protocol handler due to … Read more

Ransomware Attacks in November Rise 67% From 2022

December 21, 2023 at 05:47PM Global ransomware attacks increased by 30% in November, totaling 442, exceeding 4,276 for 2023. Industrials (33%), Consumer Cyclicals (18%), and Healthcare (11%) were the most targeted sectors. North America (50%) remains the most targeted region. LockBit was the most active threat actor, with Carbanak making a resurgence in November. From … Read more

The Week in Ransomware – December 15th 2023 – Ransomware Drama

December 15, 2023 at 04:21PM Summary: Over the past two weeks, there have been notable developments in the ransomware landscape. The BlackCat/ALPHV drama continues, with affiliates reaching out to victims directly. The LockBit operation is exploiting this situation for recruitment. Various ransomware attacks and law enforcement actions have also been reported. Lastly, new ransomware variants … Read more

LockBit ransomware now poaching BlackCat, NoEscape affiliates

December 13, 2023 at 01:25PM LockBit ransomware operation is recruiting affiliates and developers from the recently disrupted BlackCat/ALPHV and NoEscape operations. NoEscape’s exit scam has raised concerns of lost ransom payments and decryption keys for victims, while BlackCat/ALPHV suffered a disruption possibly related to law enforcement. LockBitSupp, LockBit’s manager, seeks to recruit affiliates and a … Read more

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

November 22, 2023 at 12:36AM LockBit ransomware affiliates are actively exploiting a critical security flaw in Citrix NetScaler appliances to gain initial access to target environments. The flaw, known as Citrix Bleed, allows threat actors to bypass password requirements and multifactor authentication, enabling session hijacking and unauthorized access to data. The vulnerability, tracked as CVE-2023-4966, … Read more

Canadian government discloses data breach after contractor hacks

November 20, 2023 at 12:27PM The Canadian government has reported that two of its contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, were hacked, resulting in the exposure of sensitive information belonging to government employees. The breach, reportedly attributed to the LockBit ransomware gang, has affected data dating back to … Read more

In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit

November 17, 2023 at 11:15AM SecurityWeek’s weekly roundup highlights several cybersecurity stories. The world-renowned law firm Allen & Overy experienced a data breach by the LockBit ransomware group. The largest bank in China, Industrial and Commercial Bank of China, allegedly paid a ransom to the LockBit gang. Europol aided in the takedown of a vishing … Read more

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

November 16, 2023 at 08:12AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and MS-ISAC have issued an advisory about the Rhysida ransomware. The threat actors behind Rhysida use a ransomware-as-a-service model and target organizations in various sectors. They exploit VPNs, the Zerologon vulnerability, and phishing campaigns to gain access to networks. Rhysida … Read more

Royal Mail’s recovery from ransomware attack will cost business at least $12M

November 16, 2023 at 07:39AM Royal Mail’s parent company, International Distribution Services (IDS), has disclosed that the ransomware attack it experienced in January will cost the company approximately £10 million ($12.4 million) in improvements to its Heathrow Worldwide Distribution Centre. Although the total costs related to the attack are expected to be higher, IDS has … Read more