ransomware
Highline Public Schools confirms ransomware behind shutdown
On Thursday, K-12 school district Highline Public Schools confirmed that a ransomware attack forced it to shut down all schools in early September. Highline Public Schools has over 2,000 staff members and offers programs ranging from early childhood education to college preparation. It serves over 17,500 students across 34 schools in the Burien, Des Moines, […]
Evil Corp hit with new sanctions, BitPaymer ransomware charges
The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks. In 2019, the United States sanctioned seventeen individuals and seven entities linked to the Evil Corp gang, including the group’s leader, Maksim Yakubets. Today, the US Treasury’s […]
Fake browser updates spread updated WarmCookie malware
A new ‘FakeUpdate’ campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie backdoor. FakeUpdate is a cyberattack strategy used by a threat group known as ‘SocGolish’ who compromises or creates fake websites to show visitors fake update prompts for a variety of applications, such […]
Ransomware attack forces UMC Health System to divert some patients
Texas healthcare provider UMC Health System was forced to divert some patients to other locations after a ransomware attack impacted its operations. In an announcement published on its website late last week, which is offline at the time of writing, UMC disclosed it is responding to an IT outage impacting its network. While facilities remain […]
JPCERT shares Windows Event Log tips to detect ransomware attacks
Japan’s Computer Emergency Response Center (JPCERT/CC) has shared tips on detecting different ransomware gang’s attacks based on entries in Windows Event Logs, providing timely detection of ongoing attacks before they spread too far into a network. JPCERT/CC says the technique can be valuable when responding to ransomware attacks, and identifying the attack vector among various […]
Embargo ransomware escalates attacks to cloud environments
Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. The threat actor first emerged in 2021 as a ransomware affiliate for the Sabbath ransomware operation. Later they started to deploy file-encrypting malware from Hive, BlackCat, LockBit, and Hunters International gangs. […]
AutoCanada says ransomware attack “may” impact employee data
AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang. Although the firm says it has detected no fraud campaigns targeting impacted individuals, it is sending notifications to alert affected people of potential risks. In mid-August, the car dealership company disclosed that it had […]
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
Kawasaki Motors Europe has announced that it’s recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data. The company says the attack targeted its EU headquarters, and it is currently analyzing and cleaning any “suspicious material,” such as malware, that may still be lurking on systems. “At the […]
RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software
The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to disable endpoint detection and response (EDR) services on target systems. After taking down the defenses, RansomHub deployed the LaZagne credential-harvesting tool to extract logins from various application databases that could help move laterally on the network. TDSSKiller abused in ransomware attacks Kaspersky […]
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. The most severe of the problems addressed is CVE-2024-40711, a critical (CVSS v3.1 score: 9.8) remote code execution (RCE) vulnerability on Veeam […]