yaracroft @venom@nanao.cybtex.fr
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
Steamship Authority (steamshipauthority.com) Nantucket targeted in #ransomware attack and Martha's Vineyard passengers may be hit by delays. The United States has experienced a soar in #cyber attacks during recent weeks.
Union Community School District publicly silent after threat actors dump files on dark web. In a year when they were already dealing with COVID-19 and then accusations that a teacher had improper emails with students, Union Community School District in Iowa found itself with a third major challenge - a #ransomware attack. But whereas the district has publicly acknowledged and discussed its response to the first two challenges, they seem to have maintained radio silence about the cybersecurity incident.
Les intrus disent être restés plus d'un mois dans le Système d'Information de la société ExaGrid Systems, Inc (exagrid.com) avant de déclencher la phase finale de leur attaque. Ils ont ainsi obtenu avec brio le paiement net de 2,6 millions de dollars. ExaGrid a construit sa dernière campagne marketing sur le développement d'une fonction « Retention Time-Lock for Ransomware Recovery » permettant d'après elle d'empêcher les pirates informatiques et autres #ransomware d'effacer des données sensibles protégées. #relaliation
Zeppelin #ransomware : All phones and computers across Waikato DHB (waikatodhb.health.nz) have been taken down by a cyber security incident, leaving clinical services scrambling.
#Ransomware #Avaddon : un butin d'au moins un million de dollars depuis le début du mois de mai 2021
Agrius hacking group has shifted from using purely destructive wiper #malware to a combination of wiper and #ransomware functionality. Don't be fooled, Agrius intentionally masked their « activity » as a ransomware attack. This group is state-sponsored and it'slikely to be of Iranian origin
The continually increasing frequency and severity of cyberattacks, especially ransomware attacks, have led insurers to reduce cyber coverage limits for certain riskier industry sectors [...] and for public entities and to add specific limits on #ransomware coverage
The findings come amid a period of unprecedented scrutiny for the #cyber #insurance #industry, as multimillion-dollar ransoms come to light and cybercriminals appear to target insurers for a list of their clients to extort.
CNA Financial, a major U.S. insurer, paid its digital extortionists $40 million in what some analysts described as a record ransom. Meanwhile, Colonial Pipeline, the main artery for delivering fuel to the East Coast, paid hackers $4.4 million for decryption keys.
https://www.cyberscoop.com/cyber-insurance-ransom-hack-payments-gao/
Une partie des systèmes informatiques et téléphoniques du groupe français Berger-Levrault (berger-levrault.com) partiellement paralysée suite à une attaque informatique avec utilisation de #ransomware. De grands comptes du secteur industriel, immobilier, transports, santé,.. utilisent quotidiennement les solutions logicielles développées par CARL Software qui, depuis 2018, est devenu CARL Berger-Levrault (carl-software.com), actuel leader européen et n°1 en #France en GMAO & EAM.
Newly discovered function in #DarkSide #ransomware variant targets disk partitions - At the time of discovery, FortiGuard Labs researchers believed the ransomware was seeking out partitions to find possible hidden partitions setup by systems administrators to hide backup files. But further analysis confirmed an even more advanced technique. This DarkSide variant seeks out partitions on a multi-boot system to find additional files to encrypt, thereby causing greater damage.
DarkSide ransomware code is efficient and well-constructed, indicating that their cybercriminal organization includes experienced software engineers
This ransomware variant (NOT the version used to disrupt Colonial Pipeline operations) is advanced in nature and was observed to seek out partitions in a multi-boot environment to create further damage. It also seeks out the domain controller and connects to its active directory via LDAP anonymous authentication.
Additional insight on the files used by, and associated with, DarkSide was uncovered by the FortiGuard Incident Response team during recent engagements.
The use of a well-known bulletproof host that has been used by a wide variety of malicious actors for numerous nefarious activities over the years, including the 2016 DNC elections attack in the United States.
Une partie des systèmes informatiques et téléphoniques du groupe français Stelliant (stelliant.com) partiellement paralysée suite à une attaque informatique. Créé en 1987, le Groupe Stelliant est un spécialiste des services à l'assurance. Les assureurs en ligne de mire. Récemment, les opérateurs du #ransomware #Avaddon a revendiqué une attaque sur une filiale asiatique du groupe international français AXA. Ils auraient exfiltrés plus de 3 téraoctets de données sensibles. Un timing qui fait suite à l'annonce de l'arrêt de la couverture du contrat #assurance « risques cyber » portant sur les ransomware.
#Darkside, the #ransomware group that disrupted gasoline distribution across a wide swath of the U.S this week—has gone dark, leaving it unclear if the group is ceasing, suspending, or altering its operations or is simply orchestrating an exit scam.
Toshiba unit hacked by #DarkSide #ransomware group - more than 740 GiB of information were compromised and included passports and other personal information.
Avaddon #ransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from AXA's Asian operations. Avaddon's announcement of the attack on AXA's systems comes roughly a week after AXA had stated that their cyber-insurance policies written in #France would no longer include reimbursement for ransomware extortion payouts.
#Ransomware - Schools, hospitals, companies are targeted by « cyber weapons of mass destruction »
El Ayuntamiento de Oviedo ha puesto en conocimiento del Centro Nacional de Inteligencia lo sucedido para buscar Lo que se denomina ransomware es un tipo de ciberataque que logra colocar en un equipo un programa que encripta los datos e impide su acceso a ellos. Se trata, según confirmaron fuentes municipales, de un ciberataque con #ransomware, del mismo tipo del que sufrió hace dos meses el SEPE.
A reported #ransomware attack on MedNetwoRX has impeded some customers' access to their Aprima electronic #health record systems for more than two weeks.
https://www.healthcareitnews.com/news/reported-ransomware-attack-leads-weeks-aprima-ehr-outages
On March 22, 2021, ATC discovered that it was the target of a #ransomware attack in which an unauthorized actor used #malware to encrypt certain servers.
http://atctransportation.com/noticeofdatasecurityincident.aspx
CISA is aware of a recent successful cyberattack against an organization using a new #ransomware variant, which CISA refers to as FiveHands. Threat actors used publicly available penetration testing and exploitation tools, FiveHands ransomware, and SombRAT remote access trojan (RAT), to steal information, obfuscate files, and demand a ransom from the victim organization.
CISA is aware of a recent successful cyberattack against an organization using a new #ransomware variant, which CISA refers to as FiveHands. Threat actors used publicly available penetration testing and exploitation tools, FiveHands ransomware, and SombRAT remote access trojan (RAT), to steal information, obfuscate files, and demand a ransom from the victim organization.
U.S. defense contractor BlueForce (blueforceinc.com) has apparently been hit in a #ransomware attack, according to a Conti ransomware chat and Hatching Triage sample.
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
yaracroft recommande :
