OH: Shaker Heights City School District discloses hacking incident

Shaker Heights City School District in North Carolina has notified the Maine Attorney General’s Office and the Montana Attorney General’s Office of a data security incident. The incident was discovered on January 30, 2022, but the investigation revealed that it had begun as early as September 1, 2021. Data were exfiltrated as part of...

Hacker and Ransomware Designer “Nosophoros” Charged for Use and Sale of Ransomware, and Profit Sharing Arrangements with Cybercriminals

A criminal complaint was unsealed today in federal court in Brooklyn, New York, charging Moises Luis Zagala Gonzalez (Zagala), also known as “Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” a citizen of France and Venezuela who resides in Venezuela, with attempted computer intrusions and conspiracy to commit computer intrusions.  The charges stem from Zagala’s use and sale...

MS: Vicksburg-Warren School District sends notifications for “Grief” ransomware incident in 2021

On May 12, 2022, Vicksburg-Warren School District in Mississippi issued a breach notification. Its explanation begins, “On or around May 28, 2021, VWSD detected unusual activity within its digital environment.” Investigation revealed that files with personal information “may have been accessed or acquired.” The “may have been” seems a bit vague given that threat actors...

Ca: Elgin data breach ‘devastating’ for victims; county not transparent about incident – Cavoukian

Norman de Bono reports: Personal information for 330 people, some of it highly sensitive, was compromised by a “cyber-security incident” that knocked out Elgin County’s website and email system for nearly a month, the county said. Personal and employment information for county employees and some long-term care residents and former residents was dumped into...

UK: Cornwall Council Data Breach

The Cornwall council accidentally published the personal details of five schoolchildren in publicly accessible meeting documents. Cornwall Council has apologized for the data breach, including their names, addresses, and dates of birth. It made the error when it published online documents for a meeting of its School Transport Appeals Committee. Source: InformationSecurityBuzz.

Conti abandons all pretense at professionalism, issues increasingly strident threats as Costa Rica struggles

Conti ransomware actors have created a national emergency in Costa Rica, where the government declared a state of emergency. Multiple government agencies have reportedly been impacted by an attack in April and the government’s refusal to pay the ransom demands. Kevin Collier of NBC reported: The official declaration, published on a government website Wednesday, said that the...

How to Fight Foreign Hackers With Civil Litigation

Kellen Dwyer, Kim Peretti, and Emily Skahill of Alston & Bird write: The Department of Justice dealt a blow to global cybercrime on April 6 with the takedown of a massive botnet controlled by “Sandworm”—the Russian General Staff Main Intelligence Directorate (GRU) unit responsible for the 2017 NotPetya attack, among others. This operation reflects...

Italy prevents pro-Russian hacker attacks during Eurovision contest

Reuters reports: Italian police thwarted hacker attacks by pro-Russian groups during the May 10 semi-final and Saturday final of the Eurovision Song Contest in Turin, authorities said on Sunday. Ukraine’s Kalush Orchestra won the contest with their entry “Stefania”, riding a wave of public support to claim an emotional victory that was welcomed by...

Most organizations hit by ransomware would pay up if hit again

Dan Robinson reports: Almost nine in 10 organizations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack. The findings come from a report titled “How business executives perceive ransomware threat” by security...