Malware

Researchers Quietly Cracked Zeppelin Ransomware Keys

Brian Krebs reports: Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two...

Vanuatu island hit by ransom attack, cripples government

WION reports: The small archipelago of the South Pacific Ocean, Vanuata, was attacked by ransomware on 4 November, Friday and stranded the country for over a week. According to civil servants in the government, they noticed that their official emails started bouncing back from government addresses, this was the first sign when they found...

Alert (AA22-321A) #StopRansomware: Hive Ransomware

CISA has issued an alert about the Hive ransomware group. Summary Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators...

Medibank defends decision to not pay hackers ransom for stolen data as it contacts 480,000 customers

Nassim Khadem and Daniel Ziffer report: Medibank’s boss says the company will begin directly communicating with nearly half a million customers whose health data is believed to have been stolen, weeks after it first became aware hackers had breached its customer database. Medibank’s chief executive David Koczkar said the company had today started communicating...

MI: Ransomware attack responsible for shutdown affecting Jackson, Hillsdale schools

Martin Slagter reports: Jackson County Intermediate School District officials took network systems offline after technology staff determined suspicious activity to be the result of a “ransomware incident.” Public school districts in both counties canceled classes Monday, Nov. 14, with the system outage impacting a wide range of building operations including but not limited to...

CO: Salud Family Health breached in September, leaked in November

On October 5, Salud Family Health in Colorado notified HHS of a breach, but only provided a “marker” of 501 affected.  On November 4, they provided notice that said the types of information that might have been accessed or taken included in a cyberattack included: patients’ name, Social Security number, driver’s license number or...