Conti Ransomware Hits Costa Rica Electricity

May 03, 2022

Conti Ransomware Hits Costa Rica Electricity

Industry: Energy | Level: Strategic | Source: TheRecord

Junta Administrativa del Servicio Eléctrico de Cartago (JASEC), a government agency controlling electricity in Cartago, Costa Rica, has been impacted with Conti ransomware as administrative systems were impacted this past weekend. The attack occurred on Saturday, using systems managing the company’s emails, website, and administrative collection systems being encrypted. The electric operator’s general manager Luis Solano has assured customers “electricity and internet services operate normally,” however, the incident has inhibited customers from paying electric or internet bills. Until the incident is resolved the company has suspended bill payments.

BlackCat Breaches Florida International University

April 19, 2022

BlackCat Breaches Florida International University

Industry: Education | Level: Strategic | Source: TheRecord

The ransomware group, BlackCat (ALPHV) has breached Florida International University (FIU) compromising approximately 1.2TB of data. The attack reported by The Record has claimed data belonging to essentially all university personnel including, students, teachers, and staff. With data associated with contracts, accounting documents, social security numbers, email databases and other information. A statement offered by FIU acknowledged the ransomware group’s claim of the attack, however, has denied the breach of data, stating the investigation is ongoing. The message from the university reads “Today, a ransomware group posted that sensitive FIU data had been exfiltrated. We have been investigating and there is no indication thus far that sensitive information has been compromised. At this time, no further information is available.”

ALPHV Ransomware Hits North Carolina A&T University

April 12, 2022

ALPHV Ransomware Hits North Carolina A&T University

Industry: Education | Level: Strategic | Source: TheRecord

ALPHV/Blackcat ransomware has compromised North Carolina A&T University as the institution has appeared on the ransomware group’s victim site. The attack appeared to have occurred between March 7th to 11th, with the attacks taking advantage of the smaller staff during the university’s spring break vacation. As reported by The Record the attack inhibited network communications that include “wireless connections, Blackboard instruction, single sign-on websites, VPN, Jabber, Qualtrics, Banner Document Management and Chrome River. Some of the services are still down.” In addition, personal information was also compromised includes social security numbers, financial data, SQL and email database information. The university is still recovering from the attack with services slowly being restored however the impact has affected students as some are unable to complete class assignments or participate in class with sessions being canceled due to the ongoing issues.

Cyber Incident Reporting Bill

March 15, 2022

Cyber Incident Reporting Bill

Industry: Critical Infrastructure | Level: Strategic | Source: TheRecord

As reported by TheRecord, the United States Senate has approved legislation requiring “critical infrastructure operations alert the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of a breach and 24 hours if the organization pays a ransom.” The bill was passed to United States President Joe Biden and it is expected to be signed. The legislation, as stated by CISA Director Jen Easterly, would provide intelligence advantages “these reports from our private sector partners [will be used] to build a common understanding of how our adversaries are targeting U.S. networks and critical infrastructure.”

Blackbyte Ransomware Hits NFL 49ers

February 15, 2022

Blackbyte Ransomware Hits NFL 49ers

Industry: Entertainment | Level: Strategic | Sources: BleepingComputer & TheRecord

A spokesperson for NFL team, the San Francisco 49ers, disclosed a ransomware attack from operators of BlackByte ransomware to news outlets, The Record and BleepingComputer. Information is currently limited with the team working to recover impacted systems. A statement from the 49ers mentions, “While the investigation is ongoing, we believe the incident is limited to our corporate IT network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders.” The 49ers are engaging with law enforcement and third-party cybersecurity firms to assist with the investigation.

Ransomware Targets European Oil and Chemical Sectors

February 08, 2022

Reported from The Record, a series of ransomware attacks have been targeting oil and chemical suppliers in Belgium, Netherlands and Germany. While the attacks aren’t identified as being linked, European officials investigating the matter have associated the attacks to BlackCat and Conti ransomware groups.

US Federal Government Initiative to protect Water Systems

February 01, 2022

In an effort, to improve the defense of US critical infrastructure, the US government and the Environmental Protection Agency (EPA) are initiating a new “action plan” focusing on securing the water sector.

Video Player Spreads Skimmers

January 05, 2022

Video Player Spreads Skimmers

Industry: Real Estate | Level: Strategic | Source: PaloAltoUnit42 & TheRecord

Research from PaloAlto Unti42 identified over 100 real estate sites compromised to distribute skimmers collecting user information. The affected real estate sites all belonged to one parent company – Sotheby’s with their Brightcove account having been compromised. The compromised sites all imported the same malicious video from the cloud video platform, which in essence brought about a supply chain network attack. The issue associated with the Sotheby and Brightcove has been resolved prior to Unit42 sharing their analysis and findings.

Lapsus$ Ransomware Gang Hacks Portugal’s Media Conglomerate, Impresa

December 29, 2021

Lapsus$ Ransomware Gang Hacks Portugal’s Media Conglomerate, Impresa

Industry: Entertainment | Level: Strategic | Source: TheRecord

Over the course of the New Years’ weekend, Impresa a large media conglomerate in Portugal, was compromised by Lapsus$ ransomware gang. The attack impacted television channel, SIC and weekly newspaper Expresso. Compromises to the company’s IT infrastructure forced websites for the associated media platforms to be offline. The Lapsus$ gang took credit for the attack, having defaced Impresa’s sites leaving a ransomware note. In addition, the group claims to have access to the company’s Amazon Web Service account.

Prodraft Researchers Identify a Conti Server

November 23, 2021

Prodraft Researchers Identify a Conti Server

Industry: N/A | Level: Strategic | Source: TheRecord

Researchers at Prodaft were able to identify an exposed server associated with the Conti ransomware gang. The server is used for payment or site recovery victim visit to negotiate ransom payments. Researchers were able to maintain access to the server for several weeks observing network traffic connecting to the server. The traffic was largely victim IP addresses, but observed SSH traffic was likely the ransomware operators. Unfortunately, the SSH IP addresses were associated with Tor exit nodes. When Prodaft published their report of this activity, the ransomware gang was immediately aware and took the server offline.