The State of Ransomware 2024 | #ransomware | #cybercrime

2024 has started out with the highest number of January attacks we’ve ever recorded, with 76 attacks representing a 130% increase compared to 2022’s figures. Education topped the list of targeted industries, followed by healthcare and manufacturing. LockBit was the most active ransomware group this month, with Akira knocking BlackCat off the second-place spot for the first time. Notably 91% of disclosed attacks involved data exfiltration.

Check out who made ransomware headlines this month:

  1. Australia’s Court Services Victoria (CSV) revealed that hackers were able to disrupt operations and access its audio-visual archive containing sensitive hearing recordings during an attack. The impacted system was immediately isolated and shut down, but investigations revealed that a breach exposed recordings going as far back as the beginning of November 2023. This incident impacted various courts and jurisdictions including the Supreme Court and Magistrates’ Court. It is not known who was behind the attack or if any ransom was demanded in exchange for the compromised data.
  2. Swedish supermarket chain Coop fell victim to a Cactus ransomware attack in late December, impacting stores in the county of Värmland. A spokesperson confirmed the cyberattack, stating that upon detection external expertise was engaged to close off “vulnerabilities where intrusions occurred.” According to reports, stores were unable to take card payments on December 22nd but all stores remained open. Cactus ransomware group did not disclose many details on the attacks including what data was stolen.
  3. A Christmas Day attack that knocked out electronic health systems at Anna Jaques Hospital (AJH) has been claimed by Money Message ransomware group. The gang claimed it exfiltrated 600GB of information including data relating to its parent network Beth Israel Lahey Health. The ransom amount demanded was also not disclosed. The exact nature of the exfiltrated data remains unknown.
  4. One of Africa’s largest airlines, Kenya Airways, was claimed as a victim by the Ransomexx ransomware group. The ransomware group shared over 2GB of data allegedly stolen from the airline including sensitive information. Compromised data is said to include passenger information, accident reports, investigative activities and plans for the carrier. The organization has not yet made a public announcement acknowledging the claims.
  5. Fallon Ambulance Service, a now-defunct subsidiary of Transformative Healthcare, suffered a ransomware attack in April 2023 which impacted data of 911,757 individuals. The attackers gained access to the company’s systems from late February and remained there until late April. BlackCat claimed the attack, stating that they had exported 1TB of data including medical reports, paramedic reports, sensitive patient details, and other information. Transformative’s investigation of the incident concluded in late December 2023 when the breach notification was submitted.
  6. French logistics company Groupe IDEA was added to LockBit’s dark web victim site this month. The post from the group did not disclose any details on the breach and only contained a countdown to a deadline date of January 22nd for an undisclosed ransom demand to be met. It is not known what, or how much data was exfiltrated by the group. Groupe IDEA are yet to make a public comment addressing these claims.
  7. Gallery Systems, a museum software solutions provider, announced that IT outages were caused by a ransomware attack. The attack, which took place on December 28th, caused the company to take systems offline to prevent further devices from being encrypted, which led to wide-spread disruption for over 800 museums. Law enforcement was notified, and an internal investigation launched to determine the impact of the breach. No ransomware group has yet claimed responsibility for the incident.
  8. One of the largest insurance companies in the US, First American, confirmed that a cyberattack reported in December was indeed a ransomware attack. The incident forced the company to isolate systems from the internet in an attempt to contain and remediate the incident. Investigations revealed that threat actors accessed certain non-production systems, exfiltrated and encrypted data. It is not known who was behind the attack at this time.
  9. BlackCat ransomware group added SAED International to its victim list this month, claiming to have infected all systems and affected services. Although no detailed information was provided by the threat actors, the group suggested that the Saudi Closed Joint Stock Company had “tried to hide the attack from clients” It is not clear what impact the attack had on the organization nor what information has been stolen. SAED are yet to publicly address BlackCat’s claims.
  10. A cybersecurity incident around Christmas caused Eagers Automotive to halt all trading operations until further notice. The incident affected the IT systems and daily operations across dealerships in Australia and New Zealand. Notorious ransomware gang LockBit claimed responsibility and added the Australian car dealership to its leak site.
  11. US-based transportation provider Estes Express Lines confirmed that it had fallen victim to a cybersecurity incident last year. The attack caused IT outages and affected Estes’ online tracking services. A forensic investigation determined that unauthorized threat actors had accessed systems and exfiltrated data which is said to include names and other personal identifiers belonging to at least 21,184 individuals.
  12. LockBit began leaking information stolen from the University of Sherbrooke which was stolen during a ransomware attack in December 2023. The attack had no impact on the university’s activities, but a spokesperson did state that the compromised data had come from one research laboratory. The ransomware group added screenshots as proof of claims to the announcement on the dark web.
  13. Mexico’s largest poultry producer, Bachoco, was hacked by Cactus ransomware group just before the new year. The group posted Bachoco on its leak site but provided little information on the attack and did not post a deadline for payment of an undisclosed ransom. It is suggested that 130GB of data was exfiltrated during the incident. A download link to the proof of claims was included which contained PII of employees, stakeholders, and customers as well as other confidential documents.
  14. Hunters International ransomware gang breached Bradford Health, causing an operations blackout. The attack resulted in a breach of approximately 770GB of data including agreements, medical records, SQL backups, employee data and business documents. The healthcare facility has made no public comment addressing the claims.
  15. Hackers targeted Kaunas University of Technology in Lithuania, launching an attack on that led to the disruption of dozens of systems, and ultimately a leak in sensitive information. Information such as employee names, addresses, contact information and car registrations was compromised. Rhysida has claimed the attack and added a number of screenshots, including scanned passports, to its leak site.
  16. In Louisiana, Tulane University is investigating a potential cyberattack following claims made by Meow. The university launched an investigation of the claim and any impact of the attack but did comment that all network systems were operational. The ransomware group posted the university on its leak site on December 13th but did not include any more information on the attack, with the posting simply stating “soon”.
  17. Kershaw County School District (KCSD) in South Carolina was the first educational institute claimed by BlackSuit in 2024. Threat actors posted the school district on its leak site earlier this month, alongside claims that 17GB worth of files had been exfiltrated from the KCSD network during the incident.
  18. In Idaho, Blaine County School District was also targeted by BlackSuit during an attack in late December. BlackSuit alleges to have 12GB of data belonging to BCSD, although no proof of claims was added to the dark web listing.
  19. Marketing-centered US service provider Televerde fell victim to a cyberattack at the hands of Play. The organization is yet to make a comment on the claims but the group’s posting on its victim site suggests that data was stolen during the attack. Compromised information allegedly includes private and personal confidential data, client documents, budget, IDs, payroll, insurance, taxes, finances, and other company information.
  20. In Brazil, Agro Baggio was hacked by Knight ransomware group, causing the organization’s website to be knocked offline. The threat actors added Agro Baggio to its leak site, noting that the network is “tightly closed and unavailable. Knight also claimed to have exfiltrated 70GB of files containing “important data.” A threat was also included in the post highlighting that DPO/LGPD fines are high.
  21. At the beginning of the month, mortgage lender LoanDepot was forced to shut down some of its systems to contain a cybersecurity breach, with payments via the servicing portal and other online portals being taken offline. The organization has confirmed that it was hit with a ransomware attack, with malicious actors also encrypting files on compromised devices. An investigation revealed that sensitive personal information of approximately 16.6 million individuals was accessed by the ransomware group responsible. At the time of writing, no ransomware group has yet taken credit for the incident.
  22. LockBit claimed responsibility for an attack on the Capital Health hospital network which caused IT system outages and impacted operations for at least one week. LockBit listed the healthcare company on its data leak portal, claiming to have stolen 7TB of sensitive medical information valued at $250,000. The ransomware gang stated that it purposely did not encrypt the hospital’s systems so as not to interfere with patient care.
  23. The World Council of Churches confirmed that it was contacted by hackers on December 26th, demanding a ransom for information accessed during a cyberattack. All systems were unavailable including the website. The WCC stated that it would never give in to such threats. The WCC attack has not been claimed by any ransomware group.
  24. The largest zoo in Canada, Toronto Zoo, confirmed that it’s systems had been hit by a ransomware attack but that it had caused no impact to the animals’ care, its website, or its day to day operations. The zoo is investigating whether the incident affected guest, member, or donor records. The incident was reported to the Toronto Police Service and the zoo continues to work with third-party security experts and the City of Toronto’s Chief Information Security Office to determine the extent of the damage. Akira has taken credit for this incident, claiming to have exfiltrated 33GB of data including NDAs, confidential agreements and personal files.
  25. Offshore and marine organization ES Group (Holdings) saw information on its systems encrypted as a result of a ransomware attack. The company announced the incident stating that it had impacted the “majority” of its data in its servers but that investigations remained ongoing and the “threat had been contained.” ES Group also commented that there had been no significant impact to its business or operations.
  26. Another Singapore-listed company made headlines when IPS Securex Holdings confirmed that it had encountered a ransomware incident which had rendered its network inaccessible. Based on initial investigations, the organization is yet to see any evidence of data exfiltration from the attack. The threat actors behind the attack remain unknown.
  27. In Washington, Edmonds School District confirmed that a cyberattack in January last year compromised the sensitive personal information of approximately 250,000 individuals. The school district identified suspicious activities in its internal network and immediately launched an investigation. Compromised data included names and other personal identifiers, financial information and credit and debit card account information. Akira claimed responsibility for the attack in August, allegedly stealing 10GB of data.
  28. The Paraguay military issued warnings of Black Hunt ransomware after Tigo Business suffered a cyberattack which impacted cloud and hosting services in the company’s business division. Reports suggest that over 300 servers were encrypted, and backups compromised. The organization was not able to provide a lot of information relating to the attack.
  29. Black Basta published 515GB of data allegedly belonging to Park Holidays UK, a holiday park operator with more than 50 sites in the UK. The compromised data included financial documents, and personal documents such as driving licences and passports. The organization has not made a public announcement acknowledging the leak.
  30. German engineering company Gräbener Maschinentechnik confirmed that it had also fallen victim to a Black Basta ransomware attack late last year. The organization stated that unauthorized access was gained by threat actors and that it could not rule out data being leaked. The ransomware group has already published the 1.1TB of data exfiltrated from the organization during the attack. Information includes confidential information and company documents.
  31. TiAuto Investments, the holding company of Tiger Wheel & Tyres, notified suppliers that it was hit by a ransomware attack on December 28th. The organization’s security team detected suspicious activity and immediately disconnected the network, enabling them to contain the attack. The organization launched a full forensic cyber audit to determine the scope of the incident and the outcomes. LockBit claimed TiAuto Investments as a victim, but it is not clear what or how much data was exfiltrated during the attack.
  32. Over Christmas, Aspiration Training suffered a ransomware attack on part of its network in a data center. Initial investigations revealed that attackers penetrated a small area of the network, encrypting data. Rhysida claimed the incident, demanding 1BTC in exchange for the data exfiltrated. It is not clear at this time what data was compromised in the attack.
  33. RE&S Holdings, a Japanese multi-food brand, announced on Jan 11 that it had initiated data recovery following an attack which impacted the data on its servers. RE&S activated business continuity plans and seen no significant impact to its business operations. The company reported that it has not observed any evidence of data exfiltration or the compromise of any personal sensitive information following preliminary investigations.
  34. Sources from Fullerton Joint Union High School District revealed that it suffered a “complete internet shutdown” in November. This month it was announced that there is now evidence that some non-sensitive student information was accessed during the attack. Some feel that the superintendent should have acted sooner in informing the school district community about the data breach. It is not known who was behind the attack.
  35. Not for profit organization Water for People was targeted by a ransomware attack orchestrated by Medusa. The gang listed Water for People on its darknet site, threatening to publish stolen information unless the organization paid a ransom demand of $300,000. A spokesperson from Water for People commented that the data accessed predates 2021 and did not compromise financial systems or business operations.
  36. BlackCat claimed US-based general contractor Builcore as a victim, allegedly exfiltrating 250GB of data during the attack. On its victim site, the group stated that data stolen includes past, present and future clients as well as project information. It was also reported that Builcore refused to negotiate with the threat actors. Builcore has not commented on the breach.
  37. The Lutheran World Federation (LWF) became a victim of cyber extortion at the hands of Rhysida. The ransomware group reportedly exfiltrated 734GB of data in 732,665 files. Screenshots, including passports, were released as proof of claims. 50% of the files that “did not sell” have already been leaked. Rhysida has not publicly announced how much data was stolen during the attack and it is not known if a ransom was demanded from the LWF.
  38. It has been reported that staff of Australian imaging and diagnostics provider Quantum Radiology were told to tell concerned patients that a November breach was an “operational IT issue.” An unauthorized party breached the company’s IT systems and encrypted its contents including patients’ Medicare numbers, identifying information, claim details and scan reports. A ransomware gang is yet to take credit for this incident.
  39. The Arrowhead Regional Computing Consortium announced that a 2023 data breach compromised the sensitive personal information of more than 65,000 people. During an attack in February last year, the educational advisory group detected unauthorized activity in its internal network and immediately launched an investigation into the nature and scope of the incident. The investigation concluded on December 7th, revealing that sensitive people information including names, SSNs, health insurance information and medical information had been compromised during the attack. LockBit claimed the attack back in April, giving the group seven days to pay an undisclosed ransom before data was published.
  40. Personal information from over 7300 individuals was accessed by threat actors during a cyberattack on Carnegie Mellon University (CMU). The university launched an investigation and recovery operation which revealed that unauthorized external actors has accessed its computer systems. Information compromised included names, SSNs and dates of birth.
  41. Calvià City Council, a major Majorca tourism hotspot, was targeted by a ransomware attack, with threat actors demanding an $11million ransom. The attack caused IT outages and forced the council to form a crisis committee to evaluate the damage done and create impact mitigation plans. The ransomware group behind the attack remains unknown and the mayor of Calvià has stated that the ransom demand will not be paid under any circumstances.
  42. Hackers who claimed to have passenger data of PT Kereta Api Indonesia (KAI) demanded billions of rupiah in bitcoin to the government. The threat actors claim to be in possession of data belonging to employees and passengers alongside other information but have not disclosed the total amount of data breached. The government was asked to pay a ransom of 11.69BTC but KAI has confirmed that it has seen no evidence that any data was leaked.
  43. Fortune 500 company, Ashbury Automotive Group, was hacked by the Cactus ransomware gang who published the company’s data on its PR website on January 12th, claiming to have stolen 62GB and stating that less than 1% of the data was published. Confidential documents including passports, driver’s licenses, IDs, private financial data and employee information is among the data taken during the incident.
  44. BianLian ransomware group claimed Republic Shipping Consolidators as a victim on its leak site, publishing 117GB of confidential data belonging to the organization. Compromised information included financial records, email correspondence, internal company documents, personal details of employees and various other technical data. Republic Shipping Consolidators has not yet publicly commented on claims made by the ransomware group.
  45. US-based transportation management company Becker Logistics was among Akira’s victims in January, with the ransomware group threatening to release data exfiltrated during an attack. Akira stated that it is in possession of about 43GB of files including personal information, HR, customer info, NDA documents, contracts, and financial information. Becker Logistics has not yet made a public comment addressing the incident.
  46. 60,871 individuals were recently notified about a July ransomware attack on ConsensioHealth. The cyberattack which was discovered on July 3rd, made the network inaccessible to staff members of the billing service. Steps were immediately taken to prevent the spread of the attack and an investigation was launched to determine whether patient data was accessed or copied. In November, the investigation confirmed files containing patient data was stolen including files from seven entities.
  47. Memorial University confirmed that a cyberattack on Grenfell Campus during the Christmas break was indeed a ransomware attack. An unauthorized third party gained access to the Grenfell Campus’ network and encrypted data on a number of servers and workstations, rendering IT services unavailable. At this time, the university does not have any evidence that any personal information was compromised. An investigation is ongoing and as of yet, no ransomware group has yet claimed the attack.
  48. LockBit breached Foxsemicon Integrated Technology Inc, one of Taiwan’s biggest semiconductor manufacturers, demanding a ransom to avoid publishing troves of data. On January 17th LockBit pasted a ransom note on the organization’s website, demanding payment of an unspecified amount. According to claims made by the ransomware group, 5TB of data said to include personal data belonging to customers was exfiltrated. The group also threatened that if management did not get in contact that it was “able to completely destroy Foxsemicon with no possibility of recovery”. The organization has not been added to LockBit’s leak site, suggesting that the victim has entered into ransom negotiations or has already paid the amount demanded.
  49. Kansas State University announced that it was facing a cybersecurity incident that disrupted certain network systems including VPNs. Impacted systems were taken offline upon detection of the incident. The university engaged third-party IT forensic experts to assist in the ongoing investigation efforts. At the time of writing no ransomware group has taken responsibility for the attack.
  50. Netherlands-based denim brand DENHAM the Jeanmaker officially acknowledged falling victim to a cyberattack in late December 2023. The cyberattack did not materially impact DENHAM services in stores or online. A spokesperson confirmed that threat actors accessed some data on affected systems but stressed that information accessed did not include the personal data of consumers who visited its webshop. Akira took credit for the attack, stating on its victim site that it is in possession of 100GB of data archive.
  51. Hunters International launched an attack on Gallup-McKinley County Schools in New Mexico. The cyberattack claim lacks critical details including the nature of the data compromised, the extent of the breach, or the motives driving the attack. With no proof of claims added to the leak site, experts are questioning the validity of the claims made.
  52. In Maryland, Primary Health & Wellness Center made a public notice regarding a ransomware attack which occurred in October 2023. It stated that ransomware encrypted its network server which contained patient medical records from 2018 to present and included names, addresses, dates of birth, SSNs and medical records. PHWC also claims that it has no evidence to believe that any patient data or protected health information was acquired, exfiltrated or misused. The incident was reported to HHS in December as affecting 4,792 individuals.
  53. The FBI, Homeland Security and Oregon City Police Department are investigating an incident which impacted staff and students of Clackamas Community College. Several attacks against the college network took place overnight, with employees receiving emergency notifications about an intrusion. The attack on the servers was quickly isolated, with the origin of the hack being traced back to a Russian IP address. An investigation is ongoing to determine the scope the attack and if data was compromised during the attack. LockBit has claimed responsibility for this incident.
  54. Evidence of a cyberattack on Worthen Industries was posted on the ALPHV, aka BlackCat, leak site. The posting states that should the organization not contact the group in three days, Worthen’s “entire corporate data” including personal and confidential data would become public. The group also taunted the organization asking if it valued the reputation of the company. No further details on the attack have been released.
  55. Subway restaurant chain has launched an investigation after claims made by LockBit ransomware group. The infamous ransomware group added Subway to its Tor site alongside claims that it had exfiltrated Subways SBS internal system which includes hundreds of gigabytes of data and all financial aspects of the franchise. An undisclosed ransom was demanded with a deadline for payment set as 2nd February, failure to pay means all data will be published.
  56. Tietoevry, a Cloud hosting service provider, announced that one of its Swedish data centers was “partially subject to a ransomware attack.” The attack affected numerous customers, but it is believed that only services of customers in Sweden were impacted. It has not been announced whether sensitive or personal data was stolen during the incident. According to Tietoevry, Akira ransomware gang are responsible for this attack.
  57. Ransomware was the culprit behind a cyberattack on Douglas County Libraries in Colorado. The attack which was discovered on January 14th led to temporary catalogue and service outages. The network was quickly taken offline which impacted several other services offered by the libraries. An investigation has been launched but it is not yet known who was behind the attack and if any data was stolen.
  58. The world’s leading aircraft leasing company AerCap experienced a cybersecurity incident “related to ransomware” but claims it suffered no financial impact as a result of the attack. An investigation continues with an aim to establish the extent to which data may have been exfiltrated or otherwise impacted. Slug ransomware group claimed responsibility for the intrusion and listed AerCap as its first public target. The group claims to have stolen 1TB from the organization.
  59. LockBit claimed TV Jahn Rheine in Germany as a victim, providing information on substantial amounts of sensitive data stolen, including account information, email conversations and HR records. It is not clear how much information was stolen or what ransom was demanded by the threat actors.
  60. First Financial Security Inc reported that it had recently fallen victim to a ransomware attack which resulted in an authorized party being about to access consumers’ sensitive information. The organization secured its systems and determined that threat actors were not successful in encrypting the company’s systems, however, investigations revealed that portions of its IT network were accessed. Compromised data includes names, SSNs and other personal information.
  61. Veolia North America revealed that it suffered a ransomware attack which impacted systems of part of its Municipal Water division and disrupted its bill payment systems. The subsidiary of Veolia implemented defensive measures, taking some systems offline temporarily to contain the breach. The organization is working with forensic specialists to assess impact on its operations and systems. No ransomware group has yet claimed responsibility.
  62. Japan Foods Holding announced that the company was involved in a ransomware attack during which an unknown third party gained access to its servers and encrypted data. It is believed that there will be no material impact to financial or operational performance. During an initial investigation no evidence of data leakage or exfiltration was found.
  63. UK water giant Southern Water confirmed that threat actors broke into its IT systems and exfiltrated a “limited amount of data” following a ransomware attack. Black Basta has claimed responsibility, publishing a snippet of 750GB of stolen data including scans of identity documents, HR related information and corporate care leasing documents. Southern Water stated that although a limited amount of data has been leaked, there is no evidence that customer relationship and financial systems were affected.
  64. In Pennsylvania, Bucks County stated that it dealt with a cyberattack which caused outages and problems for county hospitals, libraries and other local services. The incident disabled the county’s Emergency Communications’ Department’s computer-aided dispatch (CAD) systems, causing issues for the emergency services. The county partnered with state and federal agencies to assist with the ongoing investigation into the attack. Further information on this attack is not currently available.
  65. The Kansas City Area Transportation Authority (KCATA) announced that it had been targeted by a ransomware attack on January 23rd, impacting all communication systems. Despite call-center disruption, all routes continued to run as usual with no passenger transit operations impacted. Medusa claimed responsibility, posting data samples on its dark web portal as proof of claims. A ransom of $2,000,000 has been demanded.
  66. A cyberattack on financial technology firm EquiLend forced several of its systems offline and caused several days of disruption. A spokesperson stated that firms would have to move to manual processes while the platform remained offline. EquiLend are working with external cybersecurity firms and other professional advisors to assist with investigations. Some reports suggest that LockBit was behind the attack, but the ransomware group has not yet posted any claims on its leak site.
  67. The Co-operative Housing Federation of Norway (NBBL) was hit by a “classic ransomware attack” which impacted three of its other companies. In a statement made by NBBL’s Communications Director, it was noted that affected parties were informed and security measures were immediately implemented to minimize the consequences of the attack. NBBL’s CEO commented that NBBL will not be paying any ransom demanded. 8Base has taken credit for the attack, claiming to be in possession of information including financial data, personal data, confidentiality agreements among other confidential information.
  68. In Ohio, Groveport Madison Schools is in the process of recovering from a ransomware incident. It took the school district a month to restore services after an attack on December 5th. The hackers identified themselves as Black Suit, adding the school district to its leak site. A spokesperson confirmed that the hackers stole some staff data, but no student data was compromised during the incident.
  69. Akira ransomware group claimed an attack on British bath bomb merchant Lush. The ransomware group claim to have stolen 110GB of data including “a lot of personal documents” such as passport scans. Other company documents relating to accounting, finances, tax, projects and clients is also said to be among the data exfiltrated. There is currently no evidence to suggest that customer data has been impacted. Lush publicly announced a cyberattack in early January but has not publicly acknowledged claims made by Akira.
  70. LockBit has reportedly claimed responsibility for an incident involving the Caravan and Motorhome Club in the UK. During the cybersecurity incident customers were unable to reach the company or access any of its digital channels. It took the company five days to make a public disclosure, following on from advice given by its external cybersecurity experts. The ransomware group has not added a lot of detail to its posting about the Caravan and Motorhome Club but has given the organization until February 9th to meet undisclosed ransom demands.
  71. Scottish charity The Richmond Fellowship Scotland was targeted by a ransomware attack which shut down all of its systems for over two weeks. Experts from Police Scotland are investigating but most aspects of the attack are still not known. Medusa has claimed responsibility for the attack, claiming to have stolen an unknown amount of data. A ransom of $300,000 has been set by threat actors in exchange for data stolen.
  72. Planet Home Lending LLC was a victim of a ransomware attack in November 2023, but the data breach was only announced by the organization recently. In response to the attack, Planet Home contained the incident, terminated unauthorized access and launched an investigation involving third party specialists. Investigations determined that threat actors were able to access sensitive consumer information.
  73. Cactus targeted energy management and automation giant Schneider Electric, reportedly stealing terabytes of corporate data during the cyberattack. The company’s Sustainability Business division was hit in early January, disrupting some of Schneider Electric’s Resource Advisor cloud platform. At this time, it is not known what data was exfiltrated or what the ransom demand is.
  74. BlackCat is threatening to release classified documents from numerous U.S. intelligence agencies following an attack on Technica Corporation. The ransomware group added a post on its dark web site claiming to have exfiltrated 300GB of data from the company. The group wrote “documents relate to the FBI and other US intelligence agencies. If Technica does not contact us soon, the data will either be sold or made public.” The posting also included 29 separate documents as a proof of claims which included contracts from the Dept of Defense as well as employee information. Technica are yet to address these claims publicly.
  75. Lotus Media Group in Oregon, which oversees one newspaper, and five local radio stations faced a ransomware attack in late January. The incident caused disruptions to operations, with employees locked out of their emails and key systems used to design the print newspaper. Staff are working to restore operations and continue reporting the news. It is not clear who was behind the attack or if any data was exfiltrated.
  76. A December cyberattack on Saint Anthony Hospital has recently been claimed by LockBit ransomware gang. LockBit posted the Chicago hospital on its leak site, giving it two days to pay a nearly $900,000 ransom. Administrators determined that files containing patient information had been copied from the network. LockBit didn’t share a lot of information on its posting but did share how they felt about US hospitals, commenting “always US hospitals put their greedy interest over those of their patients and clients.”

Source link

National Cyber Security