Unfortunately, I’ve had unpleasant dealings with the Phobos ransomware group. My interactions with Phobos have been fodder for a good story when I educate client employees on recent cyber-attacks to prevent them from becoming victims. The story highlights how these ransomware groups, including Phobos, are sophisticated criminal organizations with managerial hierarchy. They use common slang

The city of Columbus, Ohio, announced on May 29, 2024, that a ransomware attack forced its systems offline. According to its notice, the attack was perpetrated by “an established, sophisticated threat actor operating overseas,” and that it was working with law enforcement to investigate the incident.  The culprit behind the ransomware attack is reported to

Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware incident.” Its investigation indicates “with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with

On October 22, 2024, Microsoft issued a threat trend research report entitled “US Healthcare at risk: Strengthening resilience against ransomware attacks.” In it, Microsoft declares that ransomware attacks against the healthcare sector are “emerging as one of the most significant” cybersecurity threats to healthcare organizations. The attack surface of hospitals “grows more complex” with digital

Lehigh Valley Health Network (LVHN) has agreed to settle a class action filed against it following a February 2023 ransomware attack that compromised personal information of patients, including medical and treatment information, health insurance information and, for some individuals, social security numbers, driver’s license numbers, and banking information. For a limited number of individuals, the

A class action complaint was filed against the International Brotherhood of Electrical Workers (IBEW) labor union for a data breach that occurred between March 31 and April 5, 2024. IBEW represents individuals who work in a wide variety of fields, including utilities, construction, telecommunications, broadcasting, manufacturing, railroads, and government. The security incident resulted in unauthorized

We previously reported on the concerning mash-up of worldwide cybercriminals, known as Scattered Spider, working together to attack victims.

New reports from Microsoft and others indicate that since the second quarter of 2024, Scattered Spider is now using RansomHub and Qilin ransomware against victims. Scattered Spider is suspected of attacking hundreds of organizations since its

Security research firm Halcyon recently reported that it “encountered” a new ransomware organization dubbed Volcano Demon several times in the past few weeks.

According to its report, Volcano Demon uses the encryptor LukaLocker with a .nba file extension. Halcyon provided an encryptor sample in its post.

Although Volcano Demon uses traditional methods of extortion, including

On May 10, 2024, CISA, along with the FBI, HHS, and MS-ISAC, issued a joint Cybersecurity Advisory relating to Black Basta ransomware affiliates “that have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia.”

The Black Basta Advisory provides information on how the threat actors gain