Lehigh Valley Health Network (LVHN) has agreed to settle a class action filed against it following a February 2023 ransomware attack that compromised personal information of patients, including medical and treatment information, health insurance information and, for some individuals, social security numbers, driver’s license numbers, and banking information. For a limited number of individuals, the
ransomware
Labor Union Faces Class Action for Data Breach
A class action complaint was filed against the International Brotherhood of Electrical Workers (IBEW) labor union for a data breach that occurred between March 31 and April 5, 2024. IBEW represents individuals who work in a wide variety of fields, including utilities, construction, telecommunications, broadcasting, manufacturing, railroads, and government. The security incident resulted in unauthorized…
Scattered Spider Using RansomHub and Qilin Ransomware Against Victims
We previously reported on the concerning mash-up of worldwide cybercriminals, known as Scattered Spider, working together to attack victims.
New reports from Microsoft and others indicate that since the second quarter of 2024, Scattered Spider is now using RansomHub and Qilin ransomware against victims. Scattered Spider is suspected of attacking hundreds of organizations since its…
Halcyon Provides Intel on Volcano Demon Ransomware
Security research firm Halcyon recently reported that it “encountered” a new ransomware organization dubbed Volcano Demon several times in the past few weeks.
According to its report, Volcano Demon uses the encryptor LukaLocker with a .nba file extension. Halcyon provided an encryptor sample in its post.
Although Volcano Demon uses traditional methods of extortion, including…
CISA Issues Advisory on Black Basta Ransomware
On May 10, 2024, CISA, along with the FBI, HHS, and MS-ISAC, issued a joint Cybersecurity Advisory relating to Black Basta ransomware affiliates “that have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia.”
The Black Basta Advisory provides information on how the threat actors gain…
HC3 Warns Healthcare Organizations about Akira Ransomware Group
The Health Sector Cybersecurity Coordination Center (HC3) recently warned the health care sector about the Akira ransomware group that has been hitting health care organizations since May of 2023. In an Analyst Note dated February 7, 2024, HC3 stated that although Akira is a relatively new ransomware group, it has attacked at least 81 organizations…
Ransomware Hitting U.S. Companies at Increasing Rate
Unfortunately, according to Unit 42 of Palo Alto’s recently published “Ransomware and Extortion Report,” ransomware groups had a good year in 2022. They found that threat actors are using multi-extortion tactics to get paid by victims, including data exfiltration. In addition, there was “a 49% increase in victims reported by ransomware leak sites, with a…
Chinese Hackers Allegedly Use ChatGPT to Write Ransomware
Chinese authorities have arrested alleged hackers in what appears to be the first-ever reported case of hackers using AI to develop ransomware. These alleged hackers reportedly used ChatGPT to refine the code for their home-grown ransomware encryption tool. ChatGPT has been banned in China in favor of Chinese tools such as Baidu’s Ernie Bot. However…
Boeing Hit with LockBit Ransomware
Boeing has confirmed that its parts and distribution site has been attacked by LockBit ransomware, which is believed to be Russian based. Boeing has said that the attack has not affected flight safety. Boeing is investigating the attack.
LockBit publicly claimed responsibility for the attack and boasted that it had stolen “sensitive data” from Boeing…
40 Countries Including US Vow Not to Pay Ransomware
The United States joined 39 other countries this week in the International Counter Ransomware Initiative, an effort to stem the flow of ransom payments to cybercriminals. The initiative aims to eliminate criminals’ funding through better information sharing about ransom payment accounts. Member states will develop two information-sharing platforms, one created by Lithuania and another jointly…