Unfortunately, I’ve had unpleasant dealings with the Phobos ransomware group. My interactions with Phobos have been fodder for a good story when I educate client employees on recent cyber-attacks to prevent them from becoming victims. The story highlights how these ransomware groups, including Phobos, are sophisticated criminal organizations with managerial hierarchy. They use common slang
ransomware
Columbus, Ohio Notifies 500,000 of Data Breach from Ransomware Attack
The city of Columbus, Ohio, announced on May 29, 2024, that a ransomware attack forced its systems offline. According to its notice, the attack was perpetrated by “an established, sophisticated threat actor operating overseas,” and that it was working with law enforcement to investigate the incident. The culprit behind the ransomware attack is reported to…
Scary Halloween News: Jumpy Pisces Using Play Ransomware to Attack Organizations
Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware incident.” Its investigation indicates “with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with…
Microsoft Report Highlights Attacks Against Healthcare Organizations
On October 22, 2024, Microsoft issued a threat trend research report entitled “US Healthcare at risk: Strengthening resilience against ransomware attacks.” In it, Microsoft declares that ransomware attacks against the healthcare sector are “emerging as one of the most significant” cybersecurity threats to healthcare organizations. The attack surface of hospitals “grows more complex” with digital…
OCR Settles Fourth Ransomware Investigation
The Office for Civil Rights of the Department of Health and Human Services (OCR) announced on September 26, 2024, that it had entered a settlement with Cascade Eye and Skin Centers (together, Cascade) for $250,000 following an investigation of a ransomware attack against them.
This is the fourth settlement against a victim of a ransomware…
Lehigh Valley Health Network Settle Class Action Case for $65M
Lehigh Valley Health Network (LVHN) has agreed to settle a class action filed against it following a February 2023 ransomware attack that compromised personal information of patients, including medical and treatment information, health insurance information and, for some individuals, social security numbers, driver’s license numbers, and banking information. For a limited number of individuals, the…
Labor Union Faces Class Action for Data Breach
A class action complaint was filed against the International Brotherhood of Electrical Workers (IBEW) labor union for a data breach that occurred between March 31 and April 5, 2024. IBEW represents individuals who work in a wide variety of fields, including utilities, construction, telecommunications, broadcasting, manufacturing, railroads, and government. The security incident resulted in unauthorized…
Scattered Spider Using RansomHub and Qilin Ransomware Against Victims
We previously reported on the concerning mash-up of worldwide cybercriminals, known as Scattered Spider, working together to attack victims.
New reports from Microsoft and others indicate that since the second quarter of 2024, Scattered Spider is now using RansomHub and Qilin ransomware against victims. Scattered Spider is suspected of attacking hundreds of organizations since its…
Halcyon Provides Intel on Volcano Demon Ransomware
Security research firm Halcyon recently reported that it “encountered” a new ransomware organization dubbed Volcano Demon several times in the past few weeks.
According to its report, Volcano Demon uses the encryptor LukaLocker with a .nba file extension. Halcyon provided an encryptor sample in its post.
Although Volcano Demon uses traditional methods of extortion, including…
CISA Issues Advisory on Black Basta Ransomware
On May 10, 2024, CISA, along with the FBI, HHS, and MS-ISAC, issued a joint Cybersecurity Advisory relating to Black Basta ransomware affiliates “that have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia.”
The Black Basta Advisory provides information on how the threat actors gain…