Tag: ‘gang
IRA gang who smashed their way into the home of the Derby winning stallion’s groom 40 years ago
Woman, 22, who lied about being groomed by Asian gang and hit herself with hammer is convicted
LockBit ransomware gang apologizes for SickKids hospital attack and offers free decryptor
One of the world’s most notorious ransomware gangs has issued a rare apology after claiming that one of its partners was responsible for a cyberattack on Canada’s largest pediatric hospital. On December 18th, the Hospital for Sick Children (SickKids) in Toronto fell victim to a ransomware attack that left the institution unable to access many of its critical systems. The incident led to an increase in patient wait times. As of December 29th, SickKids said it had regained access to almost 50 percent of its priority systems, including those that had caused diagnostic and treatment delays.
SickKids is aware of a statement from a ransomware group offering a decryptor to restore systems impacted by the cybersecurity incident on December 18. Read more: https://t.co/clU1IqK7Qhpic.twitter.com/H9S4ERgih7
— SickKids_TheHospital (@SickKidsNews) January 1, 2023
Over the weekend, security researcher Dominic Alvieri spotted an apology from the LockBit gang for its involvement in the incident. The group said it would provide a free decryptor to SickKids and that it had blocked the “partner” who carried out the attack for violating the gang’s rules. As BleepingComputer notes, the LockBit group runs what’s known as a “ransomware-as-a-service” operation. The organization has affiliates that do the dirty work of finding targets to compromise and extract payment from, while the primary operation maintains the malware that partners use to lock systems. As part of that arrangement, the gang takes a 20 percent cut of all ransom payments. Additionally, the group claims to prohibit affiliates from targeting “medical institutions” where an attack could lead to someone’s death.
On Sunday, SickKids acknowledged the statement and said it was working with outside security experts to “validate and assess the use of the decryptor,” adding that it had not made any ransom payments. The hospital also said it recently restored access to about 60 percent of its priority system. It’s unclear why it took the LockBit gang nearly two weeks to offer help to SickKids if the attack was against its code. It’s also worth noting that the group has a history of targeting hospitals and not sending them a decryptor. Earlier this year, for instance, the group demanded a $1 million ransom from the Center Hospitalier Sud Francilien in France and eventually leaked patient data after the hospital refused to pay.
A ransomware gang used credentials from the Lapsus leak to sign malware
Ransomware gang caught using Microsoft-approved drivers to hack targets
Security researchers say they have evidence that threat actors affiliated with the Cuba ransomware gang used malicious hardware drivers certified by Microsoft during a recent attempted ransomware attack. Drivers — the software that allows operating systems and apps to access and communicate with hardware devices — require highly privileged access to the operating system and […]
Ransomware gang caught using Microsoft-approved drivers to hack targets by Carly Page originally published on TechCrunch
Cuba Ransomware Gang Abused Microsoft Certificates to Sign Malware
FBI, CISA Say Cuba Ransomware Gang Extorted $60 Million From Victims This Year
Cuba ransomware actors, which have been active since 2019, continue to target U.S. entities in critical infrastructure, including financial services, government facilities, healthcare and public health, critical manufacturing and information technology. […] FBI and CISA added that the ransomware gang has modified its tactics, techniques and procedures since the start of the year and has been linked to the RomCom malware, a custom remote access trojan for command and control, and the Industrial Spy ransomware. The advisory notes that the group — which cybersecurity company Profero previously linked to Russian-speaking hackers — typically extorts victims by threatening to leak stolen data. While this data was typically leaked on Cuba’s dark web leak site, it began selling stolen data on Industrial Spy’s online market in May this year. CISA and the FBI are urging at-risk organizations to prioritize patching known exploited vulnerabilities, to train employees to spot and report phishing attacks and to enable and enforce phishing-resistant multi-factor authentication.
Read more of this story at Slashdot.
The Guardians of the Galaxy Vol. 3’s first trailer gets the whole gang back together
Now everyone gets to see baby Rocket Raccoon