Security News
Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. Cybersecurity company Arctic Wolf says it has investigated "Several cases" where victims of the two ransomware groups that paid a ransom were approached by a threat actor claiming to be an ethical hacker or security researcher with a deep understanding of the field.
A group of financially motivated Turkish hackers targets Microsoft SQL servers worldwide to encrypt the victims' files with Mimic ransomware. "The timeline for the events was about one month from initial access to the deployment of MIMIC ransomware on the victim domain."
Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. Tortilla is a Babuk ransomware variant that emerged in the wild shortly after the source code of the original malware leaked on a hacker forum.
The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division. "On January 4, we were victims of a security incident in our Tigo Business Paraguay infrastructure as a service, which has affected the normal supply of some specific services to a limited group of clients in the corporate segment." reads a statement from Tigo Business.
Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant. Cisco Talos said it obtained the Babuk Tortilla decryptor and shared it with Avast, which already hosts the industry's go-to generic Babuk decryptor, now updated to support Tortilla victims.
When organizations get hit by ransomware and pay the crooks to decrypt the encrypted data and delete the stolen data, they can never be entirely sure the criminals will do as they promised. Even if an organization gets its data decrypted, they cannot be sure the stolen data has indeed been wiped and won't subsequently be used or sold.
Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations. "Currently, our animal wellbeing, care and support systems have not been impacted by this incident and we are continuing with normal Zoo operations including being open to guests," it said.
Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. LoanDepot is a major nonbank mortgage lender in the United States, with over $140 billion in serviced loans and roughly 6,000 employees.
The LockBit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow. The LockBit ransomware gang has now claimed responsibility for the attack on Capital Health by listing the healthcare company on its data leak extortion portal yesterday.
The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing. Citing inaccuracies in wider reports, a British Library spokesperson told The Register: "The final costs of recovering from the recent cyber attack are still not confirmed. The British Library and its government sponsor, the Department for Culture, Media and Sport, remain in close and regular contact. The Library always maintains its own financial reserve to help address unexpected issues and no bids for additional funding have been made at this stage."