The News Caravan

Tag: ransomware

  • US: Ransomware attack infects Dallas servers down, police website down

    US: Ransomware attack infects Dallas servers down, police website down

    [ad_1]

    Texas: US city of Dallas is working to recover from a ransomware attack that infected computer servers, which affected the city’s services, including its police department.

    Due to the attack has taken the Dallas Police Department website has gone offline but appears so far to have limited impact on city services for residents, the city said in a statement on Wednesday according to CNN.

    City officials confirmed that a number of servers have been compromised with ransomware.

    MS Education Academy

    Officials are working to contain the spread of malicious software from city computer systems and to restore any affected services, according to CNN.

    “The Dallas Police Department is being affected by an outage in the city,” Kristin Lowman, a public information officer for the department, told CNN in an email. She did not respond to a question on how the hack is affecting the Dallas Police Department.

    On Wednesday afternoon, there were reports of computer outages or connectivity issues at other Dallas government agencies.

    According to CNN, a computer system that processes records for the Dallas Court and Detention Services Department has been down since 6 am local time on Wednesday.

    A person who answered CNN’s phone at the department on Wednesday afternoon, said: “Our system went completely down so there’s not much we can see in terms of looking up people’s citations and traffic tickets.” He added that they were unsure what caused the outage.

    CNN has requested comment from the FBI and the US Cybersecurity and Infrastructure Security Agency on the Dallas hack.

    [ad_2]
    #Ransomware #attack #infects #Dallas #servers #police #website

    ( With inputs from www.siasat.com )

  • Ferrari notifies customers of potential data exposure in ransomware attack

    Ferrari notifies customers of potential data exposure in ransomware attack

    [ad_1]

    Italian luxury sports car maker Ferrari has revealed that it received a ransom demand related to customer contact details that may have been compromised in a ransomware attack. In a statement released on March 20, Ferrari said that it immediately began an investigation in collaboration with a leading cybersecurity firm upon receipt of the ransom demand. It also informed the relevant authorities and expressed confidence that they would investigate the incident to the fullest extent of the law.

    While Ferrari did not specify when the attack occurred, it may be related to reports of a ransomware attack in October 2022, when the RansomEXX group claimed to have stolen and leaked 7 GB of data from Ferrari. The car maker denied the claims at the time.

    “As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” Ferrari stated. “Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.”

    The company has contacted its customers via email, informing them that the exposed information includes their name, address, email address, and phone number. Ferrari has not found any evidence that financial information or details on owned or ordered cars have been compromised.

    With one of the most expensive car lineups in the world, a contact list of wealthy customers is very attractive to cybercriminals. They could use the information to customize malicious, targeted emails.

    Ferrari has confirmed that the breach has not affected the operational functions of the company and that it has worked with “third-party experts” to strengthen its system security. The company has not mentioned RansomEXX in its statement, but the ransomware gang has been linked to several other attacks, including those on logistics giant Hellmann Worldwide, software and services firm Tyler Technologies, and others.

    Ferrari’s stance on not paying ransoms is in line with industry best practices, which discourage organizations from funding cybercriminals. However, this can lead to the exposure of sensitive information, which can be damaging to a company’s reputation and lead to potential legal repercussions. As such, it is essential that organizations take steps to secure their systems and protect their data from cyber threats.

    [ad_2]
    #Ferrari #notifies #customers #potential #data #exposure #ransomware #attack

    ( With inputs from www.siasat.com )

  • U.S., U.K. sanction Russian hackers in ransomware attacks

    U.S., U.K. sanction Russian hackers in ransomware attacks

    [ad_1]

    ransomware china ap

    Geopolitical links: In addition, Trickbot was linked by IBM last year to cyberattacks in 2022 tied to the war aimed at both the Ukrainian government and private sector groups and, according to the Treasury Department, have also allegedly targeted the U.S. government and U.S. companies.

    “The United States and the U.K. are leaders in the global fight against cybercrime and are committed to using all available tools to defend against cyber threats,” Secretary of State Antony Blinken said in a statement Thursday. “As Russia’s illegal war against Ukraine continues, cooperation with our allies and partners is more critical than ever to protect our national security.”

    British attacks: The U.K.’s National Crime Agency identified almost 150 British victims of ransomware linked to Russian cybercriminal groups. And the action taken Thursday is part of an effort to shut down ransomware attacks aimed at the U.K., which are classified there as a “tier 1 national security threat.”

    British Foreign Secretary James Cleverly said in a statement Thursday that “by sanctioning these cyber criminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account.”

    Past disruption efforts: The hackers associated with Trickbot have continued their activities despite Microsoft taking action in 2020 ahead of the U.S. presidential election to disrupt the group through actions including suspending IP addresses. Whether the new sanctions will be able to permanently damage the group remains unclear.

    “These sanctions will likely cause disruption to the adversary’s operations while they look for ways to circumvent the sanctions,” Adam Meyers, head of threat intelligence at cybersecurity group CrowdStrike, said in a statement Thursday. “Often, when cybercriminal groups are disrupted, they will go dark for a time only to rebrand under a new name.”

    [ad_2]
    #U.S #U.K #sanction #Russian #hackers #ransomware #attacks
    ( With inputs from : www.politico.com )

  • Ransomware hacking campaign targets Europe and North America, Italy warns 

    Ransomware hacking campaign targets Europe and North America, Italy warns 

    [ad_1]

    gettyimages 1298533103

    Italy’s National Cybersecurity Agency (ACN) warned on Sunday of a large-scale campaign to spread ransomware on thousands of computer servers across Europe and North America. 

    France, Finland and Italy are the most affected countries in Europe at the moment, while the U.S. and Canada also have a high number of targets, the ACN warned, according to Italian news agency ANSA. 

    The attack targets vulnerabilities in VMware ESXi technology that were previously discovered but that still leave many organizations vulnerable to intrusion by hackers.

    “These types of servers had been targeted by hackers in the past due to their vulnerability,” according to ACN. “However, this vulnerability of the server was not completely fixed, leaving an open door to hackers for new attacks.”

    France was the first country to detect the attack, according ANSA. 

    The French cybersecurity agency ANSSI on Friday released an alert to warn organizations to patch the vulnerability.

    It is estimated that thousands of computer servers have been compromised around the world, and according to analysts the number is likely to increase. Experts are warning organizations to take action to avoid being locked out of their systems.  



    [ad_2]
    #Ransomwarehacking #campaigntargetsEurope #North #America #Italy #warns
    ( With inputs from : www.politico.eu )

  • Justice Department disrupts group behind thousands of ransomware attacks

    Justice Department disrupts group behind thousands of ransomware attacks

    [ad_1]

    image

    Garland, at a press conference in Washington, said Hive was behind attacks in the past two years on a Midwest hospital, which was forced to stop accepting new patients and to pay a ransom to decrypt health data. While Garland did not name the hospital, the Memorial Health System in West Virginia and Ohio was attacked by Hive affiliates at the same time. Hive was also linked to an attack last year on Costa Rica’s public health service.

    Hive is known to go after health care organizations, and the Justice Department, the Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services put out a joint alert last year warning of additional Hive attacks on health care and public health groups.

    Garland said the Justice Department had assisted around 300 victims around the world since July, and stopped the payment of around $130 million to Hive.

    “Cybercrime is a constantly evolving threat, but as I have said before, the Justice Department will spare no resources to identify and bring to justice anyone, anywhere who targets the United States with a ransomware attack,” Garland said.

    FBI Director Christopher Wray said the “disruption campaign” against Hive had taken place over the past year and a half, and involved FBI personnel gaining access to Hive’s control panels in order to give victims keys to unlock their encrypted systems. Wray pressed victims of cyberattacks to come forward and inform law enforcement, noting that only around 20 percent of Hive’s victims had done so.

    “A reminder to cybercriminals: No matter where you are, and no matter how much you try to twist and turn to cover your tracks — your infrastructure, your criminal associates, your money and your liberty are all at risk, and there will be consequences,” Wray told reporters.

    Hackers linked to some ransomware attacks have often been based out of Russia, including the hackers behind the 2021 attack on Colonial Pipeline, which temporarily crippled the supply of gas to the East Coast. While the Biden administration opened discussions with Moscow in 2021 about cracking down on cybercriminals based in Russia, these talks collapsed following the Russian invasion of Ukraine last year.

    When asked whether Hive cybercriminals were based in Russia, Garland declined to answer, noting “we are in the middle of an ongoing investigation.”

    While the dismantling of Hive’s operations is a win for the Justice Department — which launched a ransomware task force in 2021 to better prioritize investigating and bringing to justice ransomware cybercriminals — at least one expert is skeptical of its long-term impact.

    “The disruption of the Hive service won’t cause a serious drop in overall ransomware activity, but it is a blow to a dangerous group that has endangered lives by attacking the health care system,” John Hultquist, the head of Mandiant Threat Intelligence at Google Cloud, said Thursday. He noted that a new competitor will likely be “standing by” to take Hive’s place.

    “Actions like this add friction to ransomware operations. Hive may have to regroup, retool, and even rebrand,” Hultquist said. “When arrests aren’t possible, we’ll have to focus on tactical solutions and better defense. Until we can address the Russian safehaven and the resilient cybercrime marketplace, this will have to be our focus.”

    [ad_2]
    #Justice #Department #disrupts #group #thousands #ransomware #attacks
    ( With inputs from : www.politico.com )