Planned Parenthood of Montana’s chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law enforcement and infosec professionals to help investigate and rebuild its IT environment.
This comes as ransomware crew RansomHub boasted it had broken into the nonprofit, and stolen its data, which it is threatening to leak unless payment is made. According to Martha Fuller, CEO and president of the US state’s Planned Parenthood office, a network intrusion – or a “cybersecurity incident” as the org put it – was spotted on August 28.
Read more…
Source: The Register
Related:
- Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
May 19, 2022
The Emotet botnet malware is well known in the cybersecurity industry for its success in using spam emails to compromise machines and then selling access to these machines as part of its infamous malware-as-a-service (MaaS) scheme. Operators behind notorious threats such as the Trickbot trojan and the Ryuk or Conti ransomware are among the malicious ...
- Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies
May 19, 2022
In Part 1 of this two-part blog series, Unit 42 researchers discussed briefly how XLL files are exploited to deploy Agent Tesla. During December 2021, they continued to observe Dridex and Agent Tesla exploiting XLL in different ways for initial payload delivery. A more in-depth look at the Dridex infection chain follows. Threat actors behind Dridex ...
- Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups
May 18, 2022
On February 13, 2022, a novel, lesser-known ransomware collective posted the alleged financial documents of the San Francisco 49ers football team on their underground site. The threat group, known as BlackByte, was widely credited with the orchestration of the attack—However, AdvIntel’s sensitive primary-source intelligence and factual data evidence (including IOCs) point to a different conclusion: ...
- Wizard Spider hackers hire cold callers to scare ransomware victims into paying up
May 18, 2022
Researchers have exposed the inner workings of Wizard Spider, a hacking group that pours its illicit proceeds back into the criminal enterprise. On Wednesday, PRODAFT published the results of an investigation into Wizard Spider, believed to either be or be associated with the Grim Spider and Lunar Spider hacking groups. According to the cybersecurity firm, Wizard Spider, ...
- The BlackByte ransomware group is striking users all over the globe
May 18, 2022
The BlackByte ransomware group uses its software for its own goals and as a ransomware-as-a-service offering to other criminals. The ransomware group and its affiliates have infected victims all over the world, from North America to Colombia, the Netherlands, China, Mexico and Vietnam. Cisco Talos has been monitoring BlackByte for several months and Talos can confirm ...
- Emotet Summary: November 2021 Through January 2022
May 17, 2022
Emotet is one of the most prolific email-distributed malware families in our current threat landscape. Although a coordinated law enforcement effort shut down this malware in January 2021, Emotet resumed operations in November 2021. Since then, Emotet has returned to its status as a prominent threat. This blog provides a background on Emotet, and it reviews ...