Tag Archive for: allegedly

US prison allegedly hit by ransomware attack

/in


In what might be considered the first ransomware attack of its kind, the Play ransom gang claims to have successfully hit a maximum-security detention center in the Northeast state of Rhode Island.

The Donald W. Wyatt Detention Facility, located in the City of Central Falls, Rhode Island was listed on the threat actors dark leak site Tuesday evening.

The maximum-security facility at capacity houses over 700 adult males and 40 adult female detainees, according to Central Falls.

Detainees include those in custody by the US Marshals Service, the Federal Bureau of Prisons, the United States Navy, as well as those from the nearby Native American Mashantucket Pequot Reservation.

The threat group claims to have exfiltrated “Private and personal confidential data, clients documents, agreements, budget, HR, IDs, tax, finance information and etc.”

Play ransom Wyatt Detention
Play leak site

Play did not reveal the amount of stolen data it may have acquired from the Facility, instead cryptically posting three question marks “???” followed by a gigabyte symbol in the listing.

The gang also claims it will publish whatever data it has by a November 19th deadline.

Unlike a federal prison, the state detention center holds prisoners who have not yet been arraigned, have been denied bail, or are awaiting trial.

The private Facility is also governed by a board of directors appointed by the Central Falls Mayor, making it a quasi-public corporation.

Besides security systems and operations at the detention facility, files on inmates, especially those that may be found innocent, could supply the hackers with a treasure trove of information that could potentially be used to blackmail detainees in the future.

Additionally, for those inmates awaiting trial, sensitive documents could be used to sway legal proceedings and spur dozens of lawsuits against the Facility for failing to keep personal data secured.

Deemed part of the American Correctional Association (ACA), the Facility takes in prisoners from various jurisdictions, including the surrounding states of Connecticut, Massachusetts, New Hampshire, Maine, and Vermont.

Cybernews has reached out to the The Donald W. Wyatt Detention Facility, as well as…

Source…

Scottish university allegedly targeted in ransomware attack

/in



Data supposedly belonging to the University of the West of Scotland (UWS) has been put up for auction by an extortion cybergang. The university admitted to experiencing system issues earlier this …

Source…

Venezuela’s Largest Bank Allegedly a Victim of Ransomware Attack

/in


Twitter users are reporting that Banco de Venezuela, the largest bank in the country, has fallen victim to a ransomware attack. Cybersecurity portals monitoring these attacks have confirmed the information.

Banco de Venezuela issued a statement regarding the spread of information on social media without denying or confirming the news.

The LockBit Ransomware Attack

On the morning of April 19, Twitter users began discussing that Banco de Venezuela had been affected by the LockBit ransomware. Several specialized computer security portals have since confirmed a publication on the darknet about the bank domain bancodevenezuela[.]com exists.

LockBit is malicious software designed to encrypt a victim’s files or data, making them inaccessible. The attackers behind LockBit ransomware then demand a ransom, usually in the form of cryptocurrency, from the victim to decrypt and regain access to their files. It often spreads through phishing emails or using brute-force attacks on weak passwords.

The ransomware attack appears to have not seized the bank’s platform equipment, as electronic services seem to be functioning normally, per Banco de Venezuela’s official statement:

“We would like to inform you that our platform and electronic channels are operating normally and providing the usual service, with complete integrity and security.”

Still, there is a possibility that the attackers may have taken hostage all the information they managed to collect and are demanding a ransom for it.

Potential Implications of the Hack

The seized information could include both internal bank operations and customer data. The hacking announcement states:

“All available information will be published.”

Aside from the evidence in the published photos, no further details about the obtained information were provided.

Banco de Venezuela Falls Victim of Ransomware Attack
Banco de Venezuela Falls Victim of Ransomware Attack. Source: BetterCyber

According to LockBit’s portal, the hacking information was uploaded to their portal at 6:27 AM Caracas time on April 19. The publication states that the bank has until May 10 at 2:27 AM Caracas time to pay the ransom.

The ransom amount was not disclosed, but it is known that LockBit only accepts payments in…

Source…

Chinese government-linked hacking group allegedly stole $20M in COVID relief funds

/in


A hacking group linked to the Chinese government is alleged to have stolen more than $20 million in COVID relief benefits, including U.S. Small Business Administration loans and unemployment funds in more than a dozen states.

NBC reported today that the allegation comes from the Secret Service, although the agency has not released a report on the matter. The group allegedly behind the theft, APT41 — also known as Wicked Panda and Winnti — is well-known and has been behind multiple attacks in the past, making the claim believable.

Referencing officials and experts, most speaking off the record, NBC said other federal investigations of pandemic fraud have also pointed back to foreign state-affiliated hackers. A spokesperson for the Secret Service declined to comment further, but one spokesperson did suggest that the attacks may have targeted all 50 states.

Presuming APT41 did steal $20 million in pandemic relief funds, the theft would be a drop in a bucket next to the figures believed to have been extorted, stolen or wrongly claimed. The Labor Department Office of the Inspector General believes that roughly 20% of the $872.5 billion spent on federal pandemic funds were improperly paid, with the fraud rate potentially higher yet.

The Justice Department indicated members and associates of APT 41 in September 2020 on allegations of state-sponsored hacking. At the time, the group was alleged to be behind computer intrusions affecting more than 100 companies and groups in the United States and abroad.

Groups and companies previously targeted by APT41 include software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, nonprofit organizations, universities, think tanks and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

“The actions of Wicked Panda to steal from the U.S. Paycheck Protection Program post-COVID-19 comes as no surprise and should be a continued wakeup call,” Tim Kosiba, chief executive officer of government cybersecurity solutions and training provider bracket f Inc., a subsidiary of Redacted Inc., told SiliconANGLE. “This Chinese-backed…

Source…