Tag Archive for: Attack

Scranton School District suffered a ransomware attack


Scranton School District in Pennsylvania suffered a ransomware attack

Pierluigi Paganini
March 16, 2024

School districts continue to be under attack, schools in Scranton, Pennsylvania, are suffering a ransomware attack.

This week, schools in Scranton, Pennsylvania, experienced a ransomware attack, resulting in IT outages. The Scranton School District is working with third-party forensic specialists to investigate the security breach and restore impacted systems.

“The attack is causing a temporary disruption to some of our computer systems and services. We are working diligently with third party forensic specialists, that we engaged last evening, to investigate the source of this incident, confirm its impact on our systems, and to restore full functionality to the system as soon as possible,” reads a post published by the Scranton School District on Facebook they wrote.  

“Scranton School District’s computer system was recently hacked and infected with ransomware, according to acting Superintendent Patrick Laffey.” reported The Time Tribune.

The district ordered school staff not to use any electronic devices and uninstall any school-related apps from their mobile devices, said Rosemary Boland, president of the Scranton Federation of Teachers.

“As you know, some files may be inaccessible during this period as we, and the third-party forensic specialists, continue the investigation. Due to the increased security measures placed in our systems, some functions may be slower than usual.”

The Scranton School District website is not reachable and their Facebook account is not available at the time of this writing.

The Scranton School District is a large, urban school district located in Scranton, Pennsylvania in the Wyoming Valley region. The district encompasses approximately 26 square miles. According to the 2020 census, the Scranton School District serves a resident population of 76,997.

The school district includes 15 schools and serves more than 9000 students.

The Scranton School District reported “network-related issues” on Thursday, the problems caused a disruption for computer systems and services in the District. The issues caused the school…

Source…

Ransomware attack hamstrings three District Attorneys’ offices in NM • Source New Mexico


A ransomware attack impacted three local prosecutors’ offices around New Mexico earlier this week.

Wednesday morning, someone ran ransomware on servers in four offices connected to the Administrative Office of the District Attorneys (AODA), including the server for the network prosecutors and public defenders use to share court records called the consolidated statewide case management system (CMS).

In interviews with Source New Mexico, a spokesperson for the First Judicial District Attorney Mary Carmack-Altwies in Santa Fe and Ninth Judicial District Attorney Quentin Ray in Clovis said their offices were impacted by the attack.

A third prosecutor’s office, the Fifth Judicial District Attorney in Carlsbad, was also affected, according to Ray. A phone call seeking comment from Fifth DA Dianna Luce on Thursday was not returned.

Marcus Montoya, president of AODA and the elected Eighth Judicial District Attorney in Taos, said Thursday afternoon “we’re still triaging” which cases and hearings the attack impacted.

“Affected might mean different things, so how much is compromised is hard for me to say,” he said. “Maybe some districts might be a little more exposed than others, but for the most part, a majority of the data is protected and will be available.”

The attack left prosecutors unable to access the case management system, slowing their work and making it more tedious, Montoya said. Prosecutors and staff instead had to access a different server and move the files over to an external hard drive, which they carried into court, he said.

“It’s contained, and it’s ultimately not as bad as probably your traditional ransomware attack, so I think we’re in a good place,” Montoya said. 

GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX

Ray, the DA in Clovis, said those case files include any information about people accused of crimes, evidence in their cases, and prosecutors’ own case notes.

Some hearings had to be delayed, he said, “others we were able to MacGyver around.” Between 10% and 15% of the cases his office handles…

Source…

District attorney offices statewide affected by ransomware attack


Mar. 14—The New Mexico Administrative Office of the District Attorneys was still trying to get its two main computer servers working again Thursday after a ransomware attack locked prosecutors across the state out of their files Wednesday morning.

“We are currently working to resolve the issue and optimistic it will be resolved sometime today,” said Henry Valdez, the agency’s director, in an interview Thursday.

He explained the cyberattack: “It comes in however it can, then encrypts your files so you can’t access them and then says you have to pay a certain amount and if you don’t they never release the encryption.”

Valdez said the two computer servers affected by the attack are in Albuquerque but serve offices in the 13 judicial districts throughout New Mexico. The Santa Fe-based server near his office has not been affected, he added.

Work at the First Judicial District Attorney’s Office, which serves Santa Fe, Rio Arriba and Los Alamos counties, was hindered by the attack, a spokesman confirmed.

“The FJDA can confirm that we are experiencing issues with our case management system, as well as other internal systems. This has resulted in an inability for our staff to work as they are normally accustomed,” spokesman Nathan Lederman wrote in an email.

“We have been informed that our computer systems have been hacked statewide,” District Attorney Mary Carmack-Altwies wrote in an email Wednesday to judges and others in the district.

“As such, we have no access to any files/drives/folders. Nothing,” she wrote.

“AODA is attempting to fix the situation but it appears that malware and/or ransomware has attacked the systems and this may take the rest of the week,” she added.

The Judicial Information Division Service desk sent an email to judges Thursday warning staff to use caution when opening electronic communications from the District Attorney’s Office.

“Until further notice anything we receive from the district attorney’s office, even from trusted sources, needs to be thoroughly reviewed,” the email says. “All emails from any DA email address should be carefully examined especially if it contains any sort of attachment or hyperlink that would take you to a website.”

Source…

DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack


Mar 14, 2024NewsroomMalware / Cyber Attack

Microsoft Flaw in Zero-Day Attack

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers.

“During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led to malicious Microsoft (.MSI) installers,” Trend Micro said.

CVE-2024-21412 (CVSS score: 8.1) concerns an internet shortcut files security feature bypass vulnerability that permits an unauthenticated attacker to circumvent SmartScreen protections by tricking a victim into clicking on a specially crafted file.

It was fixed by Microsoft as part of its Patch Tuesday updates for February 2024, but not before it was weaponized by a threat actor called Water Hydra (aka DarkCasino) to deliver the DarkMe malware in attacks targeting financial institutions.

The latest findings from Trend Micro show that the vulnerability has come under broader exploitation than previously thought, with the DarkGate campaign leveraging it in conjunction with open redirects from Google Ads to proliferate the malware.

Cybersecurity

The sophisticated attack chain begins with victims clicking on a link embedded within a PDF attachment sent via a phishing email. The link deploys an open redirect from Google’s doubleclick[.]net domain to a compromised web server hosting a malicious .URL internet shortcut file that exploits CVE-2024-21412.

Specifically, the open redirects are designed to distribute fake Microsoft software installers (.MSI) masquerading as legitimate software, such as Apple iTunes, Notion, NVIDIA, which come fitted with a side-loaded DLL file that decrypted and infected users with DarkGate (version 6.1.7).

It’s worth noting that another now-fixed bypass flaw in Windows SmartScreen (CVE-2023-36025, CVSS score: 8.8) has been employed by threat actors to deliver DarkGate, Phemedrone Stealer, and Mispadu over the past few months.

The abuse of Google Ads technologies allows threat actors to increase the reach and scale of their attacks through different ad…

Source…