Tag: confirms | Page 4

Sony Confirms Data Stolen in Two Recent Hacker Attacks

October 7, 2023/in Computer Security

Sony this week shared information on the impact of two recent unrelated hacker attacks believed to have been carried out by a couple of known cybercrime groups.

One of the incidents is related to the investigation launched recently by Sony after a relatively new ransomware group named RansomedVC claimed to have compromised all of the company’s systems and offered to sell stolen data.

The screenshots the hackers initially made public to demonstrate their claims seemed to show that they obtained source code, access to Sony applications, and confidential documents. However, most of the content appeared related to Sony’s Creators Cloud media production solution, suggesting that their claims were exaggerated.

In an updated statement on Wednesday, Sony told SecurityWeek that it has been investigating the claims with the help of third-party forensics experts and identified unauthorized activity on a single server located in Japan. The hacked server has been used for internal testing for the company’s Entertainment, Technology and Services (ET&S) business.

“Sony has taken this server offline while the investigation is ongoing. There is currently no indication that customer or business partner data was stored on the affected server or that any other Sony systems were affected. There has been no adverse impact on Sony operations,” the company said.

RansomedVC has now made available a 2Gb archive file allegedly containing information stolen from the Japanese electronics and entertainment giant. However, downloading the file does not seem to work at the time of writing.

The second incident is related to the campaign in which the Cl0p ransomware group exploited a zero-day vulnerability in Progress Software’s MOVEit managed file transfer (MFT) software to gain access to the files of hundreds of organizations that had been using the product.

Advertisement. Scroll to continue reading.

Cybersecurity firm Emsisoft has counted more than 2,300 impacted organizations and over 62 million individuals to date, but the numbers continue to increase.

Sony was among the first major companies to be listed on the Cl0p leak website as a victim of the MOVEit hack. The company this week…

Source…

McLaren confirms ransomware hack, patient data possibly at-risk

October 5, 2023/in Computer Security

LANSING, Mich. (AP) — A statement from McLaren Health Care officials on Wednesday said it’s possible patient data may have leaked onto the dark web, thanks to a ransomware attack that shut down its computer network in late August and early September.

McLaren says an investigation confirmed its computer network was targeted by a ransomware event. Officials with McLaren also said another investigation is working to verify whether any private data made its way onto the dark web.

If that fear is confirmed, McLaren says it will notify the impacted individuals “as soon as possible.”

“We want to assure our patients and the communities we serve that our systems remain operational, and we continue to provide the exceptional care for which we are known,” said Dave Jones, marketing manager for McLaren Health Care, in a press release.

A ransomware group known as BlackCat/AlphV, which has claimed responsibility for several high-profile hacking incidents, took credit for the McLaren cybersecurity attack, according to WLNS.

Healthcare providers are required to comply with several federal regulations that create transparency for the affected when personal data leaks occur, including disclosing what types of information were compromised, how people can protect themselves and how the leak is being investigated.

McLaren’s press release on Wednesday also detailed how it is updating its cybersecurity in response to the ransomware hack:

“Protecting the security and privacy of data in our systems is a top organizational priority, so we immediately launched a comprehensive investigation to understand the source of the disruption and identify what, if any, data exposure occurred. We simultaneously retained leading global cybersecurity specialists to assist in our investigation, and we have been in touch with law enforcement. We have also taken measures to further strengthen our cybersecurity posture with a focus on further securing our systems and limiting disruption to our patients and the communities we serve.”

Source…

Large Michigan healthcare provider confirms ransomware attack

September 29, 2023/in Internet Security

One of the largest healthcare systems in Michigan confirmed that it is dealing with a ransomware attack after a notorious hacker gang boasted about the incident.

A spokesperson for McLaren HealthCare said the organization recently detected suspicious activity on its computer network and immediately began an investigation.

“Based on our investigation, we have determined that we experienced a ransomware event. We are investigating reports that some of our data may be available on the dark web and will notify individuals whose information was impacted, if any, as soon as possible,” a spokesperson said.

McLaren operates 13 hospitals across Michigan, as well as other medical services such as infusion centers, cancer centers, primary and specialty care offices and a clinical laboratory network. The company has more than 28,000 employees and also has a wholly owned medical malpractice insurance company.

Earlier this month, the company reported outages affecting billing and electronic health record systems. According to the Detroit Free Press, McLaren had to shut down the computer network at 14 different facilities — a situation that got so bad that employees had to communicate through their personal phones.

The spokesperson said McLaren has “retained leading global cybersecurity specialists to assist in our investigation, and we have been in touch with law enforcement. We have also taken measures to further strengthen our cybersecurity posture with a focus on securing our systems and limiting disruption to our patients and the communities we serve.”

The spokesperson added that systems “remain operational” but did not respond to requests for comment about whether billing and record systems had been restored to functionality. They did not say whether a ransom would be paid.

The Black Cat/AlphV ransomware gang took credit for the attack in a post on its leak site early on Friday morning.

The gang — which initially did not name the company before hours later adding McLaren’s name — claimed to have stolen 6 TB of data, allegedly including the personal data of millions as well as videos of the hospitals’ work.

Image: McLaren HealthCare

Michigan’s Emergency Management…

Source…

US-Canada water org confirms ‘cybersecurity incident’ after ransomware crew threatens leak • The Register

September 15, 2023/in Internet Security

The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.

“The International Joint Commission has experienced a cybersecurity incident, and we are working with relevant organizations to investigate and resolve the situation,” a spokesperson for the org told The Register.

The spokesperson declined to answer specific questions about what happened, or confirm the miscreants’ data theft claims.

IJC is a cross-border water commission tasked with approving projects that affect water levels of the hundreds of lakes and rivers along the US-Canada border. It also resolves disputes over waters shared between the two countries.

On September 7, the NoEscape ransomware crew listed IJC as a victim on its dark-web site, and claimed it breached the commission’s network, and then stole and encrypted a flood of confidential data. This info, according to the crooks, included contracts and legal documents, personal details belonging to employees and members, financial and insurance information, geological files, and “much other confidential and sensitive information.”

The cyber-crime gang has given the IJC ten days to respond to its ransom demand, or it may make the swiped info public.

“If management continues to remain silent and does not take the step to negotiate with us, all data will be published,” the NoEscape leak notice threatened. “We have more than 50,000 confidential files, and if they become public, a new wave of problems will be colossal. For now, we will not disclose this data or operate with it, but if you continue to lie further, you know what awaits you.”

The IJC spokesperson contacted by The Register declined to comment on the ransom demand or if the commission would pay.

Who is NoEscape?

NoEscape is a ransomware-as-a-service operation that appeared in May and takes a double-extortion approach. That means instead of simply infecting victims’ machines with malware, encrypting their files and demanding a ransom to release the data, the crooks first steal the files before locking them up. They threaten to…

Source…

Tag Archive for: confirms

Who is NoEscape?