Tag Archive for: Gang

INC RANSOM ransomware gang claims to have breached Xerox Corp

/in


INC RANSOM ransomware gang claims to have breached Xerox Corp

Pierluigi Paganini
December 30, 2023

The INC RANSOM ransomware group claims to have hacked the American multinational corporation Xerox Corp.

Xerox Corp provides document management solutions worldwide. The company’s Document Technology segment offers desktop monochrome and color printers, multifunction printers, copiers, digital printing presses, and light production devices; and production printing and publishing systems for the graphic communications marketplace and large enterprises.

The INC RANSOM ransomware group claims responsibility for hacking the American multinational corporation Xerox Corp and threatens to disclose the alleged stolen data.

The INC RANSOM group added Xerox to the list of victims on its Tor leak site.

Xerox Corp

The ransomware group published the images of eight documents, including emails and an invoice, as proof of the hack.

At this time it’s unclear which is the volume of data allegedly stolen from the company.

The INC RANSOM has been active since 2023, it claimed responsibility for the breach of more than 40 organizations to date.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

Source…

Hunters International ransomware gang claims to have hacked the Fred Hutch cancer center

/in


Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center

Pierluigi Paganini
December 16, 2023

The Hunters International ransomware gang claims to have hacked the Fred Hutchinson Cancer Center (Fred Hutch).

Another healthcare organization suffered a ransomware attack, the Hunters International ransomware gang claims to have hacked the Fred Hutchinson Cancer Center (Fred Hutch).

The ransomware gang has added the organization to its dark web leak site and is threatening the victim to leak the alleged stolen data.

Fred Hutchinson Cancer Research Center is an independent, nonprofit research institute based in Seattle, Washington. Its mission is to improve the lives of people worldwide through research, clinical care and education.

The center’s research focuses on cancer prevention, diagnosis, treatment and survivorship. Fred Hutch investigators are making groundbreaking discoveries in cancer genomics, immunotherapy, precision medicine and other fields.

The organization operates a network of clinical sites in the US.

Earlier in December, Fred Hutch disclosed a cyber attack that took place on November 19, 2023. Threat actors had access to its infrastructure.

The Seattle Times reported that Fred Hutch patients started receiving email threats following cyberattack.

“Then this week, the spam emails started to arrive. The threats were sent to a number of former and current Fred Hutch patients — as well as some who have received care from Hutch partner UW Medicine — and claimed the names, Social Security numbers, phone numbers, medical history, lab results and insurance history of more than 800,000 patients had been compromised.” reported the Seattle Times.

“If you are reading this, your data has been stolen and will soon be sold to various data brokers and black markets to be used in fraud and other criminal activities,” the alleged hackers wrote, according to several emails shared with The Seattle Times.”

Fred Hutch
Robert M. Arnold Building, Fred Hutchinson Cancer Research Center.

The organization immediately started the incident response procedure, it took impacted systems offline, a circumstance that suggests that Fred Hutch was the…

Source…

WGRE Reports DePauw Attacked by Black Suit Ransomware Gang

/in


Editor’s NoteThis article was submitted by WGRE News Director Taylor Fleming. The DePauw gives WGRE full credit for this news piece. 

DePauw’s Cyber incident was an attack by the Black Suit Ransomware gang. Black Suit claims to have stolen two-hundred fourteen gigabytes of data. The gang operates by stealing and encrypting data on a compromised network. This story was originally reported by The Record, a news organization run by cybersecurity firm Recorded Future. Last week, DePauw notified many students and parents that their social security numbers and other personal information may have been stolen by an unauthorized third party. This third party has turned out to be Black Suit. According to the US government’s Health Sector Cybersecurity Coordination Center, Black Suit is a relatively new ransomware group that was discovered in early May 2023. However, Black Suit is likely linked to another ransomware group called Royal. Royal was the direct successor of defunct Russian hacker group Conti. The FBI has been assisting DePauw University as they navigate this attack. DePauw has offered impacted students one year of free identity protection services. DePauw University found out about the cyber attack on October 31.

Source…

Police Bust Ransomware Gang in Ukraine for Attacking 1,800 Victims

/in


European police say they’ve dismantled a ransomware group in Ukraine that was behind a series of high-profile attacks on corporations across the globe.

Law enforcement arrested the suspected 32-year-old ringleader to the group, along with four of his most active accomplices, Europol said on Tuesday. Law enforcement agencies including officials from the US, also helped investigate 30 properties across Ukraine, including in the capital of Kyiv, tied to the gang. 

Europol didn’t say whether the gang developed the ransomware code. But the group used several ransomware strains, including “LockerGoga, MegaCortex, HIVE and Dharma” to attack companies. This suggests they operated as an “affiliate,” buying access to the attacks from ransomware code developers.

Police investigating the hacker's phones.

(Credit: Cyber Police of Ukraine)

Europol adds: “The suspects had different roles in this criminal organization. Some of them are thought to be involved in compromising the IT networks of their targets, while others are suspected of being in charge of laundering cryptocurrency payments made by victims to decrypt their files.”

To spread ransomware to the corporations, the group resorted to sending phishing emails to employees or guessing their login passwords. Once inside a company network, the gang would use other tools, including the Trickbot malware, to gain wider access. The ensuing ransomware attack would then encrypt servers across the network, forcing the victim companies to pay up in cryptocurrency or risk losing their data forever. 

“These attacks are believed to have affected over 1,800 victims in 71 countries,” added the European Union Agency for Criminal Justice Cooperation. “The perpetrators targeted large corporations, effectively bringing their business to a standstill and causing losses of at least several hundred millions of euros.” 

The Cyber Police of Ukraine also assisted in taking down the gang, which allegedly began targeting companies starting in 2018. In one example, the group demanded a company in the Netherlands pay 450 Bitcoin ($16.8 million in today’s value) to restore their servers. 

Recommended by Our Editors

“It has been established that over several years of criminal…

Source…