Tag Archive for: los

Entérate de cuáles son los 5 grupos más activos de ransomware en América Latina en 2023

/in


ESET advierte que la actividad de los grupos de ransomware en la región se incrementó este año con un foco: los ámbitos corporativos y gubernamentales.

Según el ESET Security Report, el 96% de las organizaciones manifestó preocupación por el ransomware, y el 21% informó haber experimentado un ataque de este tipo en los últimos dos años. De estos, el 77% logró recuperar su información a través de políticas de respaldo, mientras que el 4% admitió haber pagado un rescate. Además, el 84% de las organizaciones encuestadas se negó a negociar el pago por la recuperación de datos.

Suscríbete a nuestro newsletter

ESET resalta la importancia de enfrentar desafíos futuros, como el aumento de campañas de spearphishing dirigidas a objetivos específicos. Menciona la necesidad de mejorar la conciencia de seguridad entre los colaboradores de las empresas, dada la creciente utilización de tecnologías en el período pospandemia.

En cuanto a las preocupaciones de seguridad en América Latina, el robo o fuga de información encabeza la lista con un 66% de preocupación, relacionado con accesos indebidos a sistemas, ataques de phishing dirigido (spearphishing) y la instalación de ransomware o troyanos de acceso remoto.

Los grupos de ransomware más activos en la región son:

  1. SiegedSec: Conocido por asediar a sus víctimas, extorsionando para pagar un rescate o vendiendo la información en la Dark web. Han afectado a diversos sectores en América Latina, incluyendo atención sanitaria y entidades gubernamentales.
  2. Nokoyawa: De origen ruso y con un cifrado sofisticado, ha obtenido una gran cantidad de información en el sector de salud de Brasil.
  3. ALPHV (Blackcat): Opera mediante Ransomware-as-a-Service y se dirige a objetivos específicos, con ataques personalizados.
  4. Stormous y su alianza con GhostSec: Grupo árabe que inicialmente atacaba a Estados Unidos pero se asoció con GhostSec para atacar a países de América Latina, incluyendo el gobierno de Cuba.
  5. Vice Society: Activo en el sector de educación y atención médica, también apunta a la industria manufacturera en varios países. Se destaca por su generador de ransomware…

Source…

Los Angeles Housing Authority Hit by Ransomware Attack

/in


LA Housing Authority building at 2600 Wilshire Blvd. Los Angeles (Google Maps, Illustration by Priyanka Modi for The Real Deal with Getty)

LA Housing Authority building at 2600 Wilshire Blvd. Los Angeles (Google Maps, Illustration by Priyanka Modi for The Real Deal with Getty)

A ransomware gang is threatening to publish a large volume of data it stole from the Housing Authority of the City of Los Angeles unless a ransom is paid, the Los Angeles Times reported.

Last week, LockBit stole 15 terabytes of data from the housing authority, which provides housing and runs the federal voucher programs for 83,000 low-income families in the city, TechCrunch reported. The ransomware group threatened to release the information on Thursday if its demands were not met.

The data, according to the Times, ranged in terms of its sensitivity, from a holiday video to payroll, audit information and taxes.

HACLA said in a statement last Monday that it was assessing the damage tied to a “cyber event.”

“We are working diligently with third-party specialists to investigate the source of this disruption, confirm its impact on our systems, and to restore full functionality securely to our environment as soon as possible,” the statement said, according to the Los Angeles Times. “We remain committed to providing quality work as we continue to resolve this issue.

It’s the second recent cyber attack on a Los Angeles public agency to have been attacked recently. The Los Angeles Unified School District was targeted in September by the ransomware group Vice Society, which published stores of data, including Social Security numbers, health information and students’ psychological assessments, when the district refused to pay.

The attack on the housing authority comes at a particularly difficult time for a housing authority that is among the largest in the nation.

In October, after opening its Section 8 waitlist for the first time in five years, the housing received 223,400 applications for low-income housing, the LAist reported.

LockBit recently apologized for an attack on Canada’s largest children’s hospital, placing blame on an affiliate group.

— Ted Glanzer

Source…

Vice Society raises ransomware pressure on Los Angeles school district

/in


Vice Society on Friday listed the Los Angeles Unified School District on its ransomware leak site, four weeks after the country’s second-largest school system was hit by a major ransomware attack.

The group threatened to publish data it claims to have stolen during the attack on Oct. 3 at 4 p.m. PST. Ransomware groups typically list their victims on leak sites to increase pressure and set deadlines for victims to meet their ransom demand before stolen data is published.

The threat, which was discovered and published on Twitter by Brett Callow, threat analyst at Emsisoft, effectively gives the Los Angeles school district less than four days to respond. Vice Society did not include any details about the data it plans to publish.

“The only thing we now know is the date and time that they’ll release whatever data they supposedly have,” Callow said via email. 

Vice Society has hit at least eight other U.S. school districts, colleges or universities this year, he said.

Alberto Carvalho, superintendent at LAUSD, previously confirmed a ransom demand was made by the group that breached the district’s systems. But, in an interview with the Los Angeles Times, Carvalho declined to state the amount demanded or what information the threat actor claims to have stolen. 

The district has been following ransomware guidance from multiple federal agencies that are assisting with the investigation and recovery. Carvalho last week said the district had not responded to the ransom demand.

Vice Society was singled out in a joint Cybersecurity Advisory from federal authorities the same day LAUSD went public with the attack. The district and federal authorities have not publicly acknowledged the group is behind the attack, but the connection remains implied.

A spokesperson for LAUSD said the district is investigating the latest development, but did not have further information to share.

Source…

Los Angeles Unified School District Hackers Demand Ransom

/in


(TNS) — The hackers who targeted the Los Angeles Unified School District have made a ransom demand, officials confirmed Tuesday, an indication that the attackers have extracted sensitive data or believe they can bluff the district into thinking that they have.

“We can confirm that there was a demand made,” L.A. schools Supt. Alberto Carvalho said. “There has been no response to the demand.”

Carvalho declined to disclose the amount of the ransom demand or any further information about what information, if any, the attackers may be holding.


He said that there have been “no new security breaches” and that the school system is continuing “our ramping up of apps and systems.”

Officials said they are optimistic that Social Security numbers and other sensitive information of employees remain secure. But the outlook could be different related to student information, such as grades, course schedules, disciplinary records and disability status. The district does not collect Social Security numbers for students and parents.

Earlier Carvalho disclosed that the attackers extended their deadline for entering into negotiations without specifically mentioning a ransom amount. The district, Carvalho added, is following the advice of experts and law enforcement, which includes the FBI as well as the Los Angeles Police Department.

In a related development, federal officials on Friday announced a new major grant program to help public agencies better secure themselves from cyber attack.

The demand for money was widely anticipated in the wake of the cyber attack, which was discovered in progress on the night of Sept. 3, the Saturday of Labor Day weekend.

Hackers will typically threaten to post sensitive data online if they are not paid, but it can be difficult to determine what they’ve obtained, and they might be lying.

In general, such payments are a bad idea, said Clifford Neuman, director of USC’s Center for Computer Systems Security.

“It is important for any organization impacted by ransomware to understand that even if they pay a ransom demand, they will still incur significant IT expense and delays to repair the system,” Neuman said….

Source…