Tag Archive for: Million

Member of Russian cybergang Trickbot pleads guilty in $180 million global ransomware spree that hit Avon schools, others

/in


CLEVELAND, Ohio — A Russian man on Thursday admitted to his role in the cybergang Trickbot that attacked millions of computers around the world with ransomware, including those in hospitals during the coronavirus pandemic.

Vladmir Dunaev, 40, pleaded guilty in federal court in Cleveland to conspiracy to commit computer fraud and conspiracy to commit bank and wire fraud.

He faces between five and six-and-a-half years in prison when U.S. District Judge Solomon Oliver sentences him. Oliver set a sentencing date for March 20, but said he could move that date up.

Dunaev is the second person to plead guilty in the United States to working for the Russia-based gang, which authorities say stole at least $33 million from Americans and $180 million worldwide.

He worked as a malware developer for the gang, and he was not a high-level planner, authorities said. He helped devise ways for the malware to avoid detection by cybersecurity software programs and developed tools to mine data on hacked computers, among other roles, Assistant U.S. Attorney Dan Riedl said.

Dunaev was arrested in 2021 in South Korea.

The case was prosecuted in Cleveland because some of Trickbot’s victims were in Northeast Ohio, including Avon schools, which lost about $471,000, and a North Canton business that lost about $750,000.

A co-defendant, Alla Witte, was the first Trickbot member to plead guilty in the case and was sentenced in June to two years and three months in prison.

Trickbot and other malware convictions are rare because many of its members live in Russia or other countries that do not have extradition agreements with the United States.

In September, prosecutors in Cleveland and elsewhere charged 14 more members of the gang and its offshoot, Conti. Another gang member was charged in February. None of the 15 has been arrested.

The U.S. Treasury Department and United Kingdom have also issued sanctions, including travel bans and asset freezes, against 18 gang members.

Officials in both countries have said Trickbot has direct ties to Russian intelligence.

The group grew to have as many as 400 members and infected millions of computers across the globe, including in Italy, Australia, Belgium and Canada.

The malware…

Source…

Conti-linked ransomware takes in $107 million in ransoms: Report

/in


Black Basta, a ransomware campaign thought to be the brainchild of people linked to the infamous Conti malware gang, has been paid more than $100 million in the past year and a half, infecting 329 known victims.

According to a report published this week by blockchain analytics firm Elliptic, the Black Basta ransomware has attacked targets in a pattern similar to that of the Conti gang, both in terms of regionality and industry. Nearly two-thirds of Black Basta’s attacks have been against US companies, and, like Conti, manufacturing, engineering and construction and wholesale/retail businesses have been the most common targets. Other industries were also targeted, however, including law firms, real estate offices, and more besides.

Elliptic, in concert with Corvus Insurance, researched the blockchain connections between cryptowallets used to accept Bitcoin ransom payments, and discovered distinctive patterns. This, the report said, allowed the researchers to identify more than 90 ransom payments to Black Basta, which averaged $1.2 million each. They identified a total of $107 million in payments to the group.

The report noted that this figure is likely to be a “lower bound,” however, given the likelihood of payments that they were unable to identify. The two highest-profile victims are Capita, a tech outsourcing firm with huge UK government contracts, and industrial automation company ABB.

The report notes that neither company has disclosed any ransom payments. Capita did not immediately reply to requests for comment; ABB acknowledged in a statement that it experienced a “security incident,” but did not specify whether the incident involved ransomware.

“In May 2023, ABB became aware of an IT security incident impacting certain company IT systems. As a result of the incident, ABB started an investigation, notified certain law enforcement and data protection authorities, and worked with leading experts to determine the nature and scope of the incident,” according to an ABB statement sent by its media relations head. “ABB also took steps to contain the incident and further enhance the security of its systems. Based on its investigation, ABB…

Source…

Russian gang’s hack in Maine affected personal data of 1.3 million people

/in


More than 1 million people who had contact with Maine state agencies have been caught up in a Russian gang’s international cybersecurity breach, potentially exposing their Social Security numbers, dates of birth and other confidential information, state officials said Thursday.

The Department of Administrative and Financial Services is notifying people who may have been affected by what it called a “global cybersecurity incident” that occurred May 28 and May 29 concerning the file transfer tool, MOVEit. The state is among several thousand organizations affected by software vulnerability that allowed cybercriminals to access and download data, the state said in an announcement about the breach. It affected industries such as insurance, finance, education, health and government.

The breach, which affected 1.3 million people, exposed data on more than half of  the state Department of Health and Human Services workers and between 10% and 30% of the employees at the Department of Education. Maine’s population is 1.37 million people.

Other affected agencies are the Office of the Controller, Workers’ Compensation, Bureau of Motor Vehicles, Department of Corrections, Department of Economic and Community Development, Bureau of Human Resources, Department of Professional and Financial Regulation, and the Bureau of Unemployment Compensation.

Once the breach was discovered, the state sought to identify people whose information might have been compromised. The assessment of those affected took months and was recently completed. The state is now notifying individuals using a press release issued nationwide, the U.S. Postal Service and email.

The exploited program, MOVEit, a file-transfer platform made by Progress Software Corp., is widely used by businesses to share files, The Associated Press reported in June. The breach was blamed on a Russian cyber-extortion gang’s hack of a file-transfer program popular with corporations and governments.

The incident in May was specific and limited to Maine’s MOVEit server and did not impact any other state networks or systems, according to information posted on the state’s website.

Maine agencies hold information about…

Source…

Medical Transcription Hack Affects 1.2 Million Chicagoans

/in


Cybercrime
,
Fraud Management & Cybercrime
,
Incident & Breach Response

Cook County Health Says It Is Among the Vendor’s ‘Many’ Clients Affected by Hack

Marianne Kolbasuk McGee (HealthInfoSec) •
November 8, 2023    

Medical Transcription Hack Affects 1.2 Million Chicagoans
Image: Getty

A major healthcare provider in Chicago that targets underserved populations is notifying as many as 1.2 million patients that their information was compromised in a data theft incident at a medical transcription vendor.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

Cook County Health, which operates two public hospitals and more than a dozen community healthcare clinics in Illinois, said it has terminated its relationship with the vendor and that it is among “many” other healthcare organizations affected by the incident.

A breach notice says the hack affected systems of Perry Johnson & Associates, the third-party transcription vendor, where “some” of the hospital system’s patient information was stored.

The data includes names, birthdates, addresses, medical information, and the dates and times of service. Approximately 2,600 of those patient records may also have included Social Security numbers, CCH said.

“CCH is one of many organizations impacted by the PJ&A data security incident. No CCH systems or servers were accessed during this incident,” CCH said. “Upon learning of the data security incident, CCH stopped sharing data with PJ&A, and terminated its relationship with PJ&A,” the county health system said.

The transcription vendor is working with…

Source…