Tag Archive for: millions

Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth


The Dallas City Council Wednesday agreed to pay $8.5 million for expenses related to the ransomware attack first revealed in May.

Officials have declined to say publicly if any ransom is included in the expenses so far. And, it is unclear just how many residents may be impacted by leaked city data.

Officials did confirm Wednesday that 27,000 city employees, retirees and their dependents have received notices that their social security and medical information was accessed.

Dallas Firefighters Association President Jim McDade said he received a letter for himself but also one for his son.

“My son is 10. Now I have to worry for the next however long that something is going to be done with his information,” McDade said.

Southern Methodist University Cyber Security Expert Mitch Thornton said that worry is justified.

“I do see his concern and agree with it,” Thornton said.

Cybercriminals may demand ransom from targets like the city of Dallas to restore hacked operations but they may also profit by financial fraud with the data they steal.

“They can use it themselves to try and open credit lines. Or typically they would post this information or the availability of it on the dark web and then sell it to other criminals,” Thornton said.

In May, the city struggled to get crucial operations like emergency dispatch working again.  City courts and many other functions were crippled.

Details were left unclear about the $8.5 million approved Wednesday except for a general description of expenses for software, hardware, forensics experts and two years of credit monitoring for people now getting those letters.

There may be more people connected to the leaked city-data.

“Or even, general residents of the city. What message should we be sharing with them,” Councilmember Jaynie Schultz said.

The one official providing answers in public Wednesday was Assistant City Manager John Fortune.

“So I would just say, this is still an ongoing investigation. We’re still evaluating the magnitude of those individuals who might have been impacted,” Fortune said.

The council went to a closed-door executive session to discuss additional issues regarding the…

Source…

I’m a tech expert – millions risk losing everything by breaking ‘number one security rule’ on iPhone and Android


CYBER experts have revealed why you must never use the same password more than once.

Gadget users risk a dangerous wave of cyber-attacks if they make a simple (and very common) mistake.

It might seem like a handy option, but re-using passwords is extremely dangerousCredit: Unsplash

Often people choose one strong password – and then use it over and over again.

That’s because it’s easy to remember just one password, giving you quick access to all of your accounts and apps.

But it’s extremely dangerous, according to Brad Freeman, director of technology at SenseOn.

“The number one security rule is don’t reuse passwords,” Brad exclusively told The U.S. Sun.

“Many websites will get compromised and reusing the same password could cause a cascading failure as attackers can access multiple services which you have signed up for.

“This could allow an identity thief to build up a rich picture about you to commit fraud against you or your employer.”

If one account is hacked or leaked, crooks can use your password to break into all of your accounts that share the same login.

This means that a small breach somewhere can suddenly cascade into an enormous cyber-attack.

It puts you at serious risk of financial loss and being defrauded.

Hackers could even use a major cyberattack like this to spy on you, or even extort or blackmail you.

Thankfully staying safe is easy: Don’t re-use passwords.

If that seems difficult, it’s best to start using a password manager.

You may already have one: Apple devices like the iPhone offer you iCloud Keychain.

This will automatically generate strong passwords for accounts and then save them for you – refilling the login field when it’s needed.

Google offers a similar password-management feature through its Chrome browser.

And both Apple and Google are trying to push users away from passwords altogether to a new system called Passkeys.

Password-less logins are only just becoming available, and mean you don’t have to risk having a password for an account at all.

Source…

Millions of students impacted by ransomware attacks – Fox News



Millions of students impacted by ransomware attacks  Fox News

Source…

Clop Hacking Rampage Hits US Agencies and Exposes Data of Millions


United States cybersecurity officials said yesterday that a “small number” of government agencies have suffered data breaches as part of a broad hacking campaign that is likely being carried out by the Russia-based ransomware gang Clop. The cybercriminal group has been on a tear in exploiting a vulnerability in the file transfer service MOVEit to grab valuable data from victims including Shell, British Airways, and the BBC. But hitting US government targets will only increase global law enforcement’s scrutiny of the cybercriminals in the already high-profile hacking spree.

Progress Software, which owns MOVEit, patched the vulnerability at the end of May, and the US Cybersecurity and Infrastructure Security Agency released an advisory with the Federal Bureau of Investigation on June 7 warning about Clop’s exploitation and the urgent need for all organizations, both public and private, to patch the flaw. A senior CISA official told reporters yesterday that all US government MOVEit instances have now been updated. 

CISA officials declined to say which US agencies are victims of the spree, but they confirmed that the Department of Energy notified CISA that it is among them. CNN, which first reported the attacks on US government agencies, further reported today that the hacking spree impacted Louisiana and Oregon state driver’s license and identification data for millions of residents. Clop has previously also claimed credit for attacks on the state governments of Minnesota and Illinois.

“We are currently providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” CISA director Jen Easterly told reporters on Thursday. “Based on discussions we have had with industry partners in the Joint Cyber Defense Collaborative, these intrusions are not being leveraged to gain broader access, to gain persistence into targeted systems, or to steal specific high-value information—in sum, as we understand it, this attack is largely an opportunistic one.”

Easterly added that CISA has not seen Clop threaten to release any data stolen from the US government. And the senior CISA official, who spoke to reporters on the condition that they…

Source…