Tag Archive for: sues

Law Firm Sues MSP Over Black Basta Ransomware Attack

/in


A managed service provider (MSP) has been slapped with a lawsuit by a prominent Sacramento, California law firm alleging that it failed to protect it from a ransomware attack that took down its systems.

The lawsuit, which has generated a significant amount of chatter in the channel community, filed by the law firm Mastagni Holstedt in Sacramento Superior Court, claims that LanTech LLC, a privately-owned Sacramento company, failed to adequately protect it from the attackers.

MSSP Alert has reviewed the complaint in which Mastagni is seeking more than $1 million in damages. The firm employs 42 lawyers.

LanTech owner Terry Berg and backup provider Acronis, a Delaware-based provider, doing business in California, are also named as defendants in the filing. Berg has owned LanTech since its inception in 1994.

The plaintiff alleges that they were forced to pay the attackers, said in the complaint to be Black Basta, an undisclosed sum to regain access to its network. The incident occurred in February, 2023 and the lawsuit was filed last month.

Reached by telephone, a LanTech employee declined to comment and said he knew nothing about the suit. Acronis denied any responsibility for the ransomware attack.

“Our investigation revealed that access credentials may have been compromised outside of our systems and used to delete the firm’s backups and execute a ransomware attack,” the company said in a statement to the Sacramento Bee. “Acronis has not been served with the lawsuit and will not be commenting further on this litigation.”

Black Basta, a Russian-speaking group ransomware-as-a-service crew first detected in 2022, is said to have orchestrated some 300 ransomware attacks that have landed it more than $100 million in bitcoin ransom payments.

LanTech describes itself as a “team of IT engineers with a passion for delivering exceptional service to businesses in the Sacramento region. We specialize in network management and have extensive experience in analyzing, integrating, and maintaining crucial IT systems for our clients.” The MSP lists Microsoft, Dell and HP Enterprise as “partners.”

“Major Outage” Sparks Lawsuit

The lawsuit claims that the plaintiff and LanTech entered into an…

Source…

Prominent Sacramento law firm sues for $1 million after falling prey to ransomware attack

/in


A prominent Sacramento law firm that represents police officers and sheriff’s deputies in the capital region is suing a computer firm for more than $1 million alleging that, after hiring the company to provide cybersecurity, the law firm was hit with a ransomware attack.

The Mastagni Holstedt law firm filed the suit in Sacramento Superior Court this week against Lantech LLC, claiming that because of the cyberattack last year, Mastagni Holstedt was forced to pay a ransom to regain access to its data.

An office manager at Lantech who would not give her name Wednesday morning declined to comment when reached by phone, saying she knew nothing about the suit, which names Lantech, former Lantech owner Terry Berg and backup computer data storage company Acronis Inc.

Lantech did not respond to a subsequent email request for comment, and Acronis denied any responsibility for the cyberattack.

Law firm founder Davis Mastagni also did not respond to a request for comment.

The lawsuit alleges the attack came from a group known as “Black Basta,” a Russian-speaking group first detected in early 2022 that has been blamed for hundreds of ransomware attacks that have resulted in payments of more than $100 million by firms seeking to retrieve data.

“In its first two weeks alone, at least 20 victims were posted to its leak site, a Tor site known as Basta News,” according to a March 2023 “threat profile” by the U.S. Health and Human Services Department’s Office of Information Security. “It exclusively targets large organizations in the construction and manufacturing industries, but was also observed to target other critical infrastructure, including the health and public health sector.

“While primarily targeting organizations within the United States, its operators also expressed interest in attacking other English-speaking countries’ organizations in Australia, Canada, New Zealand, and the United Kingdom. Threat actors that used the ransomware have additionally impacted organizations based in the United States, Germany, Switzerland, Italy, France, and the Netherlands.”

The group has extorted at least $107 million in bitcoin from targets, according to a November report by Reuters news…

Source…

SEC sues SolarWinds for alleged cyber neglect ahead of Russian hack

/in


U.S. regulators sued SolarWinds, a Texas-based technology company whose software was breached in a massive 2020 Russian cyberespionage campaign, for fraud for failing to disclose security deficiencies ahead of the stunning hack.

The company’s top security executive was also named in the complaint filed Oct. 30 by the Securities and Exchange Commission seeking unspecified civil penalties, reimbursement of “ill-gotten gains” and the executive’s removal.

RELATED

Detected in December 2020, the SolarWinds hack penetrated U.S. government agencies including the Justice and Homeland Security departments, and more than 100 private companies and think tanks. It was a rude wake-up call that raised awareness in Washington about the urgency of stepping up efforts to better guard against intrusions.

In the 68-page complaint filed in New York federal court, the SEC says SolarWinds and its then vice president of security, Tim Brown, defrauded investors and customers “through misstatements, omissions and schemes” that concealed both the company’s “poor cybersecurity practices and its heightened — and increasing — cybersecurity risks.”

In a statement, SolarWinds called the SEC charges unfounded and said it is “deeply concerned this action will put our national security at risk.”

Brown performed his responsibilities “with diligence, integrity, and distinction,” his lawyer, Alec Koch, said in a statement. Koch added that “we look forward to defending his reputation and correcting the inaccuracies in the SEC’s complaint.” Brown’s current title at SolarWinds is chief information security officer.

‘Repeated red flags’

The SEC’s enforcement division director, Gurbir S. Grewal, said in a statement that SolarWinds and Brown ignored “repeated red flags” for years, painting “a false picture of the company’s cyber controls environment, thereby depriving investors of accurate material information.”

The very month that SolarWinds registered for an initial public offering, October 2018, Brown wrote in an internal presentation that the company’s “current state of security leaves us in a very vulnerable state,” the complaint says.

Among the SEC’s damning…

Source…

Patient sues CommonSpirit over ransomware attack

/in


A CommonSpirit patient filed a lawsuit against the health system after it suffered a ransomware attack last year that compromised the private health information of more than 623,000 people.

Leeroy Perkins, a Washington state resident, filed suit in federal court in Illinois last week alleging the Chicago-based system failed to implement basic data security measures to protect patient health information.

Perkins’ lawsuit claims he and others are at risk of identity theft and alleges his personal health information is now in the hands of cybercriminals, according to the lawsuit that is seeking class action status. Perkins, who is being represented by the law firm Lynch Carpenter, was a patient at Virginia Mason Franciscan Health, part of CommonSpirit Health.

CommonSpirit is one of the largest hospital operators in the country with more than 142 hospitals and 2,200 care sites across 21 states. The health system declined to comment on the lawsuit. 

CommonSpirit Health hospital locations

 

On Dec. 1, CommonSpirit reported the ransomware attack to regulators after it first announced an “IT security incident” in October.

CommonSpirit later confirmed it was hit by a ransomware attack that interrupted access to electronic health records and delayed patient care in multiple regions.

CommonSpirit said it notified law enforcement of the attack and brought in leading cybersecurity experts to assess the impact.

Source…