Tag Archive for: threaten

Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals

/in


Losing important work documents or albums with photographs of your family because you have unsuspectingly clicked on a malicious e-mail attachment can be very damaging and stressful. Now imagine that you have lost not only your data but also the very sensitive data of thousands of other people.

This is a threat that hospitals around the world are facing each day, with some of them ultimately falling victim.



Cybercriminals employing ransomware as part of their hacking campaigns are extorting users, demanding a hefty ransom in the form of cryptocurrency. They promise to give you a decryption key to recover your data, but you can never be certain whether the criminal will keep this promise. While some user may get lucky, others will not only lose their data but also their money.

Experts usually recommend not paying the ransom, as this also encourages the hackers to continue targeting more potential victims. The decryption keys for some ransomware variants are later made public, for example, thanks to authorities and their investigation. So even if you don’t pay the ransom, your chances of getting the data back are not completely over.

But in the case of hospitals or businesses, making the right decision can be much more difficult. Especially when the ransom is much higher and on top of that, the hackers are trying to improve their odds by other malicious activities.

Some hackers are threatening the hospitals with swatting, as The Register reports. A specific example is Seattle’s Fred Hutchinson Cancer Center which was hacked in November. The hospital confirmed for The Register that it “was aware of cyber criminals issuing swatting threats”, and that FBI and local police started an investigation.

Swatting is the tactic of contacting police with a false report, ultimately triggering a SWAT team to come to the targeted location, for example, the house of an innocent victim.

In a different case at Oklahoma’s Integris Health, the patients were targeted and threatened with having their data sold on the dark web.

These are just some of the extreme…

Source…

Iran-linked cyberattacks threaten equipment used in U.S. water systems and factories

/in


Updated December 2, 2023 at 1:51 PM ET

An Iran-linked hacking group is “actively targeting and compromising” multiple U.S. facilities for using an Israeli-made computer system, U.S. cybersecurity officials say.

The Cybersecurity and Infrastructure Security Agency (CISA) said on Friday that the hackers, known as “CyberAv3ngers,” have been infiltrating video screens with the message “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”

The cyberattacks have spanned multiple states, CISA said. While the equipment in question, “Unitronics Vision Series programmable logic controllers,” is predominately used in water and wastewater systems, companies in energy, food and beverage manufacturing, and health care are also under threat.

“These compromised devices were publicly exposed to the internet with default passwords,” CISA said.

The agency did not specify how many organizations have been hacked, but on Friday CNN reported that “less than 10” water facilities around the U.S. had been affected.

CyberAv3ngers was behind the breach at a water authority outside of Pittsburgh on Nov. 25. The Aliquippa water authority was forced to temporarily disable the compromised machine, but reassured citizens that the drinking water is safe.

While it did not cause any major disruptions to the water supply, the incident revealed just how vulnerable the nation’s critical infrastructure is to cyberattacks.

“If a hack like this can happen here in Western Pennsylvania, it can happen elsewhere in the United States,” Sens. John Fetterman and Bob Casey, and Rep. Chris Deluzio, who all represent the state, wrote in a letter to Attorney General Merrick Garland on Tuesday. The lawmakers urged the Justice Department “to conduct a full investigation and hold those responsible accountable.”

It also showed the scale and scope of Israel and Hamas’ cyberwarfare. Alongside the fight on the ground, both sides of the conflict are armed with dozens of hacking groups that have been responsible for disrupting company operations, leaking sensitive information online and collecting user data to plan future attacks.

“We’re now tracking over 150 such groups. And since you…

Source…

Ransomware cyberattackers threaten to release Henry Schein data

/in


Henry Schein Logo 770x500Henry Schein Logo 770x500A cyberattack group known as BlackCat is threatening to release Henry Schein

(Nasdaq: HSIC)

 data unless the medical device manufacturer and distributor pays a ransom.

BlackCat (also known as ALPHV, both named after the ransomware of the same name) said they’ve encrypted Henry Schein’s systems after failed negotiations with Coveware, which describes itself as “ransomware recovery first responders.”

The cyber gang said they’ve stolen 35 TB of “sensitive data,” including “internal payroll data and shareholder folders.”

Henry Schein disclosed a cyber security incident on October 15 and has offered few details.

The latest update came in a Securities and Exchange Filing this week asking for more time to file its quarterly report for the three months ended Sept. 30. The company said it wouldn’t be able to file on time “due to information access limitations arising from the company’s decision to shut down certain operations as a precautionary measure as a result of the cybersecurity incident.”

The BlackCat/ALPHV group reportedly added Henry Schein to its dark web leak site last month. This week, the group threatened to post data as soon as today and said it has already cost Henry Schein $150 million.

The group later removed Henry Schein from its leak site, which could mean negotiations have resumed or the company has paid the ransom.

Cybersecurity expert Dominic Alvieri posted a screenshot of ALPHV/BlackCat’s threats and called them the “most dangerous, damaging and flexible ransomware group today,” citing the Henry Schein attack as well as $500 million in damages for Clorox and an estimated $200 million lost by Dole.

Henry Schein appears to be the first medtech company that’s suffered a cyberattack since the SEC launched new regulations requiring publicly traded companies to promptly disclose cybersecurity incidents that have a material impact. However, Henry Schein has not yet quantified the impact or said whether it is considered to be material. (These regulations are different than the FDA’s new cybersecurity requirements for developers and manufacturers of cyber devices.)

Medical Design & Outsourcing:

Source…

Tattletale Ransomware Gangs Threaten to Reveal GDPR Breaches

/in


Fraud Management & Cybercrime
,
Ransomware

Repeat Shakedown Tactic: Victims Told to Pay Up or Else They’ll Pay Massive Fines

Mathew J. Schwartz
(euroinfosec)


September 7, 2023    

Tattletale Ransomware Gangs Threaten to Reveal GDPR Breaches
Image: Shutterstock

Money is a great inducement to innovation. That includes – maybe especially so – ransomware groups whose attempts to squeeze dollars from data lead to no end of novel technical and business techniques.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

Enter Ransomed, a group that only launched Aug. 15 but which has already made a name for itself by extorting victims with this threat: Pay us a ransom to stay quiet, or we’ll rat you out to your friendly neighborhood European privacy regulator. As a sweetener, the group tells victims that their ransom demand is only a fraction of the fines they’d pay for violating the EU’s General Data Protection Regulation for the data breach.


The group claims it targets large organization, demanding ransoms of between $53,000 to $215,000, which is far below what it says their GDPR penalty is likely to be, threat intelligence firm Flashpoint reported.


Whether or not any victims have chosen to take GDPR compliance or other legal advice from these stress-inducers remains unclear.


The same goes for victims of groups that have previously named-dropped GDPR in their ransom notes. Since 2022, that’s included post-Conti spinoff Alphv/BlackСat, joined this year by newcomers NoEscape and the Cloak extortion group, which has been tied to Good Day ransomware, reported threat intelligence firm Kela.


Like most ransomware groups, Alphv…

Source…