DIRS.INFO The most relevant business & tech news

☆ Alabama state and city governments grapple with pair of cyber incidents
▼ + stars: | 2024-03-13 | by ( Sean Lyngaas | Isabel Rosales | ) edition.cnn.com time to read: +4 min

There was no breach of government networks or data stolen in the cyberattack, according to the office of Republican Gov. “We’ve seen waves of attacks against numerous targets, including the State of Alabama,” Richard Hummel, senior threat intelligence manager at cybersecurity firm Netscout, told CNN. The attacks against Alabama government websites typically lasted five to 10 minutes, Hummel said. More than 2,200 US hospitals, schools and governments were “directly impacted” by ransomware last year, according to a tally from cybersecurity firm Emsisoft. DDoS attacks can also cause disruptions to the local communities that rely on school, hospital and election websites for information, Hummel said.

Persons: ”, Jeremy Ward, Kay Ivey, Sergeant LaQuitta Wade, Gerald Auger, ” Auger, “ You’re, “, ” Richard Hummel, Netscout, Hummel, ransomware Organizations: Washington, Atlanta CNN, Alabama’s, Information Technology, CNN, Republican Gov, Public, Birmingham Police Department, Public Information, Coastal Information Security, Agency, State of, Alabama Locations: Atlanta, Birmingham, City, Alabama, Sudan, ”, State of Alabama

☆ Ransomware group Blackcat is behind cyberattack on UnitedHealth division, company says
▼ + stars: | 2024-02-29 | by ( Ashley Capoot | In | ) www.cnbc.com time to read: +4 min

Traders work at the post where UnitedHealth Group is traded on the floor of the New York Stock Exchange. The company said it's working with Mandiant, which is owned by Google , and cybersecurity software vendor Palo Alto Networks . In a since-deleted post on the dark web, Blackcat said Wednesday that it was behind the attack on Change Healthcare's systems. Change's parent company UnitedHealth Group said it discovered that a cyber threat actor breached part of the unit's information technology network on Feb. 21, according to a filing with the SEC. Brett Callow, a threat analyst at the cybersecurity company Emsisoft, said ransomware groups will often make posts like these in an effort to bring victims to the negotiating table.

Persons: that's, Blackcat, Brett Callow, Emsisoft, Callow, they're, UnitedHealth, John Riggi, Riggi Organizations: New York Stock Exchange, Healthcare, CNBC, Google, Palo Alto Networks, UnitedHealth, SEC, U.S . Department of Justice, Change Healthcare, American Hospital Association Locations: U.S

Hospitals in recent years have shifted their use of online technology to support everything from telehealth to medical devices to patient records. Brett Callow, an analyst for the cybersecurity firm Emsisoft, counted 46 cyberattacks on hospitals last year, compared with 25 in 2022. The dramatic increase in these online raids has prompted the nation’s top health agency to develop new rules for hospitals to protect themselves from cyber threats. The attacks can put hospitals’ networks offline for weeks or months, forcing hospitals to turn away patients. In Chicago, Lurie hospital’s network has been offline for two weeks.

Persons: —, John Riggi, Association’s, “, ” Riggi, Ann, Robert H, Lurie, Brett Callow, Emsisoft, ” Callow, Callow, ”, Andrea Palm, Palm, Jason Castillo’s, Castillo, ” Castillo, it’s, Kathleen Foody Organizations: WASHINGTON, Midwestern children's, American, Lurie Children’s Hospital of Chicago, FBI, of Health, Human Services, Health, HHS, Associated Press Locations: Midwestern, Russia, North Korea, Iran, Chicago

Officials at Lurie Children's Hospital said Thursday that they are still working with the FBI and other law enforcement but told reporters that a “known criminal threat actor” had accessed the hospital's network. The hospital shut down its own systems for phone, email and medical records once the breach was discovered on Jan. 31, officials said. “This is an active and ongoing investigation.”The situation at Lurie Children’s Hospital had all the hallmarks of a ransomware attack, although hospital officials have not confirmed or denied the cause. The latest annual report for Lurie Children’s said staff treated around 260,000 patients last year. Chicago-area pediatrician practices that work with the hospital also have reported being unable to access digital medical records because of the attack.

Persons: ”, “, Marcelo Malakooti, Allan Liska, Lurie, ” Liska, ” Malakooti, Brett Callow, Emsisoft, Lurie Children’s Organizations: CHICAGO, Lurie Children's, FBI, Lurie Children’s Hospital, Associated Press, U.S . Department of Health, Human Services Locations: Chicago

☆ Hackers see wealth of information to steal in children's school records
▼ + stars: | 2023-12-27 | by ( Rachel Curry | ) www.cnbc.com time to read: +3 min

The education community — students, teachers, parents, staff and those connected to all of them — are barraged with threats to their physical safety. Now, they're also increasingly dealing with the kind of threats that don't take lives but impact them nonetheless. Schools are "definitely not funded enough to support cyber warfare," said Josh Heller, supervisor of information security engineering at Digi International. Penn Manor School District has 5,500 students who collectively generate more than two million individual data points in the core student management system alone. Going after a student's spotless creditCybercriminals seeking ransom payouts or identity thieves going after a student's spotless credit can gain access to identifying information, assessments, assignments, grades, homework, health records, attendance history, discipline records, special education records, home communications and more.

Persons: they're, Charlie Reisinger, Josh Heller, Reisinger, Heller, Warren Young, Young Organizations: Penn Manor School District, Millersville University of Pennsylvania's, Digi International, U.S . Senate, Pennsylvania School, Absolute Software Locations: Lancaster County, Penn, U.S

NASHVILLE, Tenn. (AP) — A ransomware attack has prompted a health care chain that operates 30 hospitals in six states to divert patients from at least some of its emergency rooms to other hospitals, while putting certain elective procedures on pause, the company announced. All of its hospitals are continuing to provide medical screenings and stabilizing care to patients arriving at emergency rooms, the company said. Ransomware criminals do not usually admit to an attack unless the victim refuses to pay. Education was the sector most likely to be hit, with attack saturation at 80%. While industries across the spectrum have been hit by ransomware, a recent attack on China’s biggest bank that affected U.S. Treasury trading represented a rare attack on a financial institution.

Persons: Sophos, Brett Callow, Emsisoft, ”, “, ” “ We’re, ” Callow, Frank Bajak Organizations: Ardent Health Services, Ardent, ”, Treasury, Associated Press Locations: Tenn, Nashville , Tennessee, Oklahoma , Texas , New Jersey, New Mexico , Idaho, Kansas, U.S, Soviet

A Boeing logo is seen at the 54th International Paris Airshow at Le Bourget Airport near Paris, France, June 18, 2023. The Lockbit threat was no longer on the gang's website as of Wednesday, and it didn't immediately respond to a request for comment. Boeing declined to comment on whether Lockbit was behind the cyber incident it disclosed. It's unclear what data Lockbit may have stolen from the company. "Paying the ransom would simply elicit a pinky promise from LockBit that they will destroy whatever data they obtained," Callow said.

Persons: Benoit Tessier, didn't, Lockbit, Brett Callow, Emsisoft, Callow, Valerie Insinna, Chris Reese, Lisa Shumaker, Jamie Freed Organizations: Boeing, Paris, REUTERS, Rights, Cybersecurity, Infrastructure Security Agency, Global Services, Services, Thomson Locations: Le Bourget, Paris, France

LAS VEGAS (AP) — Casino company Caesars Entertainment on Thursday joined Las Vegas gambling rival MGM Resorts International in reporting that it was hit by a cyberattack, but added in a report to federal regulators that its casino and online operations were not disrupted. Caesars is the largest casino owner in the world, with more than 65 million Caesars Rewards members and properties in 18 states and Canada under the Caesars, Harrah’s, Horseshoe and Eldorado brands. MGM Resorts said reservations and casino floors in Las Vegas and other states were affected. MGM Resorts has has about 40 million loyalty rewards members and tens of thousands of hotel rooms in Las Vegas at properties including the MGM Grand, Bellagio, Aria and Mandalay Bay. Some MGM Resorts computer systems were still down Thursday, including hotel reservations and payroll.

Persons: “, ”, ” Brett Callow, Emsisoft, Callow, Charles Carmakal, ” Carmakal, Mandiant, ” Mandiant, Brian Ahern, pinky, ’ ”, Frank Bajak Organizations: LAS VEGAS, —, Caesars Entertainment, Las, MGM Resorts International, Securities and Exchange Commission, Social, New, MGM Resorts, “, Caesars, Associated Press, SEC, MGM, Aria, FBI, CNA Financial Locations: Las Vegas, Reno, New Zealand, Russia, U.S, Canada, Harrah’s, Eldorado, Mandalay, China, Macau, British Columbia, Boston

[1/2] A sign indicates the direction to the offices of Progress Software in Burlington, Massachusetts, U.S., July 26, 2023. But more than two months after the breach was first disclosed by Massachusetts-based Progress Software, the parade of victims has scarcely slowed. The tallies show that nearly 40 million people have been affected so far by the hack of Progress' MOVEit Transfer file management program. Now the digital extortionists involved, a group named "cl0p", have become increasingly aggressive about thrusting their data into the public domain. MOVEit is used by organizations to ship large amounts of often sensitive data: pension information, social security numbers, medical records, billing data and the like.

Persons: Brian Snyder, Marc Bleicher, cl0p, Huntress Security's John Hammond, Christopher Budd, Sophos, Eric Goldstein, Nathan Little, Emsisoft, Bert Kondruss, Rowe Price, Maximus, Alexander Urbelis, Crowell, Goldstein, didn't, Surefire's, Raphael Satter, Zeba Siddiqui, Chris Sanders, Grant McCool Organizations: Progress Software, REUTERS, FRANCISCO, Reuters, Software, Insurance, of America, Cybersecurity, Infrastructure Security Agency, Tetra Defense, WHO, Pension, California Public Employees, Moring, U.S ., Thomson Locations: Burlington , Massachusetts, U.S, WASHINGTON, American, Massachusetts, York, New York, Louisiana, California, New York City, Oregon

☆ Victims of Cyberattack on File-Transfer Tool Pile Up
▼ + stars: | 2023-07-19 | by ( Catherine Stupp | ) www.wsj.com time to read: +6 min

The list of companies hit by a cyberattack on a widely used software tool continues to expand and several victims have filed lawsuits alleging mishandling of data. The continued disclosure of new victims affected by hackers exploiting a vulnerability in MoveIt, a common file-transfer tool from Progress Software, underscores how cyberattacks can ripple through supply chains. Some companies have been drawn into data breaches without having used MoveIt because their business partners use it. The Cl0p ransomware group has taken responsibility for the cyberattacks and posted data from some victims on its underground website. A 2021 cyberattack on a tool similar to MoveIt—Accellion’s File Transfer Appliance—had similar ripple effects.

Persons: ”, Brett Callow, cyberattacks, Callow, Genworth, PBI, “, Shell, Rob Carr, Suzie Squier, Johns, Johns Hopkins, Emsisoft’s Callow, Catherine Stupp Organizations: Progress Software, . Progress, Progress, Shell, BBC, Energy Department, Genworth Financial, Social, PBI Research Services, U.S . Department of Health, Human Services, Colorado State University, BG Group, Johns Hopkins University, Getty Locations: British, MoveIt, Kaseya, Johns Hopkins

☆ HCA Healthcare patient data stolen and for sale by hackers
▼ + stars: | 2023-07-10 | by ( Rohan Goswami | In Rohangoswamicnbc | ) www.cnbc.com time to read: +2 min

In this April 14, 2020 file photo, Sam Hazen, CEO of HCA Healthcare, speaks about the coronavirus in the Rose Garden of the White House, in Washington. Personal information for potentially tens of millions of HCA Healthcare patients has been stolen and is now available for sale on a data breach forum as of earlier this week. The data sale was flagged on Twitter by Brett Callow, an analyst at New Zealand-based Emsisoft. Patient data breaches are not uncommon, but they can vary in scope and impact. HCA's breach did not apparently include critical medical records, and the company said the breached data originated at an "external storage location exclusively used to automate the formatting of email messages."

Persons: Sam Hazen, DataBreaches.net, Brett Callow, Callow Organizations: HCA Healthcare, White, HCA, New, CNBC Locations: Rose, Washington, United States, Florida and Texas, New Zealand

The total number of recent victims from the online extortion ring has reached 121 organizations, according to Brett Callow, whose cybersecurity company Emsisoft helps companies respond to digital shakedown attempts. In 2021, Ukrainian authorities announced the arrests of six people tied to cl0p, but it's not clear that they were core members of the group, which continued to hack victims. Plundering file transfer protocols has become increasingly popular as hackers shift from encrypting data to simply stealing files and threatening to release them unless a ransom is paid. Many of the organizations stress that the target of the hack is the file transfer service, not their systems. The FBI said it was "aware of and investigating the recent exploitation of a MOVEit vulnerability by malicious ransomware actors."

Persons: Brett Callow, encrypting, TrendMicro, didn't, Cl0p, Emsisoft, Charles Carmakal, Raphael Satter, Christopher Bing, James Pearson, Cynthia Osterman Organizations: University of California, Siemens Energy, Abbvie Inc, Schneider, Publicly, Sony, Shell PLC, Government, U.S . Energy Department, Alphabet Inc, FBI, Thomson Locations: Los Angeles, Russia, Washington, London

☆ Hackers threaten to leak stolen Reddit data if company doesn’t pay $4.5 million and change controversial pricing policy
▼ + stars: | 2023-06-19 | by ( Jennifer Korn | ) edition.cnn.com time to read: +2 min

In their post, the hackers claim they first demanded a $4.5 million payout “for the deletion of the data and our silence” in April. Reddit CTO Chris Slowe previously posted about a security incident that took place in early February. A Reddit spokesperson confirmed to CNN on Monday that BlackCat’s post relates to the February incident. The spokesperson reiterated that no user data was accessed, but declined to comment beyond that. “We are very confident that Reddit will not pay for its data,” the group wrote in the post on the dark web.

Persons: CNN —, Chris Slowe, Slowe, “, ALPHV, ”, Brett Callow, Emsisoft Organizations: CNN

Separately, state agencies said late Thursday that millions of people in Louisiana and Oregon had their data compromised in a security breach. The cyberattack has targeted federal and state agencies. No other federal agencies have confirmed being impacted. And on Thursday, state agencies said 3.5 million Oregonians with driver’s licenses or state ID cards had been impacted by a breach as well as anyone with that documentation in Louisiana. But much of the responsibility now lies on businesses and federal agencies rather than individuals, according to Cattanach.

Persons: “, ” Robert Cattanach, Dorsey, you’re, ”, Clop, Brett Callow, Emsisoft, ” Callow, Aon, they’ve, ” CISA, Allan Liska Organizations: CNN, Infrastructure Security Agency, Whitney, Department of Justice, The Department of Energy, BBC, British Airways, Boston Globe, Sydney Phoenix, US Department of Homeland, Johns Hopkins University, University of Georgia, –, Progress Software Locations: Russian, Louisiana, Oregon, Minnesota, Illinois, Arlington , VA, Baltimore, Georgia’s

☆ U.S. government says several agencies hacked as part of broader cyberattack
▼ + stars: | 2023-06-15 | by ( Kevin Collier | ) www.cnbc.com time to read: +2 min

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly testifies before a House Homeland Security Subcommittee, at the Rayburn House Office Building on April 28, 2022 in Washington, DC. Several U.S. agencies have been hacked as part of a broader cyberattack that has hit dozens of companies and organizations in recent weeks through a previously unknown vulnerability in popular file sharing software. "CISA is providing support to several federal agencies that have experienced intrusions," he said. Charles Carmakal, chief technology officer of Mandiant, a cybersecurity company owned by Google whose clients include government agencies, said that he was aware of some data theft from federal agencies through the MOVEIt hacks. Wendi Whitmore, who leads threat analysis for the cybersecurity company Palo Alto Networks, said that CL0P's campaign of hacking victims through MOVEIt was incredibly widespread.

Persons: Jen, Eric Goldstein, Charles Carmakal, Andrea Mitchell, Brett Callow, Wendi Whitmore, MOVEIt Organizations: Infrastructure Security Agency, Homeland Security, U.S, Google, NBC News, FBI, National Intelligence, National Security Council, Palo Alto Networks Locations: Rayburn, Washington ,, MOVEIt

☆ Hackers who breached ION say ransom paid; company declines comment
▼ + stars: | 2023-02-03 | by ( Raphael Satter | ) www.reuters.com time to read: +3 min

WASHINGTON, Feb 3 (Reuters) - The hackers who claimed responsibility for the disruptive breach at financial data firm ION say a ransom has been paid, although they declined to say how much it was or offer any evidence that the money had been handed over. Britain's National Cyber Security Agency (NCSC), part of Britain's GCHQ eavesdropping intelligence agency, told Reuters it had no comment. ABN told clients on Wednesday that due to "technical disruption" from ION, some applications were unavailable and were expected to remain so for a "number of days." ION was removed from Lockbit's extortion website, where victim companies are named and shamed in a bid to force a payout. As of late Friday, Lockbit's extortion website alone counted 54 victims who were being shaken down, including a television station in California, a school in Brooklyn and a city in Michigan.

WASHINGTON, Jan 26 (Reuters) - The Hive ransomware gang has been disrupted by international law enforcement action, according to a person familiar with the matter and an announcement posted to the group's website. A flashing message posted to Hive's page said: "The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware." The Federal Bureau of Investigation and the European law enforcement organization Europol did not immediately return messages seeking comment but the person familiar with the matter said a Department of Justice announcement was coming imminently. Hive is one of a wide range of cybercriminal groups that extort international businesses by encrypting their data and demanding massive cryptocurrency payments in return. "Hive is one of the most active groups around, if not the most active," he said in an email.

WASHINGTON, Jan 26 (Reuters) - The FBI revealed on Thursday it had secretly hacked and disrupted a prolific ransomware gang called Hive, a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands from more than 300 victims. They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded the payments. In that case, the Justice Department seized some $2.3 million in cryptocurrency ransom after the company had already paid the hackers. The Justice Department said that over the years, Hive has targeted more than 1,500 victims in 80 different countries, and has collected more than $100 million in ransomware payments. Attorney General Merrick Garland said the FBI's operation helped a wide range of victims, including a Texas school district.

Criminal hackers have posted an enormous trove of sensitive files to the internet from a San Francisco Bay Area transit system’s police department, including specific allegations of child abuse. BART’s chief communications officer, Alicia Trost, said in an email officials were investigating the posted files and that the hackers had not impacted BART services. The perpetrators are an established group of ransomware hackers, one of the many who attack specific organizations and either encrypt sensitive files or threaten to post them on the dark web. Ransomware hackers often demand a payment to not share files. More than 100 networks associated with local government agencies were successfully attacked by ransomware hackers last year, according to an Emsisoft survey.

The email went out to students at Knox College, a small liberal arts school in Illinois, on the evening of Dec. 12. But this group had a new wrinkle for Knox students. “We have compromised your collage networks,” the email said, written in the kind of broken English common among international ransomware hackers. For you, its a sad day where everyone will see your personal and private info.”The incident at Knox College marks the first known case in which hackers used their access to contact students directly in order to intimidate them. The hackers’ website lists an entry to download data for Knox College but doesn’t actually lead to any student data.

Ransomware hackers hit MercyOne in early October, part of a larger breach that caused hospitalwide outages at multiple health systems, according to The Des Moines Register. CommonSpirit Health, a nonprofit health system based in Chicago, oversees 140 hospitals in 21 states; it was not clear how many of them hospitals were affected, and it declined to share the number. For Rachel Cupples of Western Washington, the CommonSpirit Health ransomware attack meant delaying important surgery for weeks. Like some other CommonSpirit Health hospitals that were affected, hers announced it was having trouble scheduling new patients. Parsi and Cupples said they blamed the hackers, not the hospitals, for their pain caused by delayed care.

Criminal hackers have recently targeted U.S. school districts and will likely continue to escalate their attacks this school year, federal agencies warned Tuesday. Hackers infected the district’s computer networks with malicious software, locking up files and demanding a ransom payment. While classes in Los Angeles weren’t canceled, the attack caused a “significant disruption” to the school district and some of its services, the district announced. Since then, there haven’t been any such high-profile ransomware attacks on energy infrastructure. Ransomware attacks on schools also run the risk of giving hackers access to children’s personal information, the government warned.

Search resuls for: "Emsisoft"

22 mentions found