Tag Archive for: Action

Patient files class action lawsuit against Norton Healthcare over ransomware attack

/in


In the lawsuit, the patient claims that Norton failed to secure and safeguard hers and around 2.5 million other people's personal information.

In the lawsuit, the patient claims that Norton failed to secure and safeguard hers and around 2.5 million other people’s personal information.

Source…

Cyberattack 101: Go inside the ransomware negotiations with hackers | Action News Investigation

/in


PHILADELPHIA (WPVI) — Cyberattacks are surging and health care networks are being increasingly targeted.

Just last week, cyber thieves hit Capital Health in New Jersey.

Criminal enterprises usually get access to networks due to human error on a computer when employees often mistakenly click on what’s called a “phishing email” and accidentally download malware.

But that’s just the early innings in the game of ransomware, then begins the negotiations.

“It’s billions of dollars every year that ransomware groups are making,” said Drew Schmitt with Guidepoint Security.

Schmitt’s job is to negotiate with cyber syndicates who he said go by names like Akira, BlackBasta, Lockbit and the Lazarus Group.

“We see that there are threat actors that exist all over the world,” he said.

He said with the click of a mouse the cyber gangs take over networks.

Hospitals in Delaware County, the City of Philadelphia and a Pennsylvania water authority are just a few of the local victims in 2023.

“These threat groups have evolved in such a way that they have more or less real-time chat applications,” said Schmitt.

Schmitt took us behind the scenes of what happens when entities hire Guidepoint Security. The cybersecurity firm is responsible for past negotiations of one-third of Fortune 500 companies and more than half of US government cabinet-level agencies.

He said after an attack, victims will first get a link. They’ll then be instructed to enter their company name and code, and then negotiations are underway.

“Hey I was told to get in contact with you based on this ransomware. How do we get our files back?” he said they usually ask.

In this ransomware attack, Schmitt shared with the Investigative Team that BlackBast requested $1 million. If not paid, the group warned the sensitive information would be posted to a news board or leaked onto a site on the dark web where other criminals can access the information.

“That’s where they name and shame. That’s where they post the data.”

Schmitt said he’ll then request proof they have the files they say they do.

“So we actually call that proof of life,” he said. “You have what you say you have. But now we need to know that you can actually decrypt the files that you’ve encrypted…

Source…

BlackCat ransomware site down amidst rumours of law enforcement action

/in


The ALPHV data leak site, along with the Tor negotiation URLs shared with victims in ransom notes, went offline on 7th December and have yet to be restored.

Security researchers, including Yelisey Bohuslavkiy, chief research officer at RedSense, have hinted at a possible law enforcement operation targeting the group.

Bohuslavkiy said admins of other top-tier ransomware groups directly linked to ALPHV, including Royal/BlackSuit, BlackBasta and LockBit, confirmed law enforcement involvement in the takedown.

Despite these rumours, BlackCat’s leadership maintains that “everything will work soon.”

When contacted by BleepingComputer, the ALPHV admin mentioned server repairs, but provided no further details.

ReliaQuest, a security operations centre company, notes that BlackCat’s site has a history of intermittent connectivity issues, although the current outage is among the longest faced by the group.

Notably, no law enforcement agency has officially released information about an operation specifically targeting BlackCat.

ALPHV had previously dismissed the possibility of a takedown effort like the one that targeted the Hive ransomware group in January 2023.

Analysts at ReliaQuest speculate that this disruption could prompt hackers associated with BlackCat to seek new affiliations, or even establish their own ransomware gangs.

“The removal of this group from the ransomware landscape will undoubtedly leave a void, with its operators and affiliates likely moving to other ransomware groups or forming new groups,” said Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest.

The company noted that similar law enforcement actions in the past have resulted in the dispersal of affiliates into new programmes, bringing valuable experience from previous operations.

Who is BlackCat?

BlackCat first appeared in in late 2021 as a ransomware-as-a-service enterprise, offering lucrative payouts of up to 90% of…

Source…

Central government urges immediate action for Mozilla Firefox users amid security concerns

/in


certin, mozilla firefox, web browser, security alert, security warning, hacking attempts, hackers
Image Source : FILE Representational Image

CERT-In, the Indian Computer Emergency Response Team, has issued a security warning regarding Mozilla’s Firefox web browser. The alert mentioned potential vulnerabilities that could be exploited by hackers to access confidential user data. It’s concerning as Firefox faces not just one, but multiple security issues.

Affected Versions

  • Firefox ESR versions before 115.5.0

  • Firefox iOS versions before 120

  • Mozilla Thunderbird versions before 115.5

The Risks

The highlighted security flaws indicate the possibility of unauthorised access which poses a major threat to user security.

Protective Measures Advised by CERT-In

  1. Update Firefox Immediately: Users are strongly advised to update their Firefox browser promptly. This step is crucial in addressing and mitigating the identified security issues.

  2. Enable Automatic Updates: Ensure that automatic updates are enabled for your Firefox browser. This feature helps in keeping the browser’s security measures up-to-date.

  3. Exercise Caution with Links and Attachments: Avoid clicking on links and opening attachments from unknown senders, whether through messages or emails. This simple precaution can prevent potential security threats.

CERT-In’s Recent Alerts

In recent weeks, CERT-In has been proactive in issuing security alerts. Prior warnings included concerns about security problems in Chrome on Android and highlighted vulnerabilities in major applications developed by Adobe.

Tips to Stay Safe

Staying vigilant and taking immediate action to update software are critical steps in safeguarding against potential security breaches. As cyber threats continue to evolve, users are encouraged to follow best practices to protect their devices and sensitive information. For further details and the latest updates, users can refer to CERT-In’s official website.

ALSO READ | No charger? Check these tips to keep your iPhone alive in emergency situations

ALSO READ | Xiaomi’s HyperOS update details revealed- Is your smartphone on the…

Source…