Tag Archive for: Continue

Ransomware recovery efforts continue Monday in Jackson County

/in


KANSAS CITY, Mo. — Jackson County’s Assessment, Collection and Recorder of Deeds offices will remain closed Monday as the county continues to restore network infrastructure following a ransomware attack.

The attack was first reported the morning of Tuesday, April 2. Two days later, the county identified the attack was triggered by a “malicious e-mail link.”

RELATED | Cybersecurity expert gives insight into ransomware attack on Jackson County systems

Monday’s closure will allow the county’s IT professionals to continue recovery efforts by “prioritizing the security and stability” of the affected systems, per a news release from Jackson County.

“We recognize the impact this decision may have on our residents and want to assure them that it was made with careful consideration,” the county shared in the release. “Our commitment remains steadfast in swiftly resolving this situation and minimizing any inconvenience to our community.”

As the offices have been closed for nearly a week, the county said it is grateful for the community’s “continued patience and understanding during this challenging time.”

Updates regarding the reopening of the offices will be “promptly communicated,” per Jackson County.

Source…

Ransomware cybercriminals continue to target manufacturers

/in


If your manufacturing clients are seeing cyber premiums increase, more ransomware incidents could be why.

Although many manufacturing businesses like this perfume factory were quick to digitalize, many also failed to invest in IoT security at the same time they were building out their technological capacity. (Credit: Lena Wurm/Adobe Stock)

According to a new report by industrial cybersecurity firm Dragos, out of 905 ransomware incidents Dragos tracked, 638, or 70%, affected the manufacturing sector.

Dragos noted about a 50% increase in ransomware attacks against industrial organizations between 2022 and 2023.

But what could be of more value than the knowledge of increased premium expectations is the reason why this sector is seeing so many ransomware attacks. If manufacturers are not willing to plug the holes in the dike, then they should prepare themselves for attack, as attackers will always pursue the most vulnerable risks.

Exploiting vulnerabilities

Lax defenses and the significant costs incurred by any impact to operations of industrial risks make them vulnerable to digital extortion. In looking at the manufacturing sector, the industry was quick to move into digital transformation and internet connectivity but did not invest in IoT security at the same time. Ransomware attacks not only impact operational efficiency but also lead to financial and reputational costs, and further still have trickle-down effects on downstream businesses and outputs.

As with many sectors, the manufacturing sector still struggles with segmenting networks like those that deal with human resources from operational technology networks that control operations. This gives a hacker broad access to the organization. Water and wastewater utilities moving into digitization are also vulnerable, with a need to secure entry to access points as they…

Source…

Fulton County tech troubles continue, expert believes it’s a ransomware attack

/in


Possible ransomware attack on Fulton County

Technology trouble continues to be a problem for Fulton County after a cyberattack at the end of January, but a cybersecurity expert believes a ransomware attack may be to blame.

FULTON COUNTY, Ga.Technology trouble continues to be a problem for Fulton County after a cyberattack at the end of January, but a cybersecurity expert believes a ransomware attack may be to blame.

A number of systems remain offline, creating a big headache for residents.

The county has remained tight-lipped and will not answer many questions, other than to say it is “under investigation.”

“When it happened on Monday, I was expecting it to be taken care of by Tuesday,” said Rajiv Garg, a Cybersecurity Expert and Associate Professor at Emory’s Goizueta Business School.

There are rumblings inside and outside the county that this is a multi-million dollar ransomware attack. Officials will not confirm if that’s true. Garg says based on his experience, it’s likely because of how long it’s been going on.

“The issue here is they have some data that is probably not backed up that is either lost or encrypted because of the ransomware,” he said.

What is being impacted by cyberattack?

The attack is impacting phones and court and tax systems. Fulton County residents are caught in the middle.

“The only thing that they’re accepting is a check or money order and if you don’t have that, then you can’t pay,” said Angie Allen, a Fulton County resident.

Residents are being told that their tax payments will not be posted until the system is back online. Joe Jordan paid his property tax bill with a check Monday. His proof of payment is some writing on the back of a business card.  

“That is the only receipt that I have,” he said.

During a Monday afternoon news conference, Fulton County Board of Commissioners Chairman Robb Pitts gave an update on the cyberattack. He did not take any questions about what’s happening, but said this about the investigation.

“There is no evidence or reason to believe that this incident is related to the election process or other current events,” he said.

The county says it has been working around the clock to get systems back up and…

Source…

Qakbot Hackers Continue to Push Malware After Takedown Attempt

/in


The cybercriminals behind the Qakbot malware have been observed distributing ransomware and backdoors following the recent infrastructure takedown attempt by law enforcement, according to Cisco’s Talos research and threat intelligence group.

In late August, authorities in the United States and Europe announced the results of an international operation whose goal was the disruption of the notorious Qakbot botnet, aka Qbot and Pinkslipbot. 

The law enforcement operation involved the takeover of Qakbot infrastructure, the seizure of millions of dollars worth of cryptocurrency, and the distribution of a utility designed to automatically remove the malware from infected devices.

Talos has been monitoring Qakbot-related activities and on Thursday pointed out that a campaign launched by cybercriminals in early August has continued even after the law enforcement operation was announced.

As part of this campaign, the hackers have delivered Ransom Knight ransomware and the Remcos backdoor using phishing emails. This suggests, according to Talos, that the law enforcement operation impacted only Qakbot command and control (C&C) servers, without affecting spam delivery infrastructure.  

The campaign delivering Ransom Knight and Remcos malware appears to be the work of Qakbot affiliates known for a previous operation named ‘AA’, which ran in 2021 and 2022. 

“We assess Qakbot will likely continue to pose a significant threat moving forward. Given the operators remain active, they may choose to rebuild Qakbot infrastructure to fully resume their pre-takedown activity,” Talos said.

Advertisement. Scroll to continue reading.

SecurityWeek has also heard from others who have seen signs that the Qakbot infrastructure is being rebuilt, with cybercriminals moving to distribute new malware.

Qakbot, primarily delivered through spam emails, has been used to gain initial access to systems, to which cybercriminals could then distribute ransomware and other malware. 

When they announced the takedown attempt, US authorities said they had gained access to Qakbot infrastructure and identified more than 700,000 infected computers worldwide. The FBI redirected Qakbot traffic through servers…

Source…