Tag Archive for: Demands

Ransomware group demands $700,000 from Tarrant Appraisal District

/in


Evil walks this world, and it entered the Tarrant Appraisal District building last week when hackers infiltrated the district’s network, board chairman Vince Puente told those gathered at an emergency meeting March 24.

An unknown ransomware group is demanding $700,000 from the appraisal district, after a network disruption last week took the district’s systems offline. Lindsay B. Nickle, legal counsel for the district, said they believe hacking group Medusa may be responsible for the attack.

“If they steal from (the appraisal district), they’re stealing from our taxpayers,” Puente said.

Nickle said the group claims to have sensitive information, but the district doesn’t know whether taxpayer information has actually been compromised and an investigation is ongoing. She confirmed that the district has made contact with the group responsible, and said no decisions have been made on whether to pay the ransom.

“Nobody wants to pay a ransom,” she said. “And so the investigation is ongoing, and we’re looking into all of our options to recover (information).”

The appraisal district does not know where the attack originated. An outside group has been hired to investigate the incident further, Nickle said, but declined to name them. This is the second confirmed cyberattack against the agency in recent years, the first dating back to October 2022.

Medusa has been behind a rising number of data leaks in 2023, targeting industries like education, manufacturing, health care and retail.

Medusa hacked as many as 74 organizations, mostly in Europe, in 2023.

Lindsey Nickle, legal counsel for the Tarrant Appraisal District, gives media and community members an update on the ransomware attack.

Sandra Sadek

/

Fort Worth Report

Lindsey Nickle, legal counsel for the Tarrant Appraisal District, gives media and community members an update on the ransomware attack.

Source…

Ransomware gang demands €10 million after attacking Spanish council

/in


The mayor of Calvià, a municipality on the Spanish island of Majorca, has said the city council will not be paying an approximately €10 million extortion fee demanded by criminals following a ransomware attack.

Calvià, a region on the southwestern part of the resort island, has around 50,000 residents who have been informed that the council is working to “recover normality as soon as possible.”

In a statement on the council’s website, it confirmed that a crisis cabinet had been formed to evaluate the scope of the cyberattack, which was discovered on Saturday morning.

“The IT Service, accompanied by a team of specialists, is working on the mandatory forensic analyses, as well as on the recovery processes of our affected services,” the statement said.

Mayor Juan Antonio Amengual has said he will not consider paying the extortion fee, as reported by the Majorca Daily Bulletin. He also released a video statement on social media.

Spain was among the Counter Ransomware Initiative signatories that last year pledged “relevant institutions under the authority of our national government should not pay ransomware extortion demands.”

As a result of the attack on Calvià, the council has had to temporarily suspend all administrative deadlines — for instance the submission of civil claims and requests — until the end of January.

The city council said it had contacted the cybercrime department of the Civil Guard and shared its preliminary forensic analysis.

“The city council deeply regrets the inconvenience that this situation may cause and reiterates its firm commitment to resolve the current situation in the most orderly, rapid and effective manner possible,” the website said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

Source…

Evolving China-based cyberwarfare demands greater regional resilience

/in


In a speech at this year’s Shangri-La Dialogue, hosted by the International Institute for Strategic Studies in Singapore, Australian Prime Minister Anthony Albanese set out a balanced approach to handling China’s aggressive regional expansion: ‘Australia’s goal is not to prepare for war,’ he said, ‘but to prevent it through deterrence and reassurance and building resilience in the region.’

He went on to say that Australia and its regional allies need to ‘make it crystal clear that when it comes to any unilateral attempt to change the status quo by force, be it in Taiwan, the South China Sea, the East China Sea or elsewhere, the risk of conflict will always far outweigh any potential reward’.

China has recently shown a greater willingness to test the boundaries of physical confrontation. In the cyber domain, however, it has long engaged in aggressive tactics, where the rewards significantly outweigh the potential risks. This is bad news for Australian government organisations, local companies and their counterparts across Southeast Asia, which are having to divert significant resources to protect themselves against evolving Chinese cyber espionage, intellectual property theft and other cyberattacks.

CrowdStrike Intelligence is highly confident that China-nexus adversaries will continue to target both Southeast Asia and Australia in the government, telecommunications, military and civil-society sectors in support of national intelligence-collection priorities. We also expect to see a ramping up of cyber espionage in the AUKUS area as Australia strengthens its defence ties with the US and UK.

Concern around China-based cyber activity has only grown. The extraordinary disclosure in May that VANGUARD PANDA (better known as Volt Typhoon), a China-sponsored adversary group, had been lying dormant in US critical infrastructure networks for at least months suggests persistent assertiveness from China-based cyber actors in support of China’s cyber goals.

To reference the prime minister’s assessment, building resilience and reassurance is vital to deterring such attacks. Understanding more about China-based cyber activities in the region is an important place to…

Source…

Virginia Retirement System hack demands transparency and accountability – Daily Press

/in


Through no fault of their own, thousands of Virginians are learning that their names, social security numbers, birthdates and partial addresses may have been exposed on the internet as part of a massive data breach affecting millions of Americans.

Most of those whose personal information may have been compromised are retired public employees who receive pension benefits through the Virginia Retirement System. VRS initially told Channel 8 News in Richmond that active members of the retirement system were not affected by the hack, but later backed away from that blanket statement. The hack compromised personal information of some survivors and beneficiaries of retirees, a group that includes some current teachers and other state employees. As many as 230,000 people may be affected.

Retirement systems in other states have also been targeted by the hackers, as have other public pension and private-sector retirement plans, state and federal agencies. California’s public employee retirement system, the largest in the nation, announced in June that hackers had stolen confidential data of about 769,000 retirees and beneficiaries.

How did this happen? After all, those in the commonwealth’s retirement system don’t have a choice about giving their personal information to VRS. Was VRS careless with the data in its files? The answer is complicated.

Like many other retirement systems, VRS contracts with a company called Pension Benefits Information to verify information about retirees and guard against overpayment. PBI, like many organizations around the world, uses the MOVEit Transfer software to share data, supposedly securely.

In May, a Russian ransomware group calling itself Clop apparently discovered a flaw in the MOVEit Transfer software and exploited it to gain access to a great deal of confidential personal information before the flaw was discovered and repaired.

Clop and similar cyber criminals steal data and then demand ransom in exchange for not making the information public. Clop wasn’t zeroing in on retired Virginia public employees, but all those whose personal details are now in the hands of unscrupulous crooks should be concerned.

It’s a fact of 21st century life:…

Source…