Tag Archive for: Disrupted

UnitedHealth Blamed ‘Nation-State’ Threat in Hack That Disrupted Pharmacy Orders

/in


(Bloomberg) — A cyberattack against a division of UnitedHealth Group Inc. has caused a nationwide outage of a computer network that’s used to transmit data between health-care providers and insurance companies, rendering some pharmacies unable to process prescriptions, according to the company and reports from affected organizations.

Most Read from Bloomberg

UnitedHealth found a “suspected nation-state associated cyber security threat actor” had access to subsidiary Change Healthcare’s systems on Feb. 21, prompting the company to disconnect them from other parties, the company said in a filing Thursday.

UnitedHealth, the country’s largest health insurer, said in a statement Thursday that the cyberattack and related “network interruption” only impacted Change Healthcare and that all its other systems are operational. Change Healthcare is a key intermediary in the $1.5 trillion US health insurance market.

UnitedHealth is working with law enforcement and security experts but can’t say when the service will be restored, according to the filing. The company hasn’t determined that the attack is likely to affect its financial results, it said.

“Change Healthcare is experiencing a cybersecurity issue, and our experts are working to address the matter,” the Minnetonka, Minnesota-based company said earlier in a statement on its website. “Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact.”

The incident is the latest in a series of attacks where hackers have compromised providers of back-end IT software and services — companies that are often little-known outside of their industries yet play critical roles in the normal functioning of everything from financial markets to government services — and triggered cascading disruptions across their customer bases.

Last month, for example, a ransomware attack against Tietoevry Oyj, a Finnish information technology company, crippled payroll and other services for government agencies and hospitals, retailers, cinemas and other customers throughout Sweden. Three days later, a ransomware…

Source…

LockBit ransomware gang disrupted by international law enforcement operation

/in


LockBit — the most prolific ransomware group in the world — had its website seized Monday as part of an international law enforcement operation that involved the U.K.’s National Crime Agency, the FBI, Europol and several international police agencies.

“This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” a seizure notice on the group’s website said. “We can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action — this is an ongoing and developing operation.”

The group has far outpaced other ransomware gangs since it emerged in late 2019, with researchers at Recorded Future attributing nearly 2,300 attacks to the group. Conti — the second most active group — has only been publicly linked to 883 attacks.

2024_0209 - Ransomware Tracker - Most Prolific Groups.jpg

But LockBit has also gained a reputation for the damage it has caused and the organizations it has targeted. Although the group previously claimed to have rules prohibiting attacks on hospitals, it hit Canada’s largest children’s hospital during the 2022 Christmas season, as well as multiple healthcare facilities in the U.S. and abroad. Last month, the group said it was behind a November attack on a hospital system that forced multiple facilities in Pennsylvania and New Jersey to cancel appointments.

“In a highly competitive and cutthroat marketplace, LockBit rose to become the most prolific and dominant ransomware operator,” said Don Smith, vice president of threat research at Secureworks CTU. “It approached ransomware as a global business opportunity and aligned its operations, accordingly, scaling through affiliates at a rate that simply dwarfed other operations.”

The takedown is just the latest in a series of law enforcement actions targeting ransomware gangs — late last year, the FBI and other agencies took down sites and infrastructure belonging to Qakbot, Rangar Locker and other groups.

“This has been a year of action for the Justice Department in our efforts to pivot to a strategy of disruption,” Deputy Attorney General Lisa Monaco said Friday at…

Source…

US says it disrupted a China cyber threat, but warns hackers could still wreak havoc for Americans

/in


FBI Director Christopher Wray, center, testifies during a House Select Committee focusing on China on Capitol Hill, Wednesday, Jan. 31, 2024, in Washington.
FBI Director Christopher Wray, center, testifies during a House Select Committee focusing on China on Capitol Hill, Wednesday, Jan. 31, 2024, in Washington.Mariam Zuhaib/AP

WASHINGTON (AP) — U.S. officials said Wednesday they disrupted a state-backed Chinese effort to plant malware that could be used to damage civilian infrastructure, as the head of the FBI warned that Beijing is positioning itself to disrupt the daily lives of Americans if the United States and China ever go to war.

The operation, announced just before FBI Director Chris Wray addressed House lawmakers, disrupted a botnet of hundreds of U.S.-based small office…

Source…

Industrial and Commercial Bank of China suffers ransomware attack; trades in US Treasury market disrupted: Report

/in


Industrial and Commercial Bank of China (ICBC), the country’s largest commercial lender by assets, reportedly suffered a ransomware attack on Thursday that disrupted the trades in the US Treasury market. However, the impact of the ransomware attack seemed to be limited, Reuters reported.

In a statement, ICBC Financial Services said a ransomware attack resulted in disruption to certain systems and it was conducting an investigation and “progressing its recovery efforts.”

The bank said it had successfully cleared Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades done on Thursday.

The Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades done on Thursday had been successfully cleared, the bank said.

(Exciting news! Mint is now on WhatsApp Channels :rocket: Subscribe today by clicking the link and stay updated with the latest financial insights! Click here!)

Bloomberg reported citing people familiar with the situation that a prolific criminal gang known as Lockbit is suspected to have orchestrated the hack.

According to some market participants, trades going through ICBC were not settled due to the attack and this affected market liquidity, Reuters reported.

In ransomware attacks, hackers encrypt an organization’s systems and demand ransom payments in exchange for unlocking them. 

The Financial Times earlier had reported that the US Securities Industry and Financial…

Source…