Tag Archive for: Offline

Update ConnectWise ScreenConnect Servers Or Take Offline As Ransomware Is Deployed

/in


‘It’s odd because now our work has shifted to not getting ahead of the vulnerability and understanding it and sharing the intel, it’s watching the internet burn and trying to respond and remediate the best we can. We’re watching the world burn,’ says John Hammond, principal security researcher at threat hunting firm Huntress.


The Cybersecurity and Infrastructure Security Agency (CISA) issued a notice Thursday that ConnectWise partners and end customers should pull the cord on all on-prem ScreenConnect servers if they cannot update to the latest version amid the ConnectWise ScreenConnect vulnerabilities that was reported early this week.

And exploits are already being seen in the wild.

“We’re seeing such a variety of different attempts,” John Hammond, principal security researcher at threat hunting firm Huntress, told CRN. “So many different threat actors are just taking advantage of these golden hours of exploitation.”

In a 30-page report released Friday, Ellicott City, Maryland-based Huntress has detected and kicked out active adversaries leveraging ScreenConnect access for post-exploitation. Exploits being deployed include ransomware, cryptocurrency coin miners, Cobalt Strike and additional remote access.

One company, UnitedHealth Group’s Change Healthcare, was experiencing slowdowns at pharmacies due to a strain of LockBit malware related to ScreenConnect vulnerabilities, according to a report on SC Magazine.

In an 8-K filing with the U.S. Securities and Exchange Commission on Wednesday, United Healthcare Group, the parent company of Change HealthCare, “identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology system.

”During the disruption, certain networks and transactional services may not be accessible,” the filing stated.

[Related: Huntress On ‘Critical’ ConnectWise Vulnerabilities: ‘It Does Have A Certain Firestorm Potential’]

Source…

Bitcoin Ransomware Takes Down 100 Romanian Hospitals Offline

/in


Sujha Sundararajan

Last updated:

| 1 min read

Source: Pete Linforth / Pixabay

More than 100 hospitals in Romania were affected by a crypto ransomware attack on Tuesday, the National Cyber Security Directorate (DNSC) confirmed. The unidentified perpetrators have demanded 3.5 Bitcoin (BTC), or about $180,000, to decrypt the data.

The ransomware took down over 100 hospitals, affecting their IT systems and encrypting data, forcing the hospitals to operate offline.

Per a recent update from the DNSC, 25 hospitals in Romania using Hipocrate Information System (HIS) are directly affected by the attack. “As a result of the attack, the system is down, files and databases are encrypted,” the Ministry of Health noted.

“The incident is under investigation by IT specialists, including cyber security experts from the National Cyber ​​Security Directorate, and resumption possibilities are being assessed,” the Ministry added. However, it did not specify whether the authorities are ready to pay the ransom in Bitcoin, as demanded by attackers.

Dubbed ‘Backmydata’, the ransomware is a variant of Phobos malware family, that are distributed via hacked Remote Desktop (RDP) connections. The ransom note informs victim about the severity of the situation by threatening to sell confidential…

Source…

Ransomware attack knocks 20 Romanian hospitals offline: Report

/in


A ransomware attack on Hipocrate Information System (HIS), used by hospitals to manage medical activity and patient data knocked, impacted at least 21 hospitals in Romania forcing them offline.

The attack launched over the weekend targeted the production servers running HIS information system, resulting in the system’s database being encrypted.

The incident, currently under investigation, impacted various hospitals across Romania, including regional and cancer treatment centers, a report from the Bleeping Computer said.

There is no information on what ransomware operation targeted the hospitals’ system or if the patient’s personal or medical data was stolen. Romania’s National Cyber Security Directorate (DNSC) is currently investigating the cyber incident.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Technological advancements in the healthcare industry like remote health monitoring, electronic health records and the Internet of Thins (IoT) has provided cybercriminals with more opportunities to attack the sector.

Also Read | How safe is our personal health data with the Indian government? 

Attacks on the healthcare sector have also impacted India, with the country registered the second highest number of attacks on the sector in 2022.

Attacks on hospitals could lead to sensitive data being exposed to threat actors. This data can then be used to perform digital identity theft, online banking thefts, tax frauds and other financial crimes.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every
month

You have exhausted your free article limit.
Please support quality journalism.

You have exhausted your free article limit.
Please support quality journalism.

This is your last free article.

Source…

Georgia School District Goes Offline After Suspicious Activity

/in


(TNS) — Henry County Schools Superintendent Mary Elizabeth Davis said Tuesday leaders continue to investigate “suspicious activity” that has resulted in the district restricting Internet access since last week.

In a video posted to YouTube, Davis did not say what activity led the south metro Atlanta district to decide to take its Internet offline on Thursday, but said that student services, payroll, billing and other district operations remain functional as the school system conducts a probe of its network.

“What we know now is that last week suspicious activity was detected on our network,” she said. “And as you would expect, we take matters of this nature very seriously.”


The district’s investigators are being joined by the U.S. Department of Homeland Security, the FBI, the Georgia Emergency Management Agency, Henry County Police Department and others in its probe, Davis said.

Henry Schools said late last week that district operations ”will continue for students with the exception of online courses.” In addition, leaders said lunches, bus services and after-school activities would “continue as normal.” The livestream of the Henry school board’s Monday meeting was canceled because of the district’s restricted Internet functions.

Davis did not say when Internet functionality would return to the system or when the district might have answers in the investigation, including defining the “suspicious activity.”

She did, however, seek to find a bright side to the challenges.

“It really has been amazing to see the agility of our organization kick in,” she said. “As always, the Henry County team of professionals, our students and our parents have responded with amazing adaptability as we keep school operations going, maintain student learning and maintain functionality of our core business applications.”

©2023 The Atlanta Journal-Constitution. Distributed by Tribune Content Agency, LLC.

Source…