Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising
A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. [...]
Also: More Support for Ransomware Victims, Key Takeaways From RSA 2024In the latest weekly update, ISMG editors discussed key takeaways from the RSA Conference, delve into the surge of synthetic ID fraud in the auto lending industry, and examine a new initiative by the UK's National Cyber Security Centre and major insurance associations to combat ransomware threats.
Throw another healthcare biz on the barby, mate Australian prescriptions provider MediSecure is the latest healthcare org to fall victim to a ransomware attack, with crooks apparently stealing patients' personal and health data.…
This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. However, that does not mean there was nothing of interest released this week about ransomware. [...]
Multiple UK councils have warned that residents’ personal data may have been compromised following a ransomware attack on NRS Healthcare
TLDR: Peace in our time is really really hard Interview On Wednesday the FBI and international cops celebrated yet another cybercrime takedown – of ransomware brokerage site BreachForums – just a week after doxing and imposing sanctions on the LockBit ransomware crew's kingpin, and two months after compromising the gang's website.…
Electronic prescriptions provider MediSecure said the attack originated from a third-party vendor, and has impacted individuals’ personal and health information
Spoiler alert: it's not really IT support controlling your device A cybercrime gang has been abusing Microsoft's Quick Assist application in social engineering attacks that ultimately allow the crew to infect victims with Black Basta ransomware.…
e-Prescription Provider Brings in Government on Ransomware ResponseAustralian e-prescription firm MediSecure said it is dealing with a large-scale cyberattack that could affect the personal and health information of millions of patients. The company says it is working with the Australian government on a "whole-of-government response" to the ransomware attack.
2020 Attack Affected 13,000 Blackbaud Clients, 1.5 Billion of Their 'Constituents'A federal judge has denied class certification in consolidated proposed class action litigation against Blackbaud stemming from the fundraising software vendor's 2020 ransomware attack that affected 13,000 clients and compromised data of about 1.5 million donors, patients and other individuals.
Thankfully, GE ultrasounds aren't Internet-facing. Exploiting most of the bugs to cause serious damage to patients would require physical device access.
Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor. [...]
Microsoft warned Storm-1811 started vishing attacks in April to gain access to target devices
Car manufacturer Nissan revealed that over 53,000 of its North America employees had their social security numbers accessed by a ransomware attacker
When abused by threat actors with sophisticated social-engineering chops, remote-access tools demand that enterprises remain sharp in both defense strategy and employee-awareness training.
Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances
The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks
GE HealthCare Says Risks Can Largely Be Mitigated Through Security Best PracticesSecurity researchers have found 11 vulnerabilities in certain GE HealthCare ultrasound products that could allow malicious actors to physically implant ransomware or manipulate patient data stored on the affected devices. GE said the risks can be mitigated through best security practices.
No more illicit gains, for a while at least The FBI, in combination with police around the world, have taken control of the website and Telegram channel of ransomware brokerage site BreachForums.…
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks. [...]