CDK Global outage caused by BlackSuit ransomware attack
The BlackSuit ransomware gang is behind CDK Global's massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
The BlackSuit ransomware gang is behind CDK Global's massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter. [...]
An open-source Android malware named 'Rafel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram. [...]
An open-source Android malware named 'Ratel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram. [...]
The Company Will Start Notifying Individuals Affected by the Breach in Late JulyChange Healthcare says it has begun to notify customers whose data was compromised in the February ransomware attack that affected scores of healthcare providers, health insurance plans and other organizations. The company will begin to notify affected individuals in late July.
'Substantial proportion' of America to get a little note from next month Change Healthcare is formally notifying some of its pharmacy and hospital customers that their patients' data was stolen from it by ransomware criminals back in February – and for the first time has concretely disclosed the types of information swiped during that IT intrusion.…
Battle the Business Model With Business Resilience Planning, Failover CapabilitiesNever let ransomware become normalized. Businesses today are more likely that not to be hit by ransomware, but this doesn't mean we should ever let ransomware seem like a new normal, akin to death or taxes. We need expert business resilience and failover capabilities.
The Group Published 104 Files It Says Come From NHS Hospitals in LondonA ransomware group late Thursday published information stolen during an attack that's led to postponed cancer treatment and organ transplant surgeries at two London National Health Service hospitals. The Qilin ransomware group hit Synnovis, a U.K. provider of medical lab services.
UnitedHealth has confirmed for the first time what types of medical and patient data were stolen in the massive Change Healthcare ransomware attack, stating that data breach notifications will be mailed in July. [...]
At least they didn’t get paid their $50M ransom demand The ransomware gang responsible for the chaos at London hospitals kept true to its word and released a trove of data that it claims belongs to pathology services provider Synnovis.…
Ransomware group Qilin has reportedly published nearly 400GB of data stolen following the attack on NHS provider Synnovis in early June
Two ransomware gangs bragged of massive theft of personal info and medical files Consulting Radiologists has notified almost 512,000 patients that digital intruders accessed their personal and medical information during a February cyberattack.…
Also: Chinese Cyberespionage, Defiant Cleveland, and a Spanish Ransomware AttackThis week, ONNX targeted Microsoft 365, Symantec spotted Chinese espionage, AMD may have been breached, Cleveland vowed to defy hackers, Black Basta hit a Spanish firm, Pakistani hackers targeted India, Microsoft said it fixed flaws in Azure, and the U.S. and Indonesia held a cybersecurity exercise.
The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks. [...]
The LockBit ransomware group returned the fold to launch 176 attacks in May 2024 following a law enforcement takedown, NCC Group found
Cybercriminals claim they used a zero-day to breach pathology provider’s systems Interview The ransomware gang responsible for the current healthcare crisis at London hospitals says it has no regrets about the attack, which was entirely deliberate, it told The Register in an interview.…
Different Countries Have Different Levels of Law Enforcement InvolvementThis year's Sophos State of Ransomware report reveals how reporting levels and official responses vary across 14 countries. The survey finds that reporting ransomware attacks is common, and victims almost always receive support as a result.
Russian-Speaking Gang Follows Typical Playbook; Critical Services Still DisruptedThe ransomware attack that disrupted U.K. pathology services provider Synnovis, continuing to cause thousands of canceled and delayed operations and appointments across London, reportedly featured a $50 million ransom demand from attackers, backed by the typical threat to leak stolen data.
Threat actors were able to breach Blackbaud's systems and compromise sensitive data, largely because of the company's poor cybersecurity practices and lack of encrypted data, the AG said.
Billions of dollars made available but worst appears to be over The US government is winding down its financial support for healthcare providers originally introduced following the ransomware attack at Change Healthcare in February.…
Rubrik's Steve Stone on Reducing Data-Related Vulnerabilities in HealthcareHealthcare organizations are particularly vulnerable to ransomware, risking significant data loss. Steve Stone, head of Rubrik’s Zero Labs, outlines why healthcare faces higher risks and how organizations can strengthen their defenses against these disruptive threats.