September 28, 2022

Bl00Dy Ransomware Gang seen using Leaked LockBit 3.0 builder

Recently, the Bl00Dy Ransomware Gang has been observed using a recently leaked LockBit ransomware builder in attacks against companies. The Bl00Dy Ransomware Gang was first observed operating around May 2022, when they were targeting a group of medical and dental practices in New York. Last week, the LockBit 3.0 ransomware builder was leaked on Twitter after a fallout between a […]
September 20, 2022

A cyberattack against New York Racing Association claimed by the Hive ransomware gang

On Monday 19th of September 2022, the Hive ransomware gang claimed responsibility for an cyberattack that impacted the IT operations of the New York Racing Association (NYRA). The incident also impacted their website availability and has resulted in member data being compromised. On Friday 9th of September 2022, NYRA released a security breach notification that revealed that the threat actors […]
September 17, 2022

New York-based Empress Emergency Medical Services discloses data breach after ransomware attack

On Thursday 14th of July 2022, Empress Emergency Medical Services (EMS), emergency response and ambulance service provider based in New York suffered a ransomware attack. An investigation into the incident revealed that the threat actor had gained access to Empress EMS’ systems on Thursday 26th of May, 2022. The threat actor stayed in their systems until Wednesday 13th of July 2022, […]
September 15, 2022

Cyberattack against Bell Canada subsidiary claimed by Hive ransomware gang

The Hive ransomware gang claimed responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS). Within the data leak entry, Hive claims that they encrypted BTS’ systems almost a month ago, on Saturday 20th of August 2022. Even though BTS hasn’t disclosed when its network was breached or how the attack occurred, Bell Canada […]
September 10, 2022

A growing number of ransomware gangs adopting new intermittent encryption tactic

In recent months, a growing number of ransomware groups have been observing using a new tactic, intermittent encryption that helps them encrypt their victims’ systems faster while reducing the chances of being detected and stopped. This involves encrypting only parts of the targeted files’ content, which would still render the data unrecoverable without using a valid decryptor and key. This tactic […]
September 6, 2022

FBI releases joint advisory warning of Vice Society ransomware attacks on school districts

On Tuesday 6th of September 2022, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE cybersecurity advisory which revealed that multiple agencies have observed Vice Society threat actors disproportionately targeting the education sector with ransomware attacks. The impacts of ransomware attacks against the education sectors have ranged from restricted access to networks and data, delayed exams, cancelled […]
September 6, 2022

Second largest U.S. school district LAUSD experiences disrupt from ransomware

On Tuesday 6th of September 2022, Los Angeles Unified (LAUSD), the second largest school district in the U.S., disclosed that a ransomware attack hit its Information Technology (IT) systems over the weekend. The incident has been reported to law enforcement and federal agencies and LAUSD is now working with those agencies as part of an ongoing investigation and incident response. […]
September 2, 2022

Italian energy agency GSE hit by BlackCat ransomware group

On the Sunday night of the 28th of August 2022, Italy’s energy agency, Gestore dei Servizi Energetici SpA he experienced a ransomware attack by the BlackCat/ALPHV ransomware gang who claimed responsibility for the attack. It has been reported that GSE’s website and systems were taken down to block the threat actors from gaining access to the data on GSE’s systems. […]
August 31, 2022

Ragnar Locker ransomware claims attack on TAP Air Portugal

On the night of Thursday 25th of August, TAP Air Portugal, the flag carrier of Portugal, disclosed that their systems were hit by a cyber attack which resulted in their website and app being unavailable. The company stated that the attack had been blocked and added that it found no evidence indicating the attackers gained access to customer information stored […]