August 22, 2022

Greece’s largest natural gas distributor suffers a data breach and disruptions following an attack by the Ragnar Locker ransomware gang

On Saturday 20th of August 2022, Greece’s largest natural gas distributor, DESFA released a statement confirming that they suffered a data breach and IT system outage following a cyberattack. Although due to the quick response of its IT team, the intrusion was limited. However, some files and data were accessed and could be possibly exfiltrated so there is the risk […]
May 9, 2022

National emergency declared by Costa Rica after Conti ransomware attacks

On Sunday 8th of May 2022, President Rodrigo Chaves, the newly elected Costa Rican President declared a national emergency where he cited ongoing Conti ransomware attacks as the reason for the emergency. The Conti ransomware group originally started their ransomware attacks against government institutions of Costa Rican last month.   In response to these attacks, on the 19th of April, Costa […]
January 24, 2022

Hacktivist group claims attack on Belarusian Railway in protest of Russia activity in Belarus

On Monday 24th of January 2022, the hacktivist group Belarusian Cyber-Partisans claimed to have encrypted the servers belonging to the Belarusian Railway, Belarus’s national state-owned railway company in protest of Russia using Belarusian Railway’s rail transport network to move military units and equipment into the country. “We encrypted some of BR’s servers, databases and workstations to disrupt its operations. Automation […]
December 6, 2021

Hundreds of SPAR stores across northern England closed after ransomware attack

On Sunday 5th of December 2021, approximately 330 SPAR stores in northern England experienced a ransomware attack that has led to many of the stores having to close or switch to cash-only payments. The affected stores experienced a total IT outage which resulted in tills, credit card payment processing systems, and emails being impacted. Currently, it is unknown which ransomware gang is responsible […]
November 12, 2021

Customers urged to change passwords after German medical software vendor Medatixx experiences ransomware attack

On Friday 12th of November 2021, Medatixx, a German medical software vendor who provides medical software to over 21,000 health institutions, announced they had experienced a ransomware attack which has led to their operations being shut down. Shortly after the attack, they urged their customers and users to change their application passwords and passwords to all their workstations and servers […]
November 2, 2021

FBI warn ransomware gangs are targeting companies during time-sensitive financial events

On Monday 1st of November 2021, the United States Federal Bureau of Investigation (FBI) released a TLP: WHITE private industry notification where they warned that threat actors from ransomware gangs are starting to target companies that involved in significant, time-sensitive financial events like corporate mergers and acquisitions in the hope that these events will encourage these target companies to pay […]
October 26, 2021

FBI releases flash alert against Ranzy Locker ransomware

On Monday 25th of October 2021, the United States Federal Bureau of Investigation (FBI) announced that Ranzy Locker ransomware operators have compromised at least 30 US companies this year from various industry sectors. In a TLP: WHITE flash alert, the FBI states that the victims of the Ranzy Locker ransomware attacks included “the construction subsector of the critical manufacturing sector, […]
September 15, 2021

South Africa’s Justice Ministry experiences delays to their services after ransomware attack

On 9th of September 2021, justice ministry of the South African government released a statement that the Department of Justice and Constitutional Development had experienced a security breach which was caused by ransomware on the evening of 6th September 2021. This attack led to all their information systems being encrypted and therefore unavailable to both internal employees as well as […]
September 7, 2021

The return of REvil? REvil servers are suddenly back online

The operation servers of the REvil ransomware gang, aka Sodinokibi, have just been turned on for the first time since July after their large-scale attack against Kaseya when they used a zero-day vulnerability in the Kaseya VSA remote management software to encrypt around 60 managed service providers (MSPs) and over 1,500 of their business customers. Their disappearance was noticed when […]