March 21, 2023

Saks Fifth Avenue confirms cyber security incident concerning Clop ransomware gang’s claims

On Monday 20th of March 2023, the Clop ransomware gang claimed to have attacked Saks Fifth Avenue on its dark web leak site. It is believed that the incident is a part of the gang’s ongoing attacks against vulnerable GoAnywhere MFT servers using the CVE-2023-0669 vulnerability. Since the post was released, sources have contacted Saks and a spokesperson confirmed the […]
March 17, 2023

Hitachi Energy confirms data breach after CL0P’s wave of GoAnywhere attacks

On Friday 17th of March 2023, Hitachi Energy, a department of Japanese engineering and technology giant Hitachi confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day vulnerability (CVE-2023-0669) in the Fortra GoAnywhere MFT (Managed File Transfer), that was first disclosed on February 2023. “We recently learned that a third-party software provider called FORTRA […]
February 10, 2023

The City of Oakland confirms systems are offline after a ransomware attack

On Wednesday 8th of February 2023, the local government of the City of Oakland was hit by a ransomware attack that resulted in them having to take all systems offline until the network is secured and affected services are brought back online. Even though they had to take all systems offline, the city has confirmed that the attack has not […]
January 3, 2023

Rail giant Wabtec discloses data breach following LockBit ransomware attack

On Friday 30th of December 2022, U.S. rail and locomotive company, Wabtec Corporation disclosed a data breach that exposed personal and sensitive information. The announcement revealed that the threat actors were able to breach their network and installed malware on specific systems as early as Tuesday 15th of March 2022. The announcement explained that on Sunday 26th of June 2022, […]
January 1, 2023

LockBit apologises with free decryptor after cyber attack against SickKids hospital

On Sunday 18th of December 2022, a teaching and research hospital in Toronto that focuses on providing healthcare to sick children, SickKids experienced a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website. The incident led to delays in receiving lab and imaging results and resulted in longer patient wait times. It was then revealed […]
November 28, 2022

Disruption to Intrado telecom provider claimed by Royal ransomware gang

On Tuesday 27th of December 2022, the Royal Ransomware gang claimed responsibility for a cyber attack against telecommunications company Intrado. At this current time, Intrado is yet to share any information regarding this incident. However, it is believed that the attack started on Thursday 1st of December 2022. The date of the initial breach coincides with a widespread outage that […]
August 22, 2022

Greece’s largest natural gas distributor suffers a data breach and disruptions following an attack by the Ragnar Locker ransomware gang

On Saturday 20th of August 2022, Greece’s largest natural gas distributor, DESFA released a statement confirming that they suffered a data breach and IT system outage following a cyberattack. Although due to the quick response of its IT team, the intrusion was limited. However, some files and data were accessed and could be possibly exfiltrated so there is the risk […]
May 9, 2022

National emergency declared by Costa Rica after Conti ransomware attacks

On Sunday 8th of May 2022, President Rodrigo Chaves, the newly elected Costa Rican President declared a national emergency where he cited ongoing Conti ransomware attacks as the reason for the emergency. The Conti ransomware group originally started their ransomware attacks against government institutions of Costa Rican last month.   In response to these attacks, on the 19th of April, Costa […]
January 24, 2022

Hacktivist group claims attack on Belarusian Railway in protest of Russia activity in Belarus

On Monday 24th of January 2022, the hacktivist group Belarusian Cyber-Partisans claimed to have encrypted the servers belonging to the Belarusian Railway, Belarus’s national state-owned railway company in protest of Russia using Belarusian Railway’s rail transport network to move military units and equipment into the country. “We encrypted some of BR’s servers, databases and workstations to disrupt its operations. Automation […]