SAN MATEO, CA, May 30, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.
- CLoP ransomware gang returns with a vengeance
- Ransomware affects children’s hospital
- New Jersey county hit with ransomware attack
- Gang calling themselves “REvil” executes DDoS attack
- North Carolina law to illegalize ransomware payments from public organizations
- GoodWill ransomware demands acts of charity
- Port of London Authority suffers cyberattack
- General Motors hacked
- PDFs used to spread Snake Keylogger
- Wedding registry site hacked
- Russian hackers target Italy
- Half a million Chicago students and staff have data exposed
CLoP ransomware gang returns with a vengeance
CLoP, a ransomware gang that had been inactive for a number of months, seems to have been taking the time to gather strength as it returned to claim 21 victims in a single month. Some experts believe that this sudden burst of activity may be related to CLoP going through the processes of shutting down operations for good. Read more.
Ransomware affects children’s hospital
East Tennessee Children’s Hospital has reportedly suffered a cyberattack that has affected more than 422,000 patients by exposing medical data, Social Security numbers, dates of birth and contact information. The attack took place between March 11th and March 14th of this year. The hospital is offering 12 months of identity theft protection services for anyone affected by the breach. Read more.
New Jersey county hit with ransomware attack
Workers for New Jersey’s Somerset County have had to turn off their computers and set up temporary Gmail accounts in order to still maintain service while administrators work to fix the issue. The attack has resulted in a disruption of telephone and IT services. It is not yet known who is responsible for the attack and authorities expect it to be at least a week before full functionality is restored. Read more.
Gang calling themselves “REvil” executes DDoS attack
A hacker collective that is reportedly claiming to be the defunct REvil ransomware gang has initiated a DDoS attack. Most experts conclude that the gang is a copycat operation due to REvil having been dismantled by the Russian government last year and the fact that the new attack does not bear the hallmarks of REvil’s previous work. Researchers feel that the gang is using the name in order to intimidate victims. Read more.
North Carolina law to illegalize ransomware payments from public organizations
A new article added to North Carolina law has made it illegal for public sector enterprises to submit ransom payments in response to a ransomware attack. The law makes it illegal for these agencies to even communicate with a ransomware attacker. Instead, organizations suffering from such an attack are to immediately report to the state’s Department of Information Technology. While the new law is clearly designed to curb ransomware payouts, it is unclear how the new article will be applied with regard to double extortion attempts. Read more.
GoodWill ransomware demands acts of charity
A new type of ransomware called GoodWill has been discovered in circulation in India. While ransomware typically extorts victims for money, GoodWill instead demands that those affected commit acts of charity or kindness in exchange for their data. From donating clothes to treating children to meals or covering medical expenses, GoodWill seems to be putting an interesting spin on the notion of hacktivism. Read more.
Port of London Authority suffers cyberattack
The Port of London Authority has succumbed to a distributed denial of service attack that has knocked its website offline. The attack is believed to have been carried out by Altahrea Team, a hacker collective that is believed to be based in Iran. Altahrea Team’s cyberattacks are generally politically motivated and designed to gain attention and exposure. They seek to fight against “oppressors around the world.” Read more.
General Motors hacked
American auto manufacturer General Motors has reported that it has suffered a credential stuffing attack last month that allowed criminals to redeem reward points in exchange for gift cards and also exposed customer data. GM is advising customers to change their login credentials as well as contact their banks to request credit reports as a result of the breach. Read more.
PDFs used to spread Snake Keylogger
A new campaign is utilizing PDFs to spread a malware type known as Snake Keylogger. The campaign also exploits a 22 year old bug within Microsoft Office and actually uses Microsoft Word to deliver the malware after using its PDF file as bait. The malware steals info from infected victims. Read more.
Wedding registry site hacked
Wedding registry site Zola has been hacked with criminals stealing hundreds of dollars from the accounts of customers. According to Zola, the site was the victim of a credential stuffing attack that resulted in the compromise of 3,000 accounts. The company is promising to refund those who have had money stolen from their accounts. Read more.
Russian hackers target Italy
A coordinated cyberattack that targeted thousands of Italian websites, including those run by the government, was carried out by Russian hacking groups Killnet and Legion, according to a report by the Italian police. Italian authorities have become increasingly concerned about the spread of Pro-Kremlin propaganda in the country and have created programs designed to counter disinformation campaigns. Read more.
Half a million Chicago students and staff have data exposed
A ransomware attack that occurred last December exposed the personal information of more than half a million Chicago Public Schools students and staff. The breach, which affected third party vendor Batelle for Kids, was not actually disclosed until last month. There is no evidence that any data has been misused and information such as health data and Social Security numbers was not accessed. Read more.