In the months following a cybersecurity incident that disrupted the operations at the Port of Seattle, officials have confirmed that the Rhysida ransomware group had successfully exfiltrated data for nearly 90,000 individuals. Officials for the Port of Seattle initially entered negotiations with the threat actors, but after refusing to pay the demanded ransom, the stolen data was published to the group’s leak site. The compromised information includes a large amount of personally identifiable information (PII), and could be used for additional attacks, including phishing attacks and identity fraud.
Clop ransomware adds WK Kellogg to list of Cleo victims
Following the exploitation of a vulnerability in the Cleo file transfer software back in December of last year, officials for the WK Kellogg cereal company have recently confirmed that a significant amount of sensitive employee data had been compromised. The threat actors behind the Clop ransomware group added WK Kellogg to their list of victims on their dark web leak site in February, but company staff didn't realize they had been affected until later that month. It is believed that the main target of this attack were personnel files that were using Cleo software to be shared with HR service providers.
Everest ransomware leak site taken offline
Over the weekend, researchers discovered that the known leak site for the Everest ransomware group was hacked to display a message about how crime is bad, and later the entire site was offline. It is unclear if another cybercrime group was responsible for this takedown or if law enforcement was involved, but as the group has been active for nearly 5 years, this also has the likelihood of being an exit plan by the group which may lead to an eventual re-branding.
European car rental firm suffers data breach
Towards the end of March, a threat actor using the moniker, Europcar, published a data trove of 37GB that was allegedly exfiltrated from the European rental car company of the same name. The threat actor claims to have compromised the company’s GitLab repositories, which contain sensitive customer and employee information, as well as proprietary source code for the company’s software. As the investigation continues, officials are working to determine the extent of the damage and identify the number of individuals that have been affected.
Washington school district confirms extent of September ransomware attack
Following the investigation into a cybersecurity incident that closed all the Highline Public Schools facilities back in September, officials have finally confirmed that it was due to a ransomware attack. The investigation also revealed that a significant amount of sensitive student and staff information had been compromised, and Highline officials are urging all affected individuals to remain vigilant and are even offering a year of both credit and identity monitoring. It is still unclear as to which ransomware group was behind this incident, as no threat actors have claimed responsibility nor added Highline Public Schools to a leak site.
