In the last week, threat actors behind the Rhysida ransomware group have claimed responsibility for a cyberattack on the Peruvian government’s online systems. Along with adding the government agency to their leak site, the group has also demanded a 5-bitcoin ransom for the exfiltrated data, with only a week to make that payment before the stolen data is published. Rhysida has been highly active in the ransomware space since 2023 and has added the government of Peru to their list of 182 other victim organizations.
Texas school district breached by Fog ransomware
Late last week, officials for the Alvin Independent School District (AISD) in Texas revealed that they had been impacted by a data breach in July of last year, which may affect more than 47,000 individuals. The threat actors from the Fog ransomware group have claimed this incident and added AISD to their leak site, with a 60GB data trove of stolen information. Fog ransomware typically targets organizations in the education sector, with 12 of their 20 confirmed attacks being specifically focused on education facilities.
Cyberattack causes delays at medical device manufacturer
At the end of April, officials for the medical device maker Masimo confirmed that they had suffered a cyberattack that has caused disruptions to their manufacturing operations. The following investigation revealed that unknown hackers had breached the company’s internal network and gained access to several critical systems. It is unclear if any employee or customer information was compromised during this incident, nor is it known which threat actor group was responsible.
Third UK retailer hit by cyberattack
Following the current chain of cyberattacks targeting UK retailers, the latest victim is Harrods, which announced that they had identified unauthorized activity on their network in the past week and were forced to take several operational systems offline. This incident comes just weeks after two other prominent UK retailers suffered similar attacks, Marks & Spencer and Co-operative, leading many to wonder what links these companies together, be it similar software or a compromise in the supply chain. Harrods staff are still investigating this incident to determine if any customer information was leaked.
Take a look at our blog and stream the webinar on the details of this attack.
Black Kingdom ransomware admin indicted in US
After a multi-year long investigation into the Black Kingdom ransomware group, responsible for over 1,500 cyberattacks on Microsoft Exchange servers, US law enforcement has indicted a Yemeni national believed to be a Black Kingdom admin. The suspect is being charged with deploying ransomware attacks Exchange servers for dozens of organizations in the US and demanding $10,000 to be paid in bitcoin for restoring access to the servers.
