Just days after the global law enforcement takedown of LockBit ransomware was revealed, the threat actors behind the group have confirmed that they re-established a victim data leak site and dismissed a sizable portion of the information that the FBI released. As law enforcement attempts to further crack down on the global ransomware epidemic, the threat actors continue to learn from the takedowns and are improving their tactics to avoid future incidents.
See our writeup of the incident here:
Insomniac Games employees affected by data breach
Officials for Insomniac Games have recently begun contacting current and former employees regarding a data breach from last November by the Rhysida ransomware group, who failed in their ransom negotiations. The stolen data included sensitive intellectual property and employee data, which has since been leaked and sold on their dark web site. Along with creating a call center for employees with questions regarding the incident, they have also offered credit and identity monitoring services for all affected individuals.
Cyberattack compromises data of pharmaceutical provider, Cencora
Last week, officials for the pharmaceutical solutions provider, Cencora, confirmed that they had fallen victim to a cyberattack that exfiltrated data from their systems, though they haven't identified if it includes employees or customers. Currently, no ransomware group has claimed responsibility for the incident, as the investigation continues into how many systems were compromised or what type of information was accessed.
67,000 U-Haul customers impacted by data breach
Staff at U-Haul have recently started notifying nearly 67,000 customers of a data breach that lasted for several months last year, though they didn’t discover the intrusion until December. The investigation revealed that the unknown threat actor used legitimate credentials to access employee systems and compromised customer records and sensitive reservation data. Fortunately, officials have confirmed that no payment card data was accessed during the breach, though they are offering credit and identity monitoring to impacted customers.
BlackCat ransomware targets Optum pharmacy solutions
Following the December takedown of BlackCat ransomware leak sites and systems, the threat group have resurged with an increased directive to target healthcare organizations, an industry that they previously avoided out of acknowledgement for life-saving services. Their latest victim is Optum Solutions, which is a subsidiary of UnitedHealth, and provides payment exchange services for healthcare operations. Many of their systems have been taken offline to halt any further access but have impacted pharmacies across the US.
