Financial debt collector Professional Finance Company suffered a recent ransomware attack that compromised sensitive patient records for 1.9 million people. In other cybersecurity news, US Dept of Justice successfully tracked and retrieved crypto ransomware payments made to Maui ransomware.
Knauf Group suffers ransomware attack
Nearing the end of June, IT staff for the Germany-based Knauf Group began investigating a security incident that forced nearly every system offline and culminated in a ransom demand by the Black Basta ransomware organization. Though it hasn’t been confirmed by Knauf officials, the Black Basta group has listed Knauf as a victim on their leak site, along with a significant portion of the allegedly stolen data. The Black Basta group has only been in operation since April of this year, but by using the Ransomware-as-a-Service model, they have made their presence known.
Law enforcement successfully retrieves ransom payments
More than a year after two healthcare organizations paid ransoms for decryption keys, officials for the US Department of Justice have just announced that they were successful in tracking cryptocurrency payments and retrieving the funds. The combined $500,000 in payments were tracked through a Chinese currency launderer and were destined for an account that was operated by the Maui ransomware group, which has been identified as being state backed by North Korea.
Financial debt collector leaks data on 1.9 million patients
One of the largest financial debt collectors in Colorado, Professional Finance Company, has revealed a recent ransomware attack that compromised extremely sensitive patient records for 1.9 million individuals. While officials for PFC are confident that the stolen data has not been used maliciously, they have confirmed the theft and have begun offering credit monitoring services for those affected. Rather than pay the demanded ransom, PFC instead has chosen to wipe their systems entirely and rebuild them from previous back-ups, along with enhancing their current security measures.
Magecart skimming attacks hit 300 restaurants
Researchers have been monitoring the activity of card skimming malware, Magecart, which has been spotted infecting two separate food delivery services and exposing payment card data from 300 different restaurants. Alongside the two delivery apps is a Point-of-Sale app that has also been compromised and is actively leaking customer data using a series of scripts that leave minor impact on the infected system but are highly efficient at exfiltrating data. It is believed that these combined skimming campaigns have gathered credentials for more than 50,000 credit cards.
Albanian government shuts down after cyberattack
Following a recent cyberattack, many Albanian government websites are still offline to prevent further damage to their systems. The sites were first spotted offline over the weekend, with the attack believed to have originated in Russia as their relations with Albania have been rocky since the invasion of Ukraine. The overall extent of the attack is still unclear as Albanian officials are notorious for storing data with security measures that are far below the standards of other EU nations.
