Researchers have spotted a malicious Google Chrome extension that has been installed on over 200,000 devices since first becoming available for download in 2019. While this extension does install a legitimate download manager, it also performs several unsavory tasks like promoting spam websites and claiming to increase download speeds by exorbitant amounts, but instead just displays a continuous stream of pop-ups. Even with warning reviews dating back to 2019, this extension has continued to receive reviews claiming to experience none of the listed issues and is still being installed by unsuspecting users every day.
Plex warns users of data breach
Widely used media streaming platform, Plex, has pushed out a mandatory password reset after identifying some unknown activity on their systems. During the investigation, Plex officials discovered that an unauthorized individual was able to access user account details. Fortunately, payment card data is not stored on Plex’s servers. Users have been flooding the site ever since the email warning went out, temporarily slowing their systems down, and giving some users logging out issues when changing credentials.
LockBit 3.0 used against French hospital
Over the weekend, the Center Hospitalier Sud Francilien (CHSF) in central France suffered a ransomware attack that used LockBit 3.0 to encrypt a sizable portion of the hospital’s systems causing disruptions to emergency services. Many incoming patients are being redirected to other healthcare facilities that have retained operating functionality, while staff at CHSF are restricted to using pen and paper for managing patient forms and information. It was confirmed during the investigation that the attackers left a ransom note demanding $10 million for the decryption key.
RansomEXX leaks stolen data from Ski-Doo ransomware attack
The actors behind the RansomEXX ransomware group recently posted 29GB of stolen data to their leak site that is allegedly from an attack on Bombardier Recreational Products (BRP) earlier this month. The attack on BRP halted production throughout their organizations and forced delays onto current and future customer orders. Officials for BRP have confirmed that the leaked documents are legitimate, but fortunately do not contain any sensitive information on customers.
UK’s Holdcroft Motor Group falls victim to ransomware
Late last month, the Holdcroft Motor Group in the UK suffered a ransomware attack that left many of their systems irreparably damaged and resulted in the theft of sensitive employee data. While staff were able to restore some of the affected systems, others were fully deleted, making normal restoration activities significantly more complex. Auto dealers have become a popular target over the last year, with cyberattacks striking several dealerships throughout the UK already.
