The City of Oakland, CA declared a local state of emergency after discovering a ransomware attack that forced them to temporarily stop services and shut down their internal systems. In other cybersecurity news, Pepsi Bottling Ventures suffered a data breach that took close to three full weeks to discover.
DarkBit ransomware targets Technion Institute of Technology
On Sunday evening, staff at Israel’s Technion Institute of Technology discovered a ransom note on all network computers that demanded 80 Bitcoins for a decryption key and the return of all stolen data, by the newly formed ransomware group DarkBit. Though all computer systems for the organization are still offline, likely to prevent any further spreading of the encryption, classes on the physical campus are continuing as normal. It is believed that the DarkBit ransomware group are anti-Israeli hacktivists, as the ransom note contained several antisemitic remarks. The group is new enough though that much is still unknown.
MortalKombat ransomware used to steal cryptocurrency
Researchers have recently identified a new crypto-stealing campaign that is active across the globe and uses malicious emails to deploy MortalKombat ransomware to the victim device that then runs a cleanup script that removes all traces of the infection. The initial campaign emails contain a ZIP file attachment and urge the recipient to unzip it, which then runs a BAT script to download the final ransomware payload and starts scanning the system for any cryptocurrency transaction data that may be locally stored.
Clop ransomware claims zero-day attack on GoAnywhere MFT tool
The threat actors behind the Clop ransomware group have taken responsibility for exploiting a zero-day vulnerability within Fortra’s GoAnywhere MFT tool that allowed the group to allegedly steal data from 130 organizations. The zero-day exploit will allow for remote code injection if the attackers have access to the administrative console, and with over 1,000 of these consoles being Internet-facing, there are plenty of opportunities for more organizations to become victims. Fortra has since published a patch for this vulnerability and is urging all customers to implement it immediately, as well as reviewing all administrative users for any that aren’t legitimate.
Pepsi Bottling Ventures suffers data breach
Following an investigation into some unauthorized activity on their network back in December, officials for Pepsi Bottling Ventures (PBV) have confirmed that they had fallen victim to a data breach, which compromised a significant amount of both customer and employee information. Unfortunately for PBV, they didn’t discover the network intrusion for almost three weeks after the hackers had initially breached and had been using that time to gather as much data as possible. The company is offering all affected employees and customers identity and credit monitoring services and warning them to be wary of any possible phishing attempts.
Ransomware shuts down City of Oakland, CA
Last week, officials for the City of Oakland, CA issued a local state of emergency after a ransomware attack was identified on their internal systems and were forced to take the remaining services offline until an investigation could begin. It is still unclear as to which ransomware group was behind this attack, or if any sensitive data was stolen during the incident.
