Following a cyberattack in early August, the threat actors behind the Ragnar Locker ransomware group have published a 1TB data trove belonging to Mayanei Hayeshua hospital in Israel. On their leak site, the threat actors confirmed they only stole data from the hospital and chose to not encrypt the impacted systems as they did not want to disrupt any life-saving equipment or other medical instruments. It is believed that the stolen data includes health and prescription records, administrative documentation, and other sensitive information.
Cyberattack shuts down MGM Resorts
At the start of the week, MGM Resorts officials discovered a cybersecurity incident affecting some of their internal computer networks. After shutting down several of their systems to isolate the incident, they were forced to take many of their casino games offline and were unable to access customer-facing websites and their reservation systems. Further investigation has revealed that unidentified threat actors may have executed ransomware on the MGM network, though they are still working to determine the initial attack vector.
Linux malware goes undetected for 3 years
Researchers have recently discovered a Linux download site for Free Download Manager that intermittently pushed out both benign and malicious versions of the program over the last 3 years, before the site suddenly went offline. The malicious versions of the app created a scheduled cron job that re-launched the file every 10 minutes, allowing the system to be permanently backdoored. After the backdoor was established, info-stealing malware would be dropped on the system and would proceed to hunt for any stored credentials on the system and upload them to the threat actor’s server.
Data breach targets Dymocks Booksellers accounts
Last week, researchers discovered a database of stolen data from Dymocks Booksellers that was circulating on known hacking forums, containing sensitive data on over 800,000 Dymocks customer accounts. While officials for Dymocks are still working to determine exactly when the information may have been compromised, the stolen data appears to have been available on multiple hacking forums for several months and is available to buyers for only a few dollars. Dymocks customers are being encouraged to update their account credentials, especially if they have re-used them on other sites, as they have been compromised.
Sri Lankan government loses months of data to ransomware attack
In mid-August, officials for the Sri Lankan government discovered an email campaign containing malicious links, that had been clicked by several recipients. Shortly afterwards, many government services and backup systems were fully encrypted by a ransomware attack, though they were able to restore those backups within 12 hours. Unfortunately, those backups were incomplete and roughly 4 months of both government and civilian data was permanently lost in the attack.
