Researchers have been tracking a newer ransomware variant that targets VMWare ESXi environments, similarly to the now-defunct ALPHV/BlackCat ransomware, and employing double extortion against their victims. The name Cicada3301 is a reference to an old cryptography videogame, whose developers have since published an announcement distancing themselves from the ransomware group.
FBI released year-long report on RansomHub
The FBI have recently published a report on the extensive activities of the RansomHub ransomware group, which began operations in February of this year, and have since targeted 210 organizations. It is believed that RansomHub is the successor of the notorious Knight ransomware and were the buyers of the source-code after Knight ransomware shutdown. The report also contains all known indicators of compromise from past attacks by RansomHub, along with known tactics and information on patching vulnerabilities that are exploited.
Cyberattack disrupts operations of Transport for London
Over the weekend, officials for Transport for London revealed that they had identified a cyber security incident that was impacting their internal systems, though main transportation functions remained unaffected. As the investigation continues, several internal systems have been taken offline, forcing employees to use paper to process transactions and operational documentation.
CBIZ suffers significant data breach
Towards the end of June, officials for the business and insurance service provider, CBIZ identified some unauthorized activity within their customer database that occurred due to exploitation of an unpatched vulnerability. The investigation revealed that extremely sensitive information for nearly 36,000 individuals had been compromised and exfiltrated to the hacker’s device. No ransomware group has yet to claim responsibility for this incident, though there may still be negotiations occurring behind the scenes.
LockBit publishes stolen data from Toronto District School Board
3 months after officials for the Toronto District School Board (TDSB) first identified a ransomware attack on their network, the threat actors behind the LockBit ransomware group have published the stolen data to their leak site. The leak comes shortly after the 2-week deadline for paying the demanded ransom and includes a large amount of personally identifiable information on thousands of students.
