Recently, one of the largest energy suppliers in Romania, Electrica, has revealed that they had fallen victim to a ransomware attack which had breached their internal systems. The Lynx ransomware group is claimed to be responsible for this incident, though no official statement has been released, nor has Electrica been added to the ransomware group’s data leak site. As the investigation is ongoing, little is known about the initial attack vector, though authorities have provided a YARA script that was created to scan for malicious binaries on a network.
Operation PowerOFF shuts down global DDoS platforms
The latest international law enforcement collaboration, Operation PowerOFF, has successfully shut down 27 notorious web platforms that offered Distributed Denial of Service (DDoS) capabilities, including what are known as ‘booster’ and ‘stressor’ websites, used to overload victim websites and other web-based services with excessive traffic. Operation PowerOFF, which had cooperation from 15 different countries around the world, also led to the arrest of three individuals who are suspected of being admins for some of the DDoS platforms located in France and Germany.
Port of Rijeka breached by 8Base ransomware
At the beginning of December, officials for the Port of Rijeka in Croatia identified some unauthorized activity on their systems, which was later revealed to be a ransomware attack carried out by the 8Base ransomware group. The threat actors behind the 8Base group claim to have exfiltrated a significant amount of sensitive information from the port, including financial documents, and employee documents. Fortunately, officials believe that this incident has had no negative effect on normal port operations, nor are they willing to pay the demanded ransom for the stolen data.
Hackers compromise Krispy Kreme’s online ordering systems
At the end of November, staff in the IT department of Krispy Kreme began monitoring a cyber incident that was targeting their online order systems and causing disruptions to their daily operations. As the investigation continues, officials are still working to identify all systems that may have been compromised during the intrusion and verify if any customer information has been illicitly accessed. Luckily, retail stores are maintaining normal operations to allow customers to make purchases and supplier transactions are processed correctly.
Medical device manufacturer hit with ransomware
Over the weekend, the Atlanta-based heart surgery device manufacturer, Artivion was targeted by a ransomware attack that forced the company to take many of their systems offline to avoid additional damage. The investigation has confirmed that several of Artivion’s servers were encrypted, and information may have been exfiltrated by the attackers, though that has yet to be confirmed. Currently, no ransomware group has claimed responsibility for this incident, though this may be due to a negotiation between them and Artivion staff.
