United States


German Mechanical Engineering Firm Dürr successfully Wards off Cyberattack

February 20, 2023

Dürr’s security experts were able to fend off a hacker attack. The subsidiary was also attacked. The attempt to break into the IT system of the Bietigheim-Bissingen mechanical engineering company was repelled. The hackers neither encrypted any data nor took control of the system. The employees at Dürr were informed about the attack. Everyone had to change their password.

There was also a hacker attack at an American company in the Homag Group, which belongs to Dürr AG, says Christen. The attackers got a little further in the company than in Bietigheim-Bissingen. The spokesman emphasizes that data was not lost there either. To prevent this, the computer systems were shut down. IT security checks are currently ongoing. (see cross link to Stiles Machinery)

read more

Ransomware Strikes Progressive Computing entire Client Base

July 2, 2021

On July 2, 2021, REvil ransomware group launched a cyberattack on Kaseya’s VSA. The attack affected approximately 50 managed service providers (MSPs). Progressive Computing was one of the victims and hackers installed ransomware across their entire client base. The hack simultaneously affected 500 endpoints across 80 clients with 200 physical sites in four different time zones.

read more

Encino Energy Says Operations Not impacted by Cyberattack

February 27, 2023

Major U.S. private natural gas and oil producer Encino Energy has disclosed that its operations were not impacted by a cyberattack, which it has already remediated, days after it was added by the ALPHV ransomware operation, also known as BlackCat, to its data leak site, reports The Record. Encino Energy spokesperson Jackie Stewart would not say if the cyberattack was a ransomware incident, if the company paid a ransom or if it had examined the 400GB of data on ALPHV’s site. The post by the cybercrime group does not mention a dollar figure or a deadline for payment.

ALPHV had exposed 400 GB of data claimed to be stolen from Encino Energy, which is Ohio’s primary oil producer, but company spokesperson Jackie Stewart refused to confirm the nature of the cyberattack and whether the demanded ransom was paid, as well as the veracity of the data leaked by the ransomware group.

Such an attack against Encino Energy comes after the ransomware gang’s intrusions against two Luxembourg-based energy firms, as well as German oil companies Mabanaft and Oiltanking.

read more

16 Hospitals of Prospect Medical Holdings Impacted by Ransomware Attack

August 3, 2023

The 16 hospitals run by Prospect Medical Holdings are still recovering from a ransomware attack announced last Thursday that caused severe outages at facilities in four states. Several of the hospitals were forced to divert ambulances to other healthcare facilities, cancel appointments and close smaller clinics while the parent company dealt with the attack. The incident has drawn national headlines due to how widespread it is, covering healthcare facilities in multiple states.

While the FBI and the U.S. Department of Health and Human Services (HHS) declined to comment on the perpetrators, HHS published a warning to all hospitals on Friday about Rhysida, noting that it was a relatively new ransomware-as-a-service (RaaS) group that emerged in May.

read more

Network Monitoring Company Users Affected by Hacking Campaign

August 24, 2023

Network monitoring company LogicMonitor confirmed today that some users of its SaaS platform have fallen victim to cyberattacks.
The company says that the hacking campaign has hit what it describes as a “small number” of users and is working with those affected to mitigate the attacks’ impact.

While LogicMonitor did not confirm that ransomware attacks hit its affected customers, anonymous sources familiar with the incidents told BleepingComputer that the threat actors hacked customer accounts and “were able to create local accounts and deploy ransomware.”

read more

Travel Booking Giant Sabre Investigating Claims of a 1.3TB Data Breach

July 20, 2023

Travel booking giant Sabre said it was investigating claims of a cyberattack after a tranche of files purportedly stolen from the company appeared on an extortion group’s leak site. The Dunghill Leak group claimed responsibility for the apparent cyberattack in a listing on its dark web leak site, alleging it took about 1.3 terabytes of data, including databases on ticket sales and passenger turnover, employees’ personal data and corporate financial information.

Sabre is a travel reservation system and major provider of air passenger and booking data. Many U.S. airlines and hotel chains rely on the company’s technology.

read more

Massive Ransomware Attack at Johnson Controls

September 24, 2023

Johnson Controls International suffered a massive ransomware attack. The attack encrypted many of the company devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations. Johnson Controls shut down portions of its IT systems over the weekend. After which many of its subsidiaries, including York, Simplex, and Ruskin, begun to display technical outage messages on website login pages and customer portals.

Customers of York report that they are told the company’s systems are down. “Their computer system crashed over the weekend. Manufacturing and everything is down,” a York customer posted to Reddit. “I talked to our rep and he said someone hacked them,” posted another customer. This morning, Nextron Systems threat researcher Gameel Ali tweeted a sample of a Dark Angels VMw. BleepingComputer reports the ransom note links to a negotiation chat where the ransomware gang demands $51 million to provide a decryptor and to delete stolen data. The threat actors also claim to have stolen over 27 TB of corporate data and encrypted the company’s VMWare ESXi virtual machines during the attack.

BleepingComputer reports that the Linux encryptor used in the Johnson Controls attack is the same as ones used by Ragnar Locker since 2021. They contacted Johnson Controls with questions regarding the attack but has not received a response.

read more

National Science Foundation Shuts down Telescopes in Hawai’i and Chile

August 1, 2023

A U.S. national center for astronomy was struck with a cyberattack this week that hindered the operations of an observatory in Hawai’i and Chile.

The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory – also known as NOIRLab – published a notice on Tuesday night explaining that the lab had discovered an attempted cyberattack on its systems that morning. The attack forced the “suspension of astronomical observations at Gemini North in Hawai’i.” Located in Maunakea, Gemini North is one of the Gemini Observatory’s two telescopes, with the other in Chile, and is an international science partnership between the U.S., Canada, Chile, Brazil, Argentina and South Korea.

“Quick reactions by the NOIRLab cyber security team and observing teams prevented damage to the observatory. Out of an abundance of caution we have decided to isolate the Gemini Observatory computer systems by shutting them down,” the organization said. Both the telescopes in Hawai’i and in Cerro Pachón, Chile have been shut down as the IT team investigates the incident and “develops the recovery plan in consultation with NSF’s cyber specialists.”

The lab did not say if the incident was a ransomware attack but said it had no impact on the infrastructure of other NOIRLab centers.

read more

Belt Railway Company Investigates Data Theft

September 7, 2023

The largest switching and terminal railroad in the U.S. is investigating the theft of data by a ransomware group. Operating about 28 miles of railroads, the company allows its owners to bring their trains to the headquarters where they are separated and reorganized. They also provide services to more than 100 local manufacturing companies that ship products across North America.

On Thursday evening, the Akira ransomware gang added the company to its leak site, claiming to have stolen 85 GB of data.

Christopher Steinway, general counsel of Belt Railway, told Recorded Future News that it recently became aware that “a threat actor group posted on its website that it had obtained certain company information.”

“The event did not impact our operations. We have engaged a leading cybersecurity firm to investigate the incident and are working with federal law enforcement,” Steinway said.

“Our investigation remains ongoing.”

read more

Unnamed US Energy Company Targeted with QR code Phishing Campaign

May 20, 2023

Cybersecurity researchers uncovered a large phishing campaign using malicious QR codes with the hopes of acquiring Microsoft credentials at several targets, including a major U.S. energy company.

QR codes have become widely adopted since the onset of the COVID-19 pandemic, with thousands of restaurants and businesses replacing physical menus and guides with the machine-readable images that pull up webpages containing the same information. But hackers have been quick to exploit the trend, launching campaigns that spread fake QR codes to steal user information.

Cybersecurity firm Cofense released a new report on Wednesday identifying a campaign that began in May targeting a wide array of industries. The hackers sent thousands of emails containing malicious QR codes to companies, which took users to a Microsoft credential phishing page. The author of the report declined to name the energy company that was attacked but said that about 29% of the emails they tracked as part of the campaign were sent to the energy company.

read more