Philadelphia Inquirer Unable to Print Sunday Paper

May 11, 2023

The Philadelphia Inquirer was hit with a cyberattack that resulted in significant disruptions to its operations. It was unable to print its Sunday paper on May 14, and it had to scramble to restore several systems. The paper closed its office through Tuesday and the newspaper is working with “third-party forensic specialists from Kroll to restore systems and fully investigate the matter,” according to the emailed statement.

With the timing of the attack right before the city’s mayoral primary election, political motivation is a possibility. The Philadelphia Inquirer has not made any ransom demands public, nor is it clear if the information of employees or customers has been compromised, according to The Philadelphia Inquirer coverage.

read more

T-Mobile Data Breach Hits 37 Million

November 25, 2022

U.S. wireless carrier T-Mobile said an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth.

T-Mobile said in a filing with the U.S. Securities and Exchange Commission that the breach was discovered Jan. 5. It said the data exposed to theft — based on its investigation to date — did not include passwords or PINs, bank account or credit card information, Social Security numbers or other government IDs.

“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time,” T-Mobile said, with no evidence the intruder was able to breach the company’s network. It said the data was first accessed on or around Nov. 25.

T-Mobile, based in Bellevue, Washington, became one of the country’s largest cellphone service carriers in 2020 after buying rival Sprint. It reported having more than 102 million customers after the merger.

read more

T-Mobile Hit Again

February 24, 2023

While it may seem like a small attack, T-Mobile disclosed its second data breach this year after the company found attackers accessed personal information of over 800 customers in late February.
The first breach, which the company discovered in early January, hit 37 million customers. This attack affected 836 customers, according to a notification to the Maine Attorney General’s office.
The breach occurred between Feb. 24 and March 30, according to the notification. The Bellvue, Washington-based T-Mobile said it discovered the issue March 27. The information the attackers acquired entailed name and driver’s license number or non-driver identification card number.

read more

Ransomware Attack at Dish Network

February 23, 2023

Satellite TV behemoth Dish Network experienced a network outage last week that was the result of a ransomware attack, company officials said in an 8-K filing to the Securities and Exchange Commission (SEC).
The attack appeared to affect, the Dish Anywhere app, Boost Mobile (a subsidiary owned by Dish Wireless), and other websites and networks owned and operated by Dish Network. Customers also said the company’s call center phone numbers were unreachable.
The attack effected 296,000 individuals.

read more

The Guardian Closes Offices after Cyberattack

December 20, 2022

The Global IT system at The Guardian newspaper was hit by a ransomware attack on December 20. Offices are closed to “reduce the strain” on the company’s networks. All workers were told to work remotely until at least January 23.

read more

Hackers Demand $60M Ransom from Intrado Telecommunications

December 1, 2022

The Royal Ransomware gang claimed responsibility for a cyber attack against telecommunications company Intrado on Tuesday.

While Intrado is yet to share any information regarding this incident, sources have told BleepingComputer early this month that the attack started on December 1 and the initial ransom demand was $60 million. The Royal Ransomware group, made up of experienced threat actors and operating without affiliates, has reportedly stolen some data from Intrado’s systems and is now threatening to publish it on their data leak site unless the company pays the ransom. The attackers claim to have obtained internal documents, passports, and employee driver’s licenses from compromised Intrado devices.

Although the ransomware gang has not yet leaked any of the files allegedly exfiltrated from Intrado’s network, they did share a 52.8 MB archive containing scans of passports, business documents, and driver’s licenses as proof of the breach.

Intrado has not yet responded to multiple requests for comment from BleepingComputer via email and voicemail.

read more

Ransomware Attack Cripples Indian Port Container Terminal JNCPT

February 21, 2022

Jawaharlal Nehru Port Container Terminal was hit by a suspected ransomware attack. JNPCT operations are down and they are unable to process containers. Vessels were diverted and JNPCT stopped accepting ships for loading/unloading at the port.

JNPCT is owned and operated by the port authority, while the other terminals are private. This mirrors a NotPetya attack that occurred at the Gateway Terminal India (GTI) terminal at the same port, owned by Danish AP Moller-Maersk (APM), in 2017. At the time, 17 APM terminals around the world were hit simultaneously.

read more

Ransomware Attack Cripples Printing Systems at German Newspaper

October 14, 2022

Attack at German newspaper ‘Heilbronn Stimme’ impacted the entire Stimme Mediengruppe media group, which includes the companies ‘Pressedruck’, ‘Echo’, and ‘RegioMail.’ The newspaper published Saturday’s 28-page issue in e-paper format after a Friday ransomware attack crippled its printing systems. Phone and email communication remained offline during the weekend. Ransomware attack encrypted all systems.

The regional publication has a circulation of about 75,000 copies, but due to printing issues has temporarily lifted the paywall from its website, which counts approximately 2 million visitors per month.

read more

RansomEXX Attacks CNT Telecommunications in Ecuador

July 16, 2021

Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support.

BleepingComputer has learned that the attack was conducted by a ransomware operation known as RansomEXX. Additionally the site reported they contacted CNT with further questions but ‘have not received a response at this time.”

read more

Apparently Unsuccesful Cyberattack at Arvig Communications.

October 25, 2022

Arvig experienced a network-wide service outage affecting nearly all of its customers statewide. Beginning at approximately 6:45 a.m., internet, television and most voice services unexpectedly went down. The outage was the result of an apparently unsuccessful cyberattack. The threat was eliminated and services were restored within a matter of hours. ‘Though our investigation of this matter is still in its early stages, to our knowledge at this time, no customer data was exposed, accessed or lost as a result of this attack.” Arvig said in a statement.

read more