Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store this for 05/03/23 – 05/09/23. If you missed last’s week’s news, read Hacks, Attacks and Breaches: Critical Breaches Expose Sensitive Data on the Dark Web.
It’s an all ransomware edition of #HacksAttacks&Breaches this week, featuring an attack that snarled operations for the city of Dallas, Texas, two big hits by ALPHV/BlackCat, and an attack that shut down a medical center for two weeks. This week’s highlights:
- Cybercrime group Medusa nearly crippled an Australian medical clinic with a 100,000 dollar ransom.
- ALPHV/BlackCat has struck again – this time two companies lost over 5 TB of confidential company data.
- The RansomHouse and Royal ransomware gangs strike a payment processor and learning management company, leaking all sorts of private information.
Murfreesboro Medical Clinic & SurgiCenter (MMC)
Murfreesboro Medical Clinic & SurgiCenter (MMC): Healthcare Provider
Risk to Business: The Murfreesboro Medical Clinic & SurgiCenter (MMC)in Tennessee has been forced to shut down operations for two weeks as the result of a devastating ransomware attack. The incident began on April 22, resulting in a complete shutdown of the facility’s systems to limit the spread of the attack. Some individual offices within the system have reopened, but many major functions including a surgical center remain closed. MMC officials said that they have been working with cybersecurity experts and law enforcement to investigate the incident and determine the extent of the attack and restore full operations.
How it Could Affect Your Customers’ Business: A virtually complete closure for two weeks is a disaster for this medical group and the community it serves.
AvidXchange: Payment Processor
Risk to Business: North Carolina-based payments company AvidXchange has disclosed that it is suffering its second ransomware incident of 2023. The RansomHouse ransomware gang has claimed responsibility for the attack and released the stolen data on its leak site. That data includes non-disclosure agreements, employee payroll information and corporate bank account numbers. The data that was published by RansomHouse also includes many user accounts’ login details, including usernames, passwords and, in some cases, answers to security questions for a variety of the company’s systems, including cloud accounts and security software, through to smart door locks and surveillance cameras. The company said that it detected the intrusion in early April.
How it Could Affect Your Customers’ Business: This type of financial data is extremely desirable on the dark web and valuable to bad actors, so it needs strong protection.
The City of Dallas, TX
The City of Dallas, TX: Municipal Government
Risk to Business: A ransomware attack on the systems of the city government of Dallas, Texas impacted some systems last week. The attack shut down the Police Department and City Hall websites as well causing jury trials to be postponed in the Municipal Court. The computer-assisted dispatch system that is used to help firefighters respond to emergency calls was also knocked out, forcing first responders that utilize those systems to handle dispatch manually. The city said that the attack’s impact was limited and it’s working to restore affected systems. No word of any ransom demand and no one has claimed responsibility.
How it Could Affect Your Customers’ Business: Governments and government agencies of every size have been prime targets for ransomware attacks in the past few years.
Edison Learning: Education Management Organization
Risk to Business: The Royal ransomware gang says that it is responsible for a ransomware attack on public school and distance learning management company Edison Learning. The group added Edison Learning to its dark web data leak site on April 26. It claims to have stolen 20GB of the company’s data including personal information of employees and students. Edison Learning has confirmed the incident but refused to provide further details, saying that an investigation is ongoing.
How it Could Affect Your Customers’ Business: Because of the time-sensitive nature of their operations, schools are prime targets for ransomware attacks.
Constellation Software: Business Software Company
Risk to Business: The ALPHV/BlackCat ransomware group successfully hit Ontario-based business software firm Constellation Software last week. The company has confirmed that some of its systems were breached by threat actors who also stole personal information and business data from a small number of systems related to internal financial reporting and related data storage. All systems have been restored. BlackCat listed Constellation on its leak site claiming to have nabbed 1 TB of data.
How it Could Affect Your Customers’ Business: Supply chain attacks like strikes on business service and technology providers have been escalating, elevating supply chain risk for businesses.
UK – The National Smallbore Rifle Association (NSRA)
The National Smallbore Rifle Association (NSRA): Sports Governing Body
Risk to Business: The UK The National Smallbore Rifle Association (NSRA) is warning members that it experienced a hacking incident last week that may have exposed member data. In a statement, the association assured members that the attack hit legacy servers that contain working documents and its membership portal remains secure. However, the group said it cannot be sure who was impacted because it doesn’t have access to the breached servers, leading to reports concluding that this was a ransomware incident. NSRA said that it is working with the UK’s South East Regional Organized Cybercrime Unit (SEROCU) in the investigation.
How it Could Affect Your Customers’ Business: Information like this can be used by bad actors to mount spear phishing campaigns.
Australia – HWL Ebsworth
HWL Ebsworth: Law Firm
Risk to Business: Australian commercial law firm HWL Ebsworth fell victim to a ransomware attack by the ALPHV/BlackCat ransomware group late last week. The bad actors claim to have snatched 4 TB of confidential company data. The group posted an assortment of data to their dark web leak site including employee CVs, IDs, financial reports, accounting data, client documentation, credit card information, and a complete network map.
How it Could Affect Your Customers’ Business: Law firms can hold some very valuable and sensitive data making them very attractive targets for bad actors.
Australia – Crown Princess Mary Cancer Centre
Crown Princess Mary Cancer Centre: Specialty Medical Clinic
Risk to Business: Crown Princess Mary Cancer Centre in Westmead Hospital has disclosed that it has been the victim of a ransomware attack by the cybercrime group Medusa that has led to data exposure for patients. The group claims to have grabbed thousands of files, some containing sensitive patient data, and is threatening to expose them if not paid $100,000. The clinic has not confirmed what amount or types of data were stolen. NSW Health is investigating the incident in concert with authorities.
How it Could Affect Your Customers’ Business: Bad actors love to hit medical offices of all sizes hoping for a fast payment and lots of valuable data.