Tag: Clop Ransomware

  • Ascension Healthcare Data Breach Exposes Information of Over 430,000 Patients

    Ascension Healthcare Data Breach Exposes Information of Over 430,000 Patients

    Ascension, one of the largest private healthcare systems in the United States, has confirmed that a recent data breach has compromised the personal and healthcare information of over 430,000 patients. The breach was disclosed in notification letters sent to affected individuals in April, revealing that the data was stolen during a cyber incident affecting a former business partner of the organization earlier in December.

    The breach allowed attackers to access sensitive personal health information, including details about inpatient visits, such as physician names, admission and discharge dates, diagnosis, billing codes, and medical record numbers. Additionally, personal details such as names, addresses, phone numbers, email addresses, dates of birth, race, gender, and Social Security numbers (SSNs) were also exposed.

    Ascension stated in a public communication, “On December 5, 2024, we learned that Ascension patient information may have been involved in a potential security incident. Our investigation determined on January 21, 2025, that Ascension inadvertently disclosed information to a former business partner, and some of this information was likely stolen from them due to a vulnerability in third-party software used by the former business partner.” Source

    The incident has particularly impacted individuals in Texas and Massachusetts, where the totals are reported as 114,692 and 96 respectively. Although Ascension initially withheld the exact number of affected individuals, an April 28 filing with the U.S. Department of Health & Human Services (HHS) later revealed that 437,329 individuals were impacted by the breach.

    To assist those affected, Ascension is offering two years of complimentary identity monitoring services, which include credit monitoring, fraud consultation, and identity theft restoration services. Despite this, details surrounding the breach affecting the former business partner remain sparse, though experts suggest that it may be linked to a series of ransomware attacks exploiting a critical flaw in Cleo secure file transfer software. Source

    Only last year, Ascension notified nearly 5.6 million patients and employees of a major ransomware attack attributed to the Black Basta group, which resulted from an employee inadvertently downloading a malicious file. This incident significantly disrupted Ascension’s operations, forcing staff to revert to manual record-keeping and halt non-emergency medical services. Source

    With a workforce exceeding 142,000, Ascension operates 142 hospitals and 40 senior care facilities across North America and reported revenues of $28.3 billion in 2023. As the healthcare industry grapples with increasing cyber threats, Ascension’s incident underscores the need for stringent data security measures.

  • UK National Cyber Security Centre Reports Surge in Significant Cyber Incidents

    UK National Cyber Security Centre Reports Surge in Significant Cyber Incidents

    The UK National Cyber Security Centre (NCSC) has reported a dramatic increase in the number of “nationally significant” cyber incidents, with over 200 such incidents managed from September 2024 to May 2025. This figure represents twice the number of incidents compared to the same timeframe last year, according to NCSC CEO Richard Horne during his keynote address at the CYBERUK conference in Manchester.

    The NCSC categorizes nationally significant cyber events as those with a substantial impact on the UK, affecting medium-sized organizations or posing considerable risks to larger entities and government operations. The rise in incidents aligns with confirmed ransomware attacks impacting major UK retailers like Marks & Spencer, Harrods, and Co-op, which have faced operational disruptions due to these threats.

    During the conference, Chancellor of the Duchy of Lancaster, Pat McFadden, highlighted alarming statistics from the NCSC’s 2024 Annual Review, revealing nearly 2,000 reports of cyber-attacks last year, with 89 classified as nationally significant, including 12 critical incidents. This marked a threefold increase in severe attacks compared to 2023, escalating concerns about the continuing threats posed by malicious cyber activities.

    In addition, Horne underscored that hostile nation-states operate within a “grey zone” that exists between peace and war, using cyber-attacks to achieve disruptive objectives while maintaining plausible deniability. He identified China as the primary threat to the UK cyber landscape, with the Chinese Communist Party leveraging vast capabilities. The NCSC has also noted increased cyber espionage activities from Russia, particularly as geopolitical tensions rise concerning Ukraine, demonstrating a worrying convergence of cyber and physical attacks against UK interests.

    As ransomware continues to be a persistent risk, Horne supports the Home Office’s proposed ban on ransom payments in the public sector, asserting the need for a future where paying ransoms is not an option. He described the threat of ransomware as possibly the most pressing challenge the UK faces in cybersecurity today.

  • Cloud Ransomware Attacks Surge as Organizations Struggle with Security

    Cloud Ransomware Attacks Surge as Organizations Struggle with Security

    A recent report by Rubrik reveals alarming trends in cyberattacks, with a staggering 90% of IT and security leaders reporting that their organizations faced a cyberattack in the past year. The persistence of ransomware attacks and a growing reliance on hybrid cloud environments highlight the urgent need for enhanced security measures, as many firms are left vulnerable due to misconceptions regarding their cloud service providers’ responsibility for data protection.

    Joe Hladik, Head of Rubrik Zero Labs, noted that the continued exploitation of hybrid cloud vulnerabilities indicates that cybercriminals remain ahead of the game. The report emphasizes that organizations must adopt a proactive approach to safeguarding their most valuable data and prioritize a data-centric security strategy that emphasizes visibility and quick recovery mechanisms. “The need for a data-centric security strategy that prioritizes visibility, control, and quick recovery has never been more urgent,” Hladik stated.

    The report also pointed out that nearly one-fifth of organizations faced over 25 cyberattacks in 2024 alone, averaging at least one breach every other week. The most prevalent attack vectors included data breaches (30%), malware on devices (29%), cloud or SaaS breaches (28%), phishing (28%), and insider threats (28%). The consequences of these attacks were significant, with 40% of respondents experiencing increased security costs and 37% noting reputational damage and lost customer trust.

    Despite the inevitable shift towards cloud adoption, challenges such as understanding application dependencies and managing hybrid environments continue to hinder full implementation. Approximately 90% of IT and security leaders manage hybrid cloud setups, with half reporting that most of their workloads have transitioned to the cloud. However, a prevalent misconception persists: the belief that cloud providers will entirely safeguard their users’ data, which often leads to a false sense of security.

    The report underscores the crisis in data recovery strategies, as 86% of organizations that experienced successful ransomware attacks last year reported paying a ransom to recover their data. Alarmingly, 74% of these organizations indicated that threat actors compromised their backup and recovery systems. With the increasing use of multiple cloud platforms—92% of organizations are utilizing two to five—it is evident that weak points in identity and access management are being exploited, exacerbating the ransomware threat.

    Insider threats are also a growing concern, with 28% of IT leaders highlighting that compromised credentials often drive these incidents. Moreover, a significant portion of high-risk sensitive files contains valuable digital data such as API keys and usernames, which are particularly attractive targets for cybercriminals seeking to hijack identities and breach critical systems.

  • UK Cyberattacks on Retail Sector Highlight Security Vulnerabilities

    UK Cyberattacks on Retail Sector Highlight Security Vulnerabilities

    The United Kingdom’s National Cyber Security Centre (NCSC) has sounded the alarm over a series of cyberattacks affecting notable retail chains in the country, describing the situation as a “wake-up call” for businesses to bolster their cybersecurity measures. Following a string of incidents targeting major players in the retail sector, the NCSC has emphasized the importance of adequate defenses to protect against similar threats in the future.

    As part of its response to these increasing threats, the NCSC, which operates under the auspices of the GCHQ intelligence agency, is collaborating with impacted organizations to determine the full scale and nature of the attacks. Dr. Richard Horne, CEO of the NCSC, noted that the disruptions pose serious risks not just to the businesses involved, but also to their customers and the general public. He urged all organizations to adopt recommended precautions found on the NCSC website to enhance their resilience against cyber threats. (Source)

    Amid this turmoil, the UK House of Commons’ Business and Trade Committee has summoned executives from major retailers including Marks & Spencer and Co-op to discuss whether they have received adequate support from relevant governmental bodies, including the NCSC and the National Crime Agency.

    The recent escalation in cyber threats may present a clear and alarming picture of the current state of digital security within the retail sector. Reports indicate that luxury department store Harrods was targeted on May 1st, following incidents affecting Co-op and Marks & Spencer in the preceding weeks. Harrods has initiated precautionary measures including restricting access to certain websites while it assesses the situation.

    Co-op also disclosed a security incident that triggered shutdowns of some IT systems as a precautionary measure against hacking attempts. Meanwhile, Marks & Spencer confirmed that its systems were compromised in a ransomware attack attributed to the notorious group Scattered Spider, causing disruptions in online ordering and contactless payment systems. (Source) The repercussions of these incidents underscore the pressing need for heightened vigilance and readiness within the retail landscape.

  • Ransomware Threat Remains Pervasive as Businesses Strengthen Cyber Defenses

    Ransomware Threat Remains Pervasive as Businesses Strengthen Cyber Defenses

    Ransomware attacks continue to pose significant challenges for companies worldwide, despite a modest decline in the percentage of organizations affected. According to a report by Veeam, the figure has decreased from 75% to 69%, yet the risk remains high. The report highlights that organizations are enhancing their preparedness through improved resilience practices and fostering collaboration between IT and security teams. This detail emphasizes the need for proactive cyber resilience strategies to effectively mitigate risks.

    Despite advancements in defense mechanisms, the statistics reveal that seven out of ten organizations experienced an attack within the last year. Of those that were attacked, only 10% successfully recovered more than 90% of their data, while a significant 57% managed to recover less than half of their data. This concerning trend underscores the persistent threat of ransomware, which is expected to challenge businesses throughout 2025 and beyond, as stated by Anand Eswaran, CEO of Veeam.

    Furthermore, the report notes a disturbing shift toward exfiltration-only attacks, where cybercriminals infiltrate networks to steal sensitive data without resorting to encryption. This tactic underscores the urgency for organizations to adopt robust security measures, especially given the reduced dwell time observed in many attacks, which occur in mere hours. Organizations lacking strong cybersecurity protocols are particularly susceptible as threat actors exploit vulnerabilities rapidly.

    Lastly, the report highlights a noteworthy decrease in ransomware payments, with 36% of affected organizations choosing not to pay ransoms. Among those that did, 82% paid less than the initial ransom amount proposed by attackers, illustrating a growing skepticism about the trustworthiness of these criminals. In addition, evolving regulations and legal frameworks are actively discouraging ransom payments as part of global initiatives aimed at strengthening defenses against such cyber threats. The concerted effort towards enhancing cybersecurity illustrates a shift towards prioritizing data resilience and proactive strategies, with organizations encouraged to implement the 3-2-1-1-0 rule for effective data management.

  • Cyber Threats to Automotive Industry Surge in 2025

    Cyber Threats to Automotive Industry Surge in 2025

    Amid growing concerns over cybersecurity, security incidents affecting the automotive and mobility industries surged by nearly 50% in the first quarter of 2025, according to recent data released by Upstream Security. Researchers tracked a staggering 148 publicly disclosed incidents in the first three months alone — a trajectory that, if it continues, could exceed the total of 409 incidents reported in 2024.

    Of significant concern is the rise of ransomware attacks, which accounted for 45% of the incidents observed. A prominent case involved Tata Technologies, an India-based automotive and aerospace service provider that faced severe disruption to its IT systems. After a month of turmoil, a group named Hunters International claimed responsibility for the attack, releasing approximately 730,160 stolen company files onto the Dark Web.

    With ransomware increasingly common within the automotive sector, experts warn that attackers often exploit compromised credentials to gain entry into systems. Yaniv Maimon, Upstream’s vice president of cyber services, noted that attackers could impersonate dealers or original equipment manufacturer (OEM) employees to gather sensitive data, access customer vehicle locations, and even manipulate vehicles remotely. Maimon adds that about 26% of the recorded incidents could have led to direct manipulation of vehicles on roads, heightening public safety concerns.

    The broader threat landscape also reveals that 63% of the incidents were classified as data breaches or privacy-related incidents, with half posing risks of significant disruptions to services or business operations. Upstream emphasizes that many of these incidents could potentially affect millions of vehicles, reflecting a troubling trend in the industry. Additionally, the number of threat actors targeting automotive and mobility has risen dramatically from 300 to over 1,100 within the past year.

  • Rising Cyber Threats in the Energy Sector: A Closer Look

    Rising Cyber Threats in the Energy Sector: A Closer Look

    Cyber threats targeting the energy sector are evolving, posing a significant risk to national infrastructure in the UK and US. According to research by Darktrace, these threats come in various forms, including state-sponsored attacks, profit-driven cybercriminal activity, and malicious insider actions. The impact of successful attacks can be devastating, potentially disrupting energy supplies and leading to severe economic and social damages.

    Email remains the primary conduit for such cyber threats, with 55% of incidents in both the US and UK involving phishing attacks aimed at harvesting credentials. Often, these attacks are executed through seemingly legitimate emails that compromise cloud-based services, such as Microsoft 365. Ransomware attacks have also surged, accounting for 18% of incidents, with notorious groups like ALPHV/BlackCat and Fog leading the charge.

    Incidents are on the rise, particularly in Europe, the Middle East, and Africa (EMEA), where renewable energy producers have faced heightened scrutiny from adversarial actors. Notable examples include targeted espionage campaigns against major companies like Honeywell and Schneider Electric, apparently linked to the APT28 group from 2019 to 2022. Furthermore, infamous hacking groups such as Sandworm have been implicated in attacks on Ukraine’s electrical infrastructure, highlighting the critical vulnerabilities within the sector’s operational technology.

    The advent of artificial intelligence (AI) in the energy sector presents both opportunities and challenges. While AI promises efficiency, experts warn that without adequate training, its implementation could introduce new vulnerabilities. Mark Bristow of the Cyber Infrastructure Protection Innovation Center at MITRE noted that while theories abound about AI disrupting power grids, the technology remains underdeveloped for such tasks at present.

    Moreover, the energy sector’s reliance on a limited pool of critical vendors exacerbates these risks. As highlighted by the Royal United Services Institute (RUSI), this over-reliance poses a formidable threat, as a single successful attack could have cascading effects on national infrastructure. Energy companies are now increasingly considering cloud hosting for operational technology devices, despite the new vulnerabilities this approach could introduce. With an increasing trend of outsourcing among energy firms, understanding the security posture of vendor software has become ever more critical.

  • Sarcoma Ransomware Group Claims Cyberattack on Manchester Credit Union

    Sarcoma Ransomware Group Claims Cyberattack on Manchester Credit Union

    A ransomware group known as Sarcoma has taken responsibility for a cyberattack that targeted the Manchester Credit Union (MCU) in the UK. The credit union reported experiencing technical issues with its payment system earlier this month, characterizing the incident as a ‘failed ransomware attack.’ Notably, MCU has stated that no customer data was compromised during the event. MCU’s statement confirmed the incident amid concerns over cyber threats to financial institutions.

    Despite not receiving a ransom demand, Sarcoma has listed the credit union on its leak site and has threatened to auction any stolen data unless a ransom is paid. The attack reportedly resulted in the wiping of some servers, leading to a two-day downtime for 21 employees and complicating forensic investigations.

    Founded in 1991, Manchester Credit Union serves over 32,000 members in the region. As a crucial financial resource for its community, the implications of such cyber vulnerabilities are significant, underscoring the need for robust cybersecurity measures.

    Rebecca Moody, Head of Data Research at Comparitech, commented on Sarcoma’s emergence as a ransomware threat, citing that the group has been linked to 14 confirmed ransomware attacks globally, primarily targeting financial institutions. Moody further noted that there are several unconfirmed claims linked to Sarcoma, reflecting the rising trend of cyberattacks on financial companies.

  • Cyberattacks Surge 47% Globally in Q1 2025, Education Sector Most Affected

    Cyberattacks Surge 47% Globally in Q1 2025, Education Sector Most Affected

    In the first quarter of 2025, the global landscape of cyber threats has dramatically escalated, with businesses facing a staggering increase in both the volume and sophistication of attacks. According to Check Point Software’s Q1 2025 Cyber Threat Intelligence Report, organizations experienced an average of 1,925 cyberattacks per week, marking a 47% increase from the previous year.

    The education sector emerged as the prime target for cybercriminals, suffering from an alarming average of 4,484 attacks each week. This figure represents a 40% increase compared to the next most-targeted industry, highlighting the vulnerabilities faced by educational institutions in today’s digital environment. Other heavily impacted sectors included government, telecommunications, healthcare, and automotive, with notable numbers of 2,678 and 2,664 attacks per week respectively.

    Geographically, Africa stood out as the region with the highest number of cyber incidents, witnessing a 39% increase, resulting in an average of 3,286 weekly attacks. The Asia-Pacific (APAC) region closely followed with a 38% rise in attacks. Surprisingly, while Latin America experienced the highest percentage growth in attacks at 108%, it did not lead in overall volume. Europe and North America reported increases of 57% and 40%, respectively, underscoring a widespread threat landscape.

    Ransomware incidents have surged dramatically, with a staggering 126% increase compared to the same period last year, predominantly affecting North America which accounted for 62% of global ransomware cases. Various sectors were targeted, with Consumer Goods & Services facing the brunt of these attacks. The rise in cyber threats is reflective of the evolving tactics employed by cybercriminals, notably the prevalence of double-extortion methods impacting organizations across multiple sectors and regions.

  • Ransomware Negotiations: A Balancing Act Between Ethics and Survival

    Ransomware Negotiations: A Balancing Act Between Ethics and Survival

    As organizations increasingly find themselves caught in the crosshairs of cybercriminals, the question of whether to negotiate or pay ransoms has become a pressing dilemma. Ransomware gangs have adopted business-like structures, complete with customer service and negotiation strategies, making no sector immune to these attacks. From hospitals to global corporations, the surge in ransomware incidents highlights the precarious situation companies face when their data is held hostage.

    A recent report by Zscaler sheds light on the growing trend of larger ransom amounts, initiated by incidents like the reported $75 million payment to the Dark Angels group. This development has reportedly inspired other ransomware operators to demand higher payouts. However, there is a silver lining; according to Chainalysis, a significant number of victims are now refusing to yield to these demands, creating a more challenging environment for attackers source.

    Despite rising frustrations toward these criminal enterprises, some companies feel compelled to make ransom payments to regain access to critical systems. With lives at stake in scenarios like hospital data breaches, the urgency of recovering operational capabilities often overrides ethical considerations. Noteworthy cases, such as the Colonial Pipeline attack, underscore the complicated nature of these decisions; they paid a $5 million ransom, though law enforcement later managed to recover a portion of those funds source.

    In the wake of such threats, professionals advocate for a strategic approach to ransomware negotiations. Many organizations enlist third-party negotiators who specialize in these high-stakes dialogues. By maintaining professionalism and deploying tactics like stalling to buy time, these experts aim to lower ransom demands while minimizing the risk of data loss. Moreover, early involvement of law enforcement has proven essential, aiding in the identification and apprehension of cybercriminals source.

    Ultimately, the challenge lies in creating effective ransomware response plans that equip organizations to handle these crises efficiently. Best practices include preparing through simulated attack exercises and laying out clear protocols for both prevention and response. As ransomware attacks become more sophisticated and unpredictable, companies must adapt to an evolving digital landscape with an emphasis on resilience and strategic decision-making.