Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ransomware attack. Show all posts
Sensitive Data Leak
Cyber Attacks Data Leak data security Data Theft IT Systems Ransomware attack Ransomware group Ransomwares Sensitive Data Leak

Tata Technologies Cyberattack: Hunters International Ransomware Gang Claims Responsibility for 1.4TB Data Theft

 

Hunters International, a ransomware group known for high-profile cyberattacks, has claimed responsibility for a January 2025 cyberattack on Tata Technologies. The group alleges it stole 1.4TB of sensitive data from the company and has issued a threat to release the stolen files if its ransom demands are not met. Tata Technologies, a Pune-based global provider of engineering and digital solutions, reported the cyberattack in January. 

The company, which operates in 27 countries with over 12,500 employees, offers services across the automotive, aerospace, and industrial sectors. At the time of the breach, Tata Technologies confirmed that the attack had caused disruptions to certain IT systems but stated that client delivery services remained unaffected. The company also assured stakeholders that it was actively restoring impacted systems and conducting an internal investigation with cybersecurity experts. 

However, more than a month later, Hunters International listed Tata Technologies on its dark web extortion page, taking responsibility for the attack. The group claims to have exfiltrated 730,000 files, totaling 1.4TB of data. While the ransomware gang has threatened to publish the stolen files within a week if a ransom is not paid, it has not provided any samples or disclosed the nature of the compromised documents. Tata Technologies has yet to release an update regarding the breach or respond to the hackers’ claims. 

BleepingComputer, a cybersecurity news platform, attempted to contact the company for a statement but did not receive an immediate response. Hunters International emerged in late 2023, suspected to be a rebranded version of the Hive ransomware group. Since then, it has carried out multiple high-profile attacks, including breaches of Austal USA, a U.S. Navy contractor, and Japanese optics company Hoya. 

The group has gained notoriety for targeting various organizations without ethical restraint, even engaging in extortion schemes against individuals, such as cancer patients from Fred Hutchinson Cancer Center. Although many of the gang’s claims have been verified, some remain disputed. For example, in August 2024, the U.S. Marshals Service denied that its systems had been compromised, despite Hunters International’s assertions.  

With cybercriminals continuing to exploit vulnerabilities, the Tata Technologies breach serves as another reminder of the persistent and evolving threats posed by ransomware groups.
Read more »
Ransomware group
Cyber Attacks Data Leak data security Genea Healthcare Breach Patient Data Ransomware attack Ransomware group

Genea Cyberattack: Termite Ransomware Leaks Sensitive Patient Data

 

One of Australia’s leading fertility providers, Genea Pty Ltd, has been targeted in a cyberattack allegedly carried out by the Termite ransomware group. On February 26, 2025, the group claimed responsibility for breaching Genea’s systems and stated that they had stolen 700GB of data from 27 company servers. The stolen information reportedly includes financial documents, invoices, medical records, personal identification data, and detailed patient questionnaires. 

Among these files are Protected Health Information (PHI), which contains personal medical histories and sensitive patient details. The cyberattack was first confirmed by Genea on February 19, 2025, when the company disclosed that its network had been compromised. The breach caused system outages and disrupted operations, leading to an internal investigation supported by cybersecurity experts. Genea moved quickly to assess the extent of the damage and reassure patients that the incident was being addressed with urgency. 

In an update released on February 24, 2025, the company acknowledged that unauthorized access had been detected within its patient management systems. By February 26, 2025, Genea confirmed that some of the stolen data had been leaked online by the attackers. In a public statement, the company expressed deep regret over the breach, acknowledging the distress it may have caused its patients. In response, Genea took immediate legal action by securing a court-ordered injunction to prevent further distribution or use of the stolen information. 

This measure was part of the company’s broader effort to protect affected individuals and limit the potential damage caused by the breach. To assist those impacted, Genea partnered with IDCARE, Australia’s national identity and cyber support service. Affected individuals were encouraged to seek help and take necessary steps to safeguard their personal information. The company urged patients to remain alert for potential fraud or identity theft attempts, particularly unsolicited emails, phone calls, or messages requesting personal details.  

The attack was initially detected on February 14, 2025, when suspicious activity was observed within Genea’s network. Upon further investigation, it was revealed that unauthorized access had occurred, and patient data had been compromised. The attackers reportedly targeted Genea’s patient management system, gaining entry to folders containing sensitive information. The exposed data includes full names, contact details, medical histories, treatment records, Medicare card numbers, and private health insurance information. 

However, as of the latest update, there was no evidence that financial data, such as bank account details or credit card numbers, had been accessed. Despite the severity of the breach, Genea assured patients that its medical and administrative teams were working tirelessly to restore affected systems and minimize disruptions to fertility services. Ensuring continuity of patient care remained a top priority while the company simultaneously focused on strengthening security measures to prevent further incidents. 

In response to the breach, Genea has been collaborating with the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) to investigate the full extent of the attack. The company is committed to keeping affected individuals informed and taking all necessary precautions to enhance its cybersecurity framework. Patients were advised to monitor their accounts and report any suspicious activity to authorities. 

As a precaution, Genea recommended that affected individuals follow security guidelines issued by official government agencies such as the Australian Cyber Security Centre and the ACCC’s Scamwatch. For those concerned about identity theft, IDCARE’s experts were made available to provide support and guidance on mitigating risks associated with cybercrime. The incident has highlighted the growing risks faced by healthcare providers and the importance of implementing stronger security measures to protect patient data.
Read more »
Ransomware attack
cyber attack Cybersecurity Breach Data Breach data security Lee Enterprises newspaper hack Ransomware attack

Lee Enterprises Confirms Ransomware Attack Impacting 75+ Publications

 

Lee Enterprises, a major newspaper publisher and the parent company of The Press of Atlantic City, has confirmed a ransomware attack that disrupted operations across at least 75 publications. The cybersecurity breach caused widespread outages, impacting the distribution of printed newspapers, subscription services, and internal business operations.

The attack, first disclosed to the Securities and Exchange Commission (SEC) on February 3, led to significant technology failures, affecting essential business functions. In an official update to the SEC, Lee Enterprises reported that hackers gained access to its network, encrypted key applications, and extracted files—common tactics associated with ransomware incidents.

As a result of the attack, the company's ability to deliver newspapers, process billing and collections, and manage vendor payments was severely affected. “The incident impacted the Company’s operations, including distribution of products, billing, collections, and vendor payments,” Lee Enterprises stated in its SEC filing.

With a vast portfolio of 350 weekly and specialty publications spanning 25 states, Lee Enterprises is now conducting a forensic investigation to assess the extent of the data breach. The company aims to determine whether hackers accessed personal or sensitive information belonging to subscribers, employees, or business partners.

By February 12, the company had successfully restored distribution for its core publications. However, weekly and ancillary publications are still facing disruptions, accounting for approximately five percent of the company's total operating revenue. While recovery efforts are underway, full restoration of all affected services is expected to take several weeks.

Cybersecurity experts have warned that ransomware attacks targeting media organizations can have severe consequences, including financial losses, reputational damage, and compromised data security. The increasing frequency of such incidents highlights the urgent need for media companies to strengthen their cybersecurity defenses against evolving cyber threats.

Growing Cybersecurity Threats in the Media Industry


The publishing industry has become an attractive target for cybercriminals due to its reliance on digital infrastructure for content distribution, subscription management, and advertising revenue. Recent high-profile cyberattacks on media organizations have demonstrated the vulnerability of traditional and digital publishing operations.

While Lee Enterprises has not yet disclosed whether a ransom demand was made, ransomware attacks typically involve hackers encrypting critical data and demanding payment for its release. Cybersecurity experts caution against paying ransoms, as it does not guarantee full data recovery and may encourage further attacks.

As Lee Enterprises continues its recovery process, the company is expected to implement stronger cybersecurity measures to prevent future breaches. The incident serves as a reminder for organizations across the media sector to enhance their security protocols, conduct regular system audits, and invest in advanced threat detection technologies.
Read more »
Ransomware attack
Amsterdam cybercrime investigation Black Basta Cyber Threats Cybersecurity Data Breach Hacking phishing Ransomware Ransomware attack

Internal Chat Logs of Black Basta Ransomware Gang Leaked Online

 

A previously unidentified source has leaked what is claimed to be an archive of internal Matrix chat logs linked to the Black Basta ransomware group. The individual behind the leak, known as ExploitWhispers, initially uploaded the stolen messages to the MEGA file-sharing platform, which has since taken them down. However, they have now made the archive available through a dedicated Telegram channel.

It remains uncertain whether ExploitWhispers is a cybersecurity researcher who infiltrated the group's internal chat server or a discontented member of the operation. While no specific reason was provided for the leak, cybersecurity intelligence firm PRODAFT suggested that it could be a direct consequence of the ransomware gang’s alleged attacks on Russian banks.

"As part of our continuous monitoring, we've observed that BLACKBASTA (Vengeful Mantis) has been mostly inactive since the start of the year due to internal conflicts. Some of its operators scammed victims by collecting ransom payments without providing functional decryptors," PRODAFT stated.

"On February 11, 2025, a major leak exposed BLACKBASTA's internal Matrix chat logs. The leaker claimed they released the data because the group was targeting Russian banks. This leak closely resembles the previous Conti leaks."

The leaked archive contains internal chat messages exchanged between September 18, 2023, and September 28, 2024. A review conducted by BleepingComputer reveals that the messages encompass a broad range of sensitive information, including phishing templates, email addresses for targeting, cryptocurrency wallets, data dumps, victims' login credentials, and confirmations of previously reported attack strategies.

Additionally, the leaked records contain 367 unique ZoomInfo links, potentially reflecting the number of organizations targeted during the specified timeframe. Ransomware groups frequently use ZoomInfo to gather intelligence on their targets, either internally or for negotiations with victims.

ExploitWhispers also disclosed information about key Black Basta members, identifying Lapa as an administrator, Cortes as a threat actor connected to the Qakbot malware group, and YY as the primary administrator. Another individual, referred to as Trump (also known as GG and AA), is believed to be Oleg Nefedov, who is suspected of leading the operation.

Black Basta operates as a Ransomware-as-a-Service (RaaS) group, first emerging in April 2022. The gang has targeted several high-profile organizations across various industries, including healthcare, government contractors, and major corporations.

Notable victims include German defense contractor Rheinmetall, Hyundai's European division, BT Group (formerly British Telecom), U.S. healthcare provider Ascension, government contractor ABB, the American Dental Association, U.K. tech outsourcing firm Capita, the Toronto Public Library, and Yellow Pages Canada.

A joint report from CISA and the FBI, published in May 2024, revealed that Black Basta affiliates compromised more than 500 organizations between April 2022 and May 2024.

Research from Corvus Insurance and Elliptic estimates that the ransomware gang collected approximately $100 million in ransom payments from over 90 victims by November 2023.

This incident bears similarities to the February 2022 data breach involving the Russian-based Conti cybercrime syndicate. At that time, a Ukrainian security researcher leaked over 170,000 internal chat messages and the source code for the Conti ransomware encryptor, following the group's public support for Russia amid the Ukraine conflict.
Read more »
Ransomwares
Cyber Attacks Cybersecurity data security Media Industry News Corporation Ransomware attack Ransomwares

Lee Enterprises Faces Prolonged Ransomware Attack Disrupting Newspaper Operations

 

Lee Enterprises, one of the largest newspaper publishers in the United States, is facing an ongoing ransomware attack that has severely disrupted its operations for over three weeks. The company confirmed the attack in a filing with the U.S. Securities and Exchange Commission (SEC), revealing that hackers illegally accessed its network, encrypted critical applications, and exfiltrated certain files. 

The publishing giant is now conducting a forensic investigation to determine whether sensitive or personal data was stolen. The attack has had widespread consequences across Lee’s business, affecting essential operations such as billing, collections, vendor payments, and the distribution of print newspapers. Many of its 72 publications have experienced significant delays, with some print editions not being published at all. 

The Winston-Salem Journal in North Carolina reported that it was unable to print several editions, while the Albany Democrat-Herald and Corvallis Gazette-Times in Oregon faced similar disruptions, preventing the release of at least two editions. Digital services have also been affected. On February 3, Lee Enterprises notified affected media outlets that one of its data centers, which supports applications and services for both the company and its customers, had gone offline. 

This outage has prevented subscribers from logging into their accounts and accessing key business applications. Several Lee-owned newspaper websites now display maintenance messages, warning readers that subscription services and digital editions may be temporarily unavailable. The full impact of the attack is still being assessed, but Lee has acknowledged that the incident is “reasonably likely” to have a material financial impact. With print and digital disruptions continuing, the company faces potential revenue losses from advertising, subscription cancellations, and operational delays. 

Law enforcement has been notified, though the company has not disclosed details about the perpetrators or whether it is considering paying a ransom. Ransomware attacks typically involve cybercriminals encrypting a company’s data and demanding payment in exchange for its release. If Lee refuses to negotiate, it may take weeks or months to fully restore its systems. 

Cyberattacks targeting media organizations have become increasingly common, as newspapers and digital publications rely on complex networks that can be vulnerable to security breaches. The Freedom of the Press Foundation is currently tracking the scope of the attack and compiling a list of affected newspapers. For now, Lee Enterprises continues its recovery efforts while its newspapers work to restore regular operations. 

Until the attack is fully resolved, readers, advertisers, and employees may continue to face disruptions across print and digital platforms. The incident highlights the growing threat of ransomware attacks on critical infrastructure and the challenges companies face in securing their networks against cyber threats.
Read more »
Ransomware attack
Attack on NYBC cyber attack Cyber Attacks News NYBC Ransomware attack

Ransomware Attack Disrupts New York Blood Center Operations Amid Critical Shortage

 

The New York Blood Center (NYBC), a major provider of blood products and transfusion services in the U.S., suffered a ransomware attack on Sunday, leading to operational disruptions and the cancellation of some donor appointments. 

The cyberattack comes at a time when the center is already struggling with a significant drop in blood donations, further straining supply levels. 

NYBC, which collects approximately 4,000 units of blood daily and supports over 500 hospitals across multiple states, detected the security breach over the weekend of January 26. 
After noticing unusual activity within its IT systems, the organization swiftly enlisted cybersecurity experts to investigate. Their findings confirmed that ransomware was responsible for the disruption. 

In response, NYBC took immediate measures to contain the attack, including temporarily shutting down certain systems while working toward a secure restoration. Despite the ongoing challenges, the organization continues to accept blood donations but warned that some appointments may need to be rescheduled. 

The attack comes just days after NYBC issued a blood emergency following a dramatic 30% decline in donations, resulting in 6,500 fewer units collected and severely impacting regional blood supplies. At this time, it remains unclear whether the attackers accessed or stole sensitive donor information. No ransomware group has claimed responsibility yet.

As NYBC works to restore its systems, it is urging donors to continue making appointments to help address the ongoing blood shortage and ensure hospitals receive the critical supplies they need.
Read more »
Ransomwares
Cyber Attacks IT Companies IT Service NSE Ransomware attack Ransomwares

Tata Technologies Hit by Ransomware Attack: IT Services Temporarily Suspended

 

Tata Technologies, a multinational engineering firm and subsidiary of Tata Motors, recently experienced a ransomware attack that led to the temporary suspension of certain IT services. The company promptly launched an investigation into the incident and assured stakeholders that its operations remained unaffected. In a statement to Recorded Future News, Tata Technologies confirmed the cyberattack but refrained from sharing specifics, including the identity of the ransomware gang responsible, the divisions impacted, or whether any sensitive data was compromised.

On Friday, Tata Technologies filed an official report with the National Stock Exchange of India (NSE), confirming that only a few IT assets were affected. The company stated that it had taken precautionary measures by temporarily suspending some IT services, which have since been restored. Despite the attack, Tata Technologies emphasized that its client delivery services continued without interruption. As of now, no ransomware group has publicly claimed responsibility for the attack.

Implications of the Attack

Ransomware attacks often involve data exfiltration, raising concerns about the potential exposure of sensitive corporate or customer information. Cybercriminal gangs typically take credit for breaches to pressure organizations into paying ransoms, but in this case, there has been no such acknowledgment. Tata Technologies specializes in providing engineering services to industries such as automotive, aerospace, and industrial manufacturing. Operating in 27 countries, the company plays a critical role in supporting the global automotive sector with advanced digital solutions.

In its latest financial report, Tata Technologies reported a revenue of $156.6 million in the last quarter, underscoring its significant market presence. This incident is not the first time a Tata Group company has faced cybersecurity challenges. In 2022, Tata Power, a major energy subsidiary, reported a cyberattack that affected parts of its IT infrastructure. That breach raised concerns about the cybersecurity preparedness of Tata Group companies, given their extensive global operations and reliance on digital technologies.

Growing Cybersecurity Risks for Multinational Corporations

The attack on Tata Technologies highlights the increasing cybersecurity risks faced by multinational corporations. Ransomware groups continue to target high-value organizations, exploiting vulnerabilities in IT systems to disrupt operations and steal sensitive data. While Tata Technologies has managed to maintain business continuity, the incident serves as a reminder of the importance of robust cybersecurity measures.

Organizations facing ransomware threats typically invest in enhanced security protocols, such as:

  1. Regular System Updates: Ensuring that all software and systems are up-to-date to patch known vulnerabilities.
  2. Multi-Factor Authentication (MFA): Adding an extra layer of security to prevent unauthorized access.
  3. Employee Cybersecurity Training: Educating staff on recognizing phishing attempts and other common attack vectors.

Additionally, cybersecurity experts recommend that companies establish comprehensive incident response plans to mitigate the impact of potential cyberattacks. These plans should include steps for identifying, containing, and recovering from breaches, as well as communication strategies to keep stakeholders informed.

The ransomware attack on Tata Technologies underscores the growing threat of cyberattacks targeting multinational corporations. While the company has managed to restore its IT services and maintain business continuity, the incident highlights the need for proactive cybersecurity measures. As Tata Technologies continues its investigation, further details may emerge regarding the extent of the attack and any measures being taken to prevent future incidents. In an era of escalating cyber threats, organizations must remain vigilant and invest in robust security frameworks to protect their operations and sensitive data.

Read more »
SEC filing
Data Breach Data Theft ENGlobal Ransomware attack SEC filing

ENGlobal Corporation Hit by Ransomware Attack: Sensitive Data Exposed

 

ENGlobal Corporation, a prominent contractor in the energy sector, has disclosed that a ransomware attack in November 2024 led to the exposure of sensitive personal data. The incident, which occurred on November 25, forced the company to take certain systems offline as a containment measure, limiting access to only critical business processes.

Details of the Attack and Response

In early December, ENGlobal reported the incident to the U.S. Securities and Exchange Commission (SEC), stating that some data on its systems had been encrypted during the attack. However, at the time, the company did not confirm whether any data had been stolen. In a subsequent regulatory filing, ENGlobal revealed that the attackers had indeed accessed sensitive personal information stored on its systems, though it did not provide specific details about the nature or scope of the breach. 

“The cybersecurity incident involved the threat actor’s access to a portion of the company’s IT system that contained sensitive personal information. The company intends to provide notifications to affected and potentially affected parties and applicable regulatory agencies as required by federal and state law,” ENGlobal stated.

ENGlobal assured stakeholders that the threat actor had been removed from its network and that all systems had been fully restored. The company also confirmed that its business operations and functions have resumed as usual. However, the attack significantly disrupted the company’s operations for approximately six weeks, limiting access to critical business applications, including financial and operating reporting systems.

Despite the disruption, ENGlobal stated that the incident is not expected to have a material impact on its financial position or operational results. The company emphasized its commitment to notifying affected individuals and regulatory agencies in compliance with federal and state laws.

The Growing Threat of Ransomware and Mitigation Strategies

The ENGlobal incident highlights the escalating threat of ransomware attacks, particularly against critical infrastructure and energy sector companies. Ransomware attacks not only disrupt operations but also expose sensitive data, putting individuals and organizations at risk of identity theft, financial fraud, and other cybercrimes.

To mitigate such risks, cybersecurity experts recommend the following measures:

  1. Regular Backups: Maintain frequent and secure backups of critical data to ensure quick recovery in case of an attack.
  2. Employee Training: Educate employees on recognizing phishing attempts and other common attack vectors.
  3. Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security to accounts and systems.
  4. Incident Response Plan: Develop and regularly update an incident response plan to ensure a swift and effective response to cyberattacks.
  5. Network Segmentation: Divide networks into smaller segments to limit the spread of ransomware in case of a breach.

As of now, no known ransomware group has claimed responsibility for the attack, and ENGlobal has not disclosed any information about the threat actor behind the incident. This lack of attribution is not uncommon in ransomware cases, as attackers often operate anonymously to avoid legal repercussions.

The ransomware attack on ENGlobal Corporation serves as a stark reminder of the vulnerabilities faced by organizations in the energy sector and beyond. While the company has managed to restore its systems and resume operations, the incident underscores the importance of robust cybersecurity measures and proactive threat mitigation strategies. As ransomware attacks continue to evolve, organizations must remain vigilant and prepared to defend against increasingly sophisticated threats.

Read more »
Subscribe to: Posts (Atom)