Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ransomware group. Show all posts
Sensitive Data Leak
Cyber Attacks Data Leak data security Data Theft IT Systems Ransomware attack Ransomware group Ransomwares Sensitive Data Leak

Tata Technologies Cyberattack: Hunters International Ransomware Gang Claims Responsibility for 1.4TB Data Theft

 

Hunters International, a ransomware group known for high-profile cyberattacks, has claimed responsibility for a January 2025 cyberattack on Tata Technologies. The group alleges it stole 1.4TB of sensitive data from the company and has issued a threat to release the stolen files if its ransom demands are not met. Tata Technologies, a Pune-based global provider of engineering and digital solutions, reported the cyberattack in January. 

The company, which operates in 27 countries with over 12,500 employees, offers services across the automotive, aerospace, and industrial sectors. At the time of the breach, Tata Technologies confirmed that the attack had caused disruptions to certain IT systems but stated that client delivery services remained unaffected. The company also assured stakeholders that it was actively restoring impacted systems and conducting an internal investigation with cybersecurity experts. 

However, more than a month later, Hunters International listed Tata Technologies on its dark web extortion page, taking responsibility for the attack. The group claims to have exfiltrated 730,000 files, totaling 1.4TB of data. While the ransomware gang has threatened to publish the stolen files within a week if a ransom is not paid, it has not provided any samples or disclosed the nature of the compromised documents. Tata Technologies has yet to release an update regarding the breach or respond to the hackers’ claims. 

BleepingComputer, a cybersecurity news platform, attempted to contact the company for a statement but did not receive an immediate response. Hunters International emerged in late 2023, suspected to be a rebranded version of the Hive ransomware group. Since then, it has carried out multiple high-profile attacks, including breaches of Austal USA, a U.S. Navy contractor, and Japanese optics company Hoya. 

The group has gained notoriety for targeting various organizations without ethical restraint, even engaging in extortion schemes against individuals, such as cancer patients from Fred Hutchinson Cancer Center. Although many of the gang’s claims have been verified, some remain disputed. For example, in August 2024, the U.S. Marshals Service denied that its systems had been compromised, despite Hunters International’s assertions.  

With cybercriminals continuing to exploit vulnerabilities, the Tata Technologies breach serves as another reminder of the persistent and evolving threats posed by ransomware groups.
Read more »
Ransomware group
Cyber Attacks Data Leak data security Genea Healthcare Breach Patient Data Ransomware attack Ransomware group

Genea Cyberattack: Termite Ransomware Leaks Sensitive Patient Data

 

One of Australia’s leading fertility providers, Genea Pty Ltd, has been targeted in a cyberattack allegedly carried out by the Termite ransomware group. On February 26, 2025, the group claimed responsibility for breaching Genea’s systems and stated that they had stolen 700GB of data from 27 company servers. The stolen information reportedly includes financial documents, invoices, medical records, personal identification data, and detailed patient questionnaires. 

Among these files are Protected Health Information (PHI), which contains personal medical histories and sensitive patient details. The cyberattack was first confirmed by Genea on February 19, 2025, when the company disclosed that its network had been compromised. The breach caused system outages and disrupted operations, leading to an internal investigation supported by cybersecurity experts. Genea moved quickly to assess the extent of the damage and reassure patients that the incident was being addressed with urgency. 

In an update released on February 24, 2025, the company acknowledged that unauthorized access had been detected within its patient management systems. By February 26, 2025, Genea confirmed that some of the stolen data had been leaked online by the attackers. In a public statement, the company expressed deep regret over the breach, acknowledging the distress it may have caused its patients. In response, Genea took immediate legal action by securing a court-ordered injunction to prevent further distribution or use of the stolen information. 

This measure was part of the company’s broader effort to protect affected individuals and limit the potential damage caused by the breach. To assist those impacted, Genea partnered with IDCARE, Australia’s national identity and cyber support service. Affected individuals were encouraged to seek help and take necessary steps to safeguard their personal information. The company urged patients to remain alert for potential fraud or identity theft attempts, particularly unsolicited emails, phone calls, or messages requesting personal details.  

The attack was initially detected on February 14, 2025, when suspicious activity was observed within Genea’s network. Upon further investigation, it was revealed that unauthorized access had occurred, and patient data had been compromised. The attackers reportedly targeted Genea’s patient management system, gaining entry to folders containing sensitive information. The exposed data includes full names, contact details, medical histories, treatment records, Medicare card numbers, and private health insurance information. 

However, as of the latest update, there was no evidence that financial data, such as bank account details or credit card numbers, had been accessed. Despite the severity of the breach, Genea assured patients that its medical and administrative teams were working tirelessly to restore affected systems and minimize disruptions to fertility services. Ensuring continuity of patient care remained a top priority while the company simultaneously focused on strengthening security measures to prevent further incidents. 

In response to the breach, Genea has been collaborating with the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) to investigate the full extent of the attack. The company is committed to keeping affected individuals informed and taking all necessary precautions to enhance its cybersecurity framework. Patients were advised to monitor their accounts and report any suspicious activity to authorities. 

As a precaution, Genea recommended that affected individuals follow security guidelines issued by official government agencies such as the Australian Cyber Security Centre and the ACCC’s Scamwatch. For those concerned about identity theft, IDCARE’s experts were made available to provide support and guidance on mitigating risks associated with cybercrime. The incident has highlighted the growing risks faced by healthcare providers and the importance of implementing stronger security measures to protect patient data.
Read more »
sensitive data theft
brain cipher Data Breach Data Theft Deloitte Ransomware attack Ransomware group Ransomwares sensitive data theft

Brain Cipher Ransomware Group Claims Deloitte UK Data Breach

 

Brain Cipher, a ransomware group that emerged in June 2024, has claimed responsibility for breaching Deloitte UK, alleging the exfiltration of over 1 terabyte of sensitive data from the global professional services firm. This claim has raised significant concerns about the cybersecurity defenses of one of the “Big Four” accounting firms. 

Brain Cipher’s Rising Notoriety 
 
Brain Cipher first gained attention earlier this year with its attack on Indonesia’s National Data Center, disrupting operations across more than 200 government agencies, including critical services like immigration and passport control. 

Its growing record of targeting high-profile organizations has heightened concerns over the evolving tactics of ransomware operators. 
 
Details of the Alleged Breach 

According to Brain Cipher, the breach at Deloitte UK revealed critical weaknesses in the company’s cybersecurity defenses. The group claims to have accessed and stolen more than:
  • 1 terabyte of compressed data,
  • Confidential corporate information,
  • Client records, and
  • Sensitive financial details.
Brain Cipher has promised to release detailed evidence of the breach, which reportedly includes:
  • Alleged violations of security protocols,
  • Insights into contractual agreements between Deloitte and its clients, and
  • Information about the firm’s monitoring systems and security tools.
In its statement, Brain Cipher mocked Deloitte’s cybersecurity measures, claiming, “We will show excellent (not) monitoring work and tell what tools we used and use there today.” 

Potential Implications 

If substantiated, the breach could result in:
  • The exposure of sensitive client data,
  • Confidential business information,
  • Financial records, and
  • Severe damage to Deloitte UK’s professional reputation.
Deloitte’s Response 
 
Deloitte UK has not confirmed or denied the breach. However, a company spokesperson issued a statement on December 7, 2024, downplaying the incident: 

"The allegations pertain to a single client’s external system and do not involve Deloitte’s internal network. No Deloitte systems have been impacted." The spokesperson emphasized that the company’s core infrastructure remains secure. 

Ransomware Threats Escalating 
 
Brain Cipher’s ability to target high-profile organizations demonstrates the increasing sophistication of ransomware groups. Their tactics often involve leveraging stolen data to exert pressure on victims, as seen in their apparent invitation for Deloitte representatives to negotiate via corporate email channels. 

Key Takeaways for Organizations 

This incident serves as a critical reminder for organizations to:
  • Implement advanced cybersecurity defenses,
  • Continuously monitor networks,
  • Detect potential breaches early, and
  • Stay ahead of emerging threats.
As the situation unfolds, the cybersecurity community will closely watch Brain Cipher’s next steps, particularly its promised release of evidence. For Deloitte UK and other global organizations, this incident underscores the urgent need for vigilance and robust security measures in an increasingly interconnected digital landscape.
Read more »
Threat Landscape
Cyber Security CyberVolk Ransomware group Threat Landscape

CyberVolk Ransomware: A Rising Threat to Global Cybersecurity

 

The Indian hacker outfit CyberVolk, which is a relatively new player in the cybercrime arena, has made headlines with its sophisticated ransomware. CyberVolk Ransomware, discovered in July 2024, has quickly gained attention for its sophisticated features and quick progress. 

The group's most concerning weapon, ‘CyberVolk Ransomware,’ was recently analysed by ThreatMon and is gaining attention from cybersecurity experts due to its sophisticated capabilities and expanding nature. 

CyberVolk debuted in the shadows of the dark web, where it soon established a reputation through a series of successful attacks. The gang, which specialises in a wide range of cybercrimes such as DDoS assaults, data breaches, and website defacements, is known for its aggressive nature, with official accounts on platforms such as Telegram and X. 

Initially, CyberVolk Ransomware encrypted victims' files using the AES method. However, a VirusTotal leak exposed the ransomware's internal workings, leading the attackers to create a far more sophisticated version. This enhanced variant included better cryptographic algorithms like ChaCha20-Poly1305, AES, and even quantum-resistant technology. The changes make it nearly impossible to decrypt without paying the ransom, even for individuals who have quantum computing resources. 

ThreatMon's technical review of CyberVolk Ransomware uncovers numerous unique and concerning features. For example, when executed, the ransomware disables access to vital system utilities such as Task Manager, preventing users from terminating the encryption process. The ransomware encrypts entire data in minutes before approaching the victim with a $1,000 ransom demand. Victims are also given a strict deadline: failure to pay within five hours would result in the permanent loss of their data. 

Previous reports said that CyberVolk Ransomware only brought in $2,632, but in the last few months, their earnings have increased dramatically. According to ThreatMon, the group has made over $20,000 through ransomware assaults, indicating an alarming rise in the financial impact of its operations. 

The ransomware outfit poses a serious threat to both individuals and enterprises. It is an imminent threat because of its capacity to proliferate like a worm and its advanced evasion and encryption methods. However, the presence of vulnerabilities in its structure offers hope for effective countermeasures. 

To mitigate the threat of ransomware attacks, cybersecurity specialists suggest regular software updates, robust backup strategies, and cybersecurity hygiene education for employees.
Read more »
US Court
Cyber Crime DOJ Extortion Group Ransomware group US Authorities US Court

US Authorities Charge Alleged Key Member of Russian Karakurt Ransomware Outfit

 

The U.S. Department of Justice (DOJ) released a statement this week charging a member of a Russian cybercrime group with financial fraud, extortion, and money laundering in a U.S. court. The 33-year-old Moscow-based Latvian national Deniss Zolotarjovs was extradited to the United States earlier this month after being detained by Georgian authorities in December 2023.

Court records indicate that Zolotarjovs is linked with the ransomware outfit Karakurt, which exfiltrates victim data and holds it hostage until a cryptocurrency ransom is paid. The gang runs an auction portal and leak site where they identify the victim companies and allow users to download stolen data. The group has demanded ransom in Bitcoin ranging from $25,000 to $13 million. 

Previous findings suggest that Karakurt was related to the now-defunct ransomware gang Conti. Researchers believe Karakurt was a side project of the group behind Conti, allowing them to monetise data stolen during attacks when organisations were able to halt the ransomware encryption process. Zolotarjovs allegedly used the alias "Sforza_cesarini" and was an active member of Karakurt. 

He is suspected of engaging with other members, laundering cryptocurrency, and exploiting the group's victims. According to the DOJ, he is the first alleged member of the organisation to be arrested and extradited to the United States. According to court records, Zolotarjovs is involved in attacks on at least six undisclosed US companies. 

Karakurt stole "a large volume of private client data" in one attack in 2021, which included lab results, medical information, Social Security numbers that matched names, addresses, dates of birth, and home addresses. The company negotiated a ransom payment of $250,000 down from Karakurt's initial demand of about $650,000. 

In addition to carrying out open-source research to find phone numbers, emails, or other accounts through which victims could be contacted and pressured to either pay a ransom or re-enter a chat with the ransomware group, Zolotarjovs was probably in charge of negotiating Karakurt's "cold case extortions." 

“Some of the chats indicated that Sforza’s efforts to revive cold cases were successful in extracting ransom payments,” court documents noted.
Read more »
ransomware tactics
Cyber Extortion Cyber Threats Cybersecurity data exfiltration. logistics industry LukaLocker ransomware Malware attacks manufacturing sector phone call intimidation Ransomware group ransomware tactics

This New Ransomware Group Uses Phone Calls to Pressure Victims

 



Researchers have identified a new ransomware group called Volcano Demon, responsible for at least two successful attacks in the past two weeks. Tim West, an analyst at cybersecurity firm Halcyon, revealed that the group targeted companies in the manufacturing and logistics industries. However, further details about the targets were not disclosed.

Unlike typical ransomware groups, Volcano Demon does not have a public leaks website. Instead, they use phone calls to intimidate and negotiate payments with leadership at the victim organizations. These calls, often threatening, originate from unidentified numbers.

Before making the calls, the hackers encrypt files on the victims' systems using previously unknown LukaLocker ransomware and leave a ransom note. The note threatens to inform clients and partners about the attack and sell data to scammers if the ransom is not paid.

Volcano Demon uses a double extortion technique, exfiltrating data to command-and-control (C2) services before encrypting it. They successfully locked Windows workstations and servers by exploiting common administrative credentials from the network. Tracking Volcano Demon has proven difficult due to their practice of clearing log files on targeted machines, which hampers comprehensive forensic evaluation.

West mentioned that the hackers, who spoke with a heavy accent, call very frequently, almost daily in some cases. However, the origin of the callers remains unclear as no recordings are available.

It is uncertain whether Volcano Demon operates independently or as an affiliate of a known ransomware group. Halcyon has not yet identified any such links.

Ransomware operators continue to evolve, with new threat actors emerging and targeting various industries. In May 2024, researchers identified a criminal gang named Arcus Media, operating a ransomware-as-a-service model and targeting victims in the U.S., U.K., India, and Brazil. Another group, Space Bears, appeared in April, quickly gaining notoriety for their corporate-themed data leak site and affiliations with the Phobos ransomware-as-a-service group. Researchers suggest that these groups may be more organized and funded than previously anticipated.
Read more »
SpaceX
Data Breach Data Leak Ransomware group SpaceX

SpaceX Data Breach: Hunters International Publishes Alleged Stolen Data

 

Elon Musk's aerospace manufacturing and space transport services firm, SpaceX, is believed to have experienced a cybersecurity incident involving a data breach with Hunters International, an infamous hacker group that allegedly released samples of the SpaceX data breach.

The data breach at SpaceX seems to have compromised relatively old data, and Hunters International is using name-dropping as a way of extortion. Interestingly, SpaceX experienced a prior data breach in early 2023 that was linked to the LockBit ransomware group, using the identical samples. 

The hacker group shared samples and databases allegedly related to SpaceX, including access to 149.9 GB of data. This database, which was originally linked to the initial SpaceX data breach prompted by LockBit, was traced back to a third-party source in SpaceX's supply chain, specifically a manufacturing contractor in Texas. 

LockBit allegedly took control of 3,000 drawings or schematics confirmed by SpaceX engineers after compromising the vendor's systems.

In March 2023, the LockBit Ransomware group breached a third-party manufacturing contractor in Texas, which was part of SpaceX's supply chain, taking 3,000 authorised drawings and schematics developed by SpaceX engineers. 

LockBit wrote SpaceX CEO Elon Musk directly, threatening to sell the stolen designs if the ransom was not paid within a week. The gang's brazen approach was intended to profit from the sensitive data, regardless of the vendor's response. Despite fears about compromised national security and the possibility of identity theft, SpaceX hasn't confirmed the hack, leaving the claims unresolved.

This breach, along with the reemergence of published data from previous instances, emphasises the ongoing threat of cyberattacks on critical infrastructure. It highlights the critical necessity for strong cybersecurity measures to protect against such breaches, as the consequences go beyond financial loss and have broader security concerns.

The return of data from last year's SpaceX data breach has raised serious concerns. This recurrence jeopardises millions of people's personal and financial security, putting them at risk of identity theft and fraud. Notably, despite the breach being first reported last year and now resurfacing, SpaceX has yet to confirm the incident, making the claims unconfirmed.
Read more »
Ransomware group
Cyber Attacks DragonForce DragonForce Ransomware Group Ohio Lottery Ransomware attack Ransomware group

DragonForce Ransomware Gang Prompts Ohio Lottery to Shut Down


On 25 December 2023, the Ohio Lottery faced a major cyberattack, as a result, they had to shut down some crucial systems related to the undisclosed internal application. 

The threat actors behind the breach are the DragonForce ransomware group. 

While the investigation in regards to the breach is ongoing, the company confirms to its customers that its gaming systems are fully functional. The gaming system is still operational, although some services have suffered. At Super Retailers, prize cashing above $599 and mobile cashing are temporarily unavailable. 

The winning numbers for the KENO, Lucky One, and EZPLAY Progressive Jackpots can be found at any Ohio Lottery Retailer; they are unavailable on the internet or mobile app.

In its press release, the lottery states: "On December 24, 2023, the Ohio Lottery experienced a cybersecurity incident impacting some of its internal applications and immediately began work to mitigate the issue. The state's internal investigation is ongoing. We apologize for the inconvenience and are working as quickly as possible to restore all services."

What must the Customers do?

The company has requested customers to check the Ohio Lottery website and mobile app for winning numbers at this time.  WKYC informs that prizes up to $599 can be claimed at any Ohio Lottery Retailer, while prizes over $600 need to be sent by mail to the Ohio Lottery Central Office or using the online claim form. 

Ransomware Gang Claims Responsibility

While Ohio Lottery did not confirm who was behind the cyberattack, a ransomware group called DragonForce claimed responsibility. 

According to a report by BleepingComputer, the threat group claims that they have encrypted devices and accessed sensitive data like Social Security Numbers and the date of birth of affected customers. 

According to the DragonForce gang, over 3,000,000 lottery customers' names, addresses, emails, winning amounts, Social Security numbers, and dates of birth are among the data that have been hacked. The weight of the released data—more than 600 gigabytes—raises questions regarding the scope of the hack. 

DragonForce: A New Competitor in the Ransomware Arena

Despite being a relatively young ransomware gang, the DragonForce gang's methods and data leak website suggest a rather experienced extortion organization. As law enforcement steps up their efforts to combat ransomware activities, new organizations like DragonForce are coming into action, which raises the issue of rebranding within the threat landscape. 

In a similar case, the official Facebook page of the Philippines lottery system was recently hacked by anonymous hackers. The witnesses reported that threat actors were apparently spamming the website page with nude photos. This prompted the Philippine Charity Sweepstakes Office (PSCO) to shut down the page for the time being, during which the Cybercrime Investigation and Coordinating Center (CICC) will conduct its investigation.   

Read more »
Subscribe to: Posts (Atom)