Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Rhysida Ransomware. Show all posts
Stolen Data
Bitcoin Cyber Attacks Ransom Attack Rhysida Rhysida Ransomware Rhysida ransomware gang Seattle Seattle Port Stolen Data

Port of Seattle Faces $5.9 Million Ransom Demand in Rhysida Cyberattack

 

The Port of Seattle is confronting a severe cybersecurity crisis as the Rhysida ransomware group demands a ransom of 100 bitcoins (approximately $5.9 million). Rhysida, which has gained notoriety for targeting organizations worldwide, released screenshots of stolen documents, claiming they possess sensitive data such as scanned U.S. passports, Social Security numbers, and tax forms. The group has threatened to sell this data on the dark web if their ransom demands are not met within a week. 

In a joint statement with Seattle-Tacoma International Airport, the Port of Seattle has made it clear they will not pay the ransom, despite threats to publicly release the stolen data. A Port spokesperson emphasized that refusing to comply is part of their firm stance against negotiating with cybercriminals. The extent of the data breach is still under investigation, but Rhysida’s involvement suggests a sophisticated attack that exploited vulnerabilities in the port’s systems. The attack was initially detected on August 24, leading to widespread service disruptions. 

Critical systems were impacted, including baggage handling, check-in kiosks, ticketing, Wi-Fi, and digital display boards, creating significant inconvenience for travelers. The port responded swiftly, isolating affected systems to prevent further breaches. This disruption highlights the real-world consequences of ransomware attacks on essential infrastructure, raising concerns about cybersecurity preparedness in public sectors. Rhysida operates as a ransomware-as-a-service group, enabling other cybercriminals to use its platform for extortion. The group, active since June 2023, has a history of targeting multiple sectors, including government, healthcare, and critical infrastructure, with a focus on the U.S. 

According to cybercrime research platform eCrime.ch, Rhysida has claimed nearly 150 victims since its emergence, demonstrating its rapid growth and effectiveness in breaching high-value targets. The breach at the Port of Seattle emphasizes the growing threat of ransomware attacks on critical infrastructure and serves as a wake-up call for organizations to prioritize cybersecurity measures. Authorities, cybersecurity experts, and the port’s internal IT team are working together to assess the full impact of the attack and develop strategies to restore normal operations. Given the evolving tactics of ransomware groups like Rhysida, this incident underscores the urgent need for comprehensive security strategies and employee training to protect against future breaches. 

In light of this attack, cybersecurity agencies have warned other U.S. ports and critical infrastructure organizations to strengthen their defenses against similar threats. This breach represents a broader trend of ransomware groups targeting critical infrastructure, which, if left unchecked, could have far-reaching implications on national security and economic stability. The Port of Seattle’s refusal to pay the ransom aligns with federal guidelines discouraging negotiations with cybercriminals, but it remains to be seen whether this approach will mitigate the impact of the breach or provoke further retaliation from Rhysida. 

The incident serves as a stark reminder that cybersecurity threats are increasingly sophisticated, requiring organizations to adapt their defense strategies to safeguard sensitive data and operations.
Read more »
Rhysida ransomware gang
Cyber Security Data Leak data security Lawsuits Ransomware attack Ransomwares Rhysida Rhysida Ransomware Rhysida ransomware gang

Columbus Faces Scrutiny for Handling of Ransomware Attack and Lawsuit Against IT Consultant

 

In July, Columbus, Ohio, experienced a ransomware attack, which initially appeared to be a typical breach. However, the city’s unusual response sparked concern among cybersecurity experts and legal professionals. IT consultant David Leroy Ross, also known as Connor Goodwolf, uncovered a significant breach exposing sensitive data from various city databases, including arrest records, domestic violence cases, and personal information. 

This attack, carried out by the Rhysida Group, affected the city, police, and prosecutor’s office, with some databases going back to 1999. Goodwolf, whose expertise involves monitoring dark web activities, discovered that over three terabytes of data had been stolen. Among the exposed data were personal identifiable information, protected health information, and social security numbers. Goodwolf expressed particular concern over the exposure of sensitive information involving minors and domestic violence victims, emphasizing that they were now victimized a second time. 

Despite the serious implications, the city’s response appeared to downplay the breach. At a press conference in mid-August, Columbus Mayor Andrew Ginther claimed that the stolen data was encrypted or corrupted, making it largely unusable. Goodwolf, however, contradicted this statement, revealing that the data he found was intact and usable. When he attempted to notify city officials, he was met with resistance and a lack of cooperation. As a result, Goodwolf turned to the media, which led the city of Columbus to file a lawsuit and secure a temporary restraining order against him. The lawsuit, intended to prevent the further dissemination of sensitive information, raised concerns in the cybersecurity community. 

Legal experts pointed out that such lawsuits against data security researchers are uncommon and could have broader implications. Raymond Ku, a professor of law, noted that lawsuits against researchers typically arise when the disclosure of a vulnerability puts others at risk. However, cybersecurity professionals, such as Kyle Hanslovan, CEO of Huntress, argued that Goodwolf was acting as a responsible researcher. Hanslovan warned that this approach could set a dangerous precedent, silencing individuals who work to expose breaches. The city defended its actions, stating that it sought to prevent the release of confidential information, including undercover police identities. Although the restraining order expired, Columbus continues its civil lawsuit against Goodwolf, seeking up to $25,000 in damages. 

As Columbus works to recover from the attack, the broader implications of its actions toward Goodwolf remain a point of contention. Experts argue that the case highlights the need for a legal framework that balances the protection of sensitive information with the role of security researchers in revealing vulnerabilities. As Columbus strives to position itself as a tech hub, this legal battle could affect its reputation and relationships within the tech industry.
Read more »
Seattle Port
Black hat CISA Cyber Crime Cyberattacks CyberCrime Cybersecurity FBI Medical Breach Ransomware Rhysida Ransomware Seattle Port

Rhysida Ransomware Hits Seattle Port in August Attack

 


As part of its investigation, the Port of Seattle, which operates Seattle-Tacoma International Airport in the city, has determined that the Rhysida ransomware gang is responsible for the cyberattack that allowed it to reach its systems last month, causing travel delays for travellers. There has been a ransomware attack targeting the Port of Seattle as early as Friday, the Port announced in a statement. 

As a result of the attack, which happened on August 24, the Port (which is also responsible for operating Seattle-Tacoma International Airport) announced that "certain system outages have indicated a possibility of a cyberattack." It is important to note that the SEA Airport and its associated facilities remained open after the storm, but passenger displays, Wi-Fi, check-in kiosks, ticketing, baggage, and reserved parking were impacted, as well as the flySEA application and the Port website.

According to a press release that was released on September 13, the Port reported that most of the affected systems had been restored within a week of the attack taking place. As of yet, the Port of Dusseldorf has not been able to relaunch the external website or the internal portals that were offline after securing the impacted systems and finding no signs of additional malicious activity. 

As far as Port systems were concerned, this incident was a "ransomware" attack by Rhysida, a criminal organization that specializes in cybercrime. Since that day, no new unauthorized activity has been conducted on those systems. In a press release, they stressed that it was safe to fly to Seattle-Tacoma International Airport and use the port's maritime facilities. 

During this time, the Port's decision to take systems offline was accompanied by the ransomware gang's encryption of the ones that were not isolated in time, resulting in a series of outages impacting a variety of services and systems, including baggage, check-in kiosks, ticketing, wireless Internet, passenger display boards, the Port of Seattle website, flySEA app, and reservations. 

A ransomware attack believed to have been launched by the Rhysida hacker group can be blamed for encrypting some of the data on the Port's computer systems using the ransomware. It was the result of this encryption and the Port's response to isolate the impacted systems as soon as possible that there were delays at the Sea-Tac Airport with baggage services, check-in kiosks, ticketing, Wi-Fi, displays, the Port's website and the flySEA app having issues. 

The majority of these issues have since been resolved; however, the airport's website and internal portals remain down as of this writing, as stated in an update posted by the Port of Los Angeles. In the wake of the cyber attack at the airport, the Port of Los Angeles is still unsure exactly how much or what kind of data was taken by the attackers, but the Port cannot afford to pay the ransom demand. There are no details about what kind of data have been compromised in the attack; however, the data may likely be of great value due to the sector of the business in which the agency operates. 

There is also another reason that the Port of Seattle is such a hotbed of automation and machine learning technologies, which means it's a goldmine for attackers in terms of data. In the world of ransomware, Rhysida is one of the more well-known gangs, especially for the way they target organizations that run critical systems for which downtime is not an option. 

A hacker group known as the Black Hat Network has in the past targeted healthcare organizations such as the Lurie Children's Hospital and Prospect Medical Holdings as targets. As of May 2024, the number of patients affected by this massive data breach had increased from a few hundred to nearly a million. The company claimed that the Singing River ransomware attack occurred in September 2023.

In addition to educational institutions and the manufacturing industry, the HHS Health Sector Cybersecurity Coordination Center has also reported that the group has targeted the Chilean army, as well as universities and hospitals, according to the report. Health and Human Services (HHS) in the United States has implicated Rhysida in an attack against healthcare organizations in the country. 

As CISA and the FBI made their warnings at the same time, different industries and sectors of society were being targeted by opportunistic attacks by this cybercrime gang at the same time. In November, Rhysida ransomware operators successfully breached Insomniac Games, a subsidiary of Sony, and subsequently leaked 1.67 TB of confidential documents on the dark web. This occurred after the game development studio declined to meet the group’s demand for a $2 million ransom. 

Rhysida's affiliates have also been involved in attacks on several other high-profile organizations. The City of Columbus, Ohio, MarineMax (the world's largest retailer of recreational boats and yachts), and the Singing River Health System have all fallen victim to this ransomware group. In particular, Singing River Health System reported that almost 900,000 individuals were notified of a data breach resulting from an August 2023 ransomware attack, in which sensitive personal information was compromised.
Read more »
Subscribe to: Posts (Atom)