Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Victim. Show all posts
Victim
Cyber Security Cybersecurity Data Breach Encryption Extortion Healthcare HHS Ransomware Ransomware attack Trinity Victim

New Trinity Ransomware Strain Targets U.S. Healthcare, Federal Officials Warn

 

A new ransomware strain, known as Trinity, has reportedly compromised at least one healthcare organization in the U.S., according to a recent report from federal authorities.

The U.S. Department of Health and Human Services (HHS) issued a warning on Friday, alerting hospitals about the serious threat posed by the ransomware group. They highlighted that Trinity’s methods make it a "notable risk" to both the U.S. healthcare and public health sectors.

HHS's Health Sector Cybersecurity Coordination Center confirmed that one U.S. healthcare entity has recently fallen victim to the Trinity ransomware, which was first detected around May 2024.

To date, seven victims of Trinity ransomware have been identified, including two healthcare providers—one in the U.K. and another in the U.S. The latter, a gastroenterology services provider, lost 330 GB of data. While the facility remains unnamed, it has been listed on Trinity’s data leak site and is currently facing technical disruptions, including limited phone access.

Additionally, researchers have found another case involving a dental group based in New Jersey.

HHS noted similarities between Trinity and two other ransomware groups—2023Lock and Venus—hinting at potential collaboration between these cybercriminals.

Trinity ransomware mirrors other known operations by exploiting common vulnerabilities to extract data and extort victims.

After installation, the ransomware gathers system information, such as available processors and drives, to escalate its attack. Operators then scan for weaknesses to spread the ransomware within the network.

The files encrypted by the attack are marked with the “trinitylock” extension, and victims receive a ransom note demanding payment within 24 hours, with threats of data exposure if they fail to comply.

At present, there is no available decryption tool for Trinity, leaving victims with few options, according to the HHS advisory.

The attackers operate two websites: one to assist those who pay the ransom with decryption, and another that displays stolen data to extort victims further.

Federal officials have discovered code similarities between the Trinity and Venus ransomware strains, noting identical encryption methods and naming schemes, which suggest a close link between them. Trinity also shares features with 2023Lock, including identical ransom notes and code, implying it could be an updated variant.

Cybersecurity researchers have also pointed out that Trinity may be a rebranded version of both Venus and 2023Lock. According to Allan Liska of Recorded Future, Trinity is "not a highly advanced strain of ransomware," and the attackers do not appear particularly sophisticated.

HHS emphasized that the potential collaboration between these threat actors could enhance the complexity and impact of future ransomware attacks.

Previous HHS warnings have covered other ransomware groups such as Royal, Cuba, Venus, Lorenz, and Hive.

Despite heightened law enforcement efforts, ransomware attacks persist, with operations continuing to generate significant revenue—approximately $450 million in the first half of 2024 alone.

The healthcare sector has been particularly affected by these attacks, causing severe disruptions. Just last week, a Texas hospital, the only level 1 trauma center in a 400-mile radius, had to reduce services and turn away ambulances due to a ransomware incident.

As of Friday, the hospital reported restored phone services, with only a limited number of ambulances being redirected to other facilities.
Read more »
Victim
bank account Cyber Fraud FBI warning Financial crime Identity Theft loss Phone Scam Security Breach Sim-swapping scam Victim

Phone Scam Siphons Over $200,000 from Bank Account Holder

A bank account holder recounts losing over $200,000 due to phone accessibility issues. Heidi Diamond became a victim of a cyber scam known as sim-swapping, resulting in the depletion of her bank account. Sim-swapping involves fraudsters deceiving cell phone companies by assuming someone else's identity, enabling them to access personal information and manipulate phone services.

The fraudulent tactic begins with perpetrators obtaining personal details online and contacting phone service providers, claiming the loss or theft of the targeted individual's device. Once convincing the company of ownership, they activate the phone using the victim's SIM card, thereby gaining control over the device and its data. This renders the original owner's SIM card and phone inactive.

Diamond said this factor made the ordeal particularly tedious,  according to InvestigateTV. “It was such a panic that you know that something was so out of your control,” she said.

Sim-swapping circumvents typical security measures such as two-factor authentication, allowing criminals to breach sensitive accounts like bank accounts. Despite her bank reimbursing the stolen funds, Diamond remains dissatisfied with the lack of apprehension of the perpetrators, expressing a desire for justice.

Acknowledging the increasing prevalence of sim-swapping, the FBI has cautioned the public about its risks. Many remain unaware of this form of fraud, unlike more commonly recognized scams. The FBI disclosed that sim-swapping has resulted in a staggering $141 million in losses thus far.

Echoing Diamond's plight, other victims have shared their harrowing experiences, including Sharon Hussey, who lost $17,000 despite having robust security measures in place. Hussey received an unauthorized purchase confirmation from Verizon before her funds vanished, underscoring the severity and sophistication of sim-swapping attacks.
Read more »
Victim
Court Data Breach Data Breaches Settlement User Data User Security Victim

OPM Data Breach: Federal Judge Finalizes $63 Million Settlement for 2015 Data Breach Case Victims

 

On October 14, a federal judge granted the final approval for a $63 million settlement in regard to the 2015 Office of Personnel Management (OPM) data breach, bringing an end to the seven-year-long lawsuit over one of the biggest publicly known and reported security failures by the Federal government. 
 
U.S. district judge Amy Berman Jackson gave approval for the settlement to proceed in a fairness hearing, held at the U.S District Court for the District of Columbia. The judge described the approved terms to be “fair, reasonable, and adequate, and in the best interest of named and class members.” 
 

OPM Data Breach, 2015 

 
The United States Office of Personnel Management (OPM) in June 2015 confirmed it has experienced a series of data breaches targeting personnel records. 
 
Reportedly, about 22.1 million personal records were affected in the breach, including those pertaining to government employees, other individuals who had undergone background checks, and their family and friends. 
 
The data breach is considered one of the largest breaches of government data in U.S. history. The information accessed unlawfully included personally identifiable information (PII) of victims, including their names, dates, place of birth, residential addresses, and Social Security numbers.  
 
The cyber attack was carried out by state-sponsored threat actors working for the Chinese government. 
 

Terms of the settlement 

 
Prospective participants will still have until December 23 to join the lawsuit, after the final fairness hearing, following which the validity of each claim will be accessed.  
 
Furthermore, payouts to the claimants are expected to take place in the first or second quarter of next year, assuming there are no appeals. 
 
In accordance with the settlement terms, the prospective claimant is entitled to a minimum of $700 per claim, and a maximum of $10,000 per claim.  
 
As per Everett Kelley, national president of the American Federation of Government Employees and a plaintiff in the lawsuit, the court ruling was a “significant victory for rank-and-file federal employees.” 
 
“We look forward to continuing to educate our members whose personal information was compromised in this data breach about how they can take part in this settlement and receive the compensation they are due under the law,” Kelley said.
Read more »
Victim
Cyber Fraud data security Hackers Information phishing Security Victim

Hackers Target National Portal of India Via ‘Unprecedented’ Phishing Method

 

On Thursday, cyber-security experts announced the discovery of an "unprecedented, sophisticated" phishing method that has been extorting people from official websites worldwide, including the Indian government's portal https://india.gov.in. 

According to AI-driven cyber-security startup CloudSEK, threat actors have been targeting the Indian government's webpage by using a fake URL to deceive users into entering sensitive information such as credit card numbers, expiration months, and CVV codes. 

In a most advanced phishing technique known as Browser-in-the-Browser (BitB) attack, hackers imitate the browser window of the Indian government website, most typically SSO (single sign-on) pages, with a unique login. BitB attacks impersonate reputable websites in order to steal user passwords and other sensitive data such as personally identifying information (PII). The new URL that emerges as a result of the BitB attack looks to be legitimate. 

"The bad actors have also replicated the original page's user interface. Once their victims click into the phishing page, a pop-up appears on the phoney window claiming that their systems have been blocked, posing as a notification from the Home Affairs Enforcement and Police," the researchers asserted. 

The users are then alerted that their excessive usage of pornographic websites is banned under Indian law, and they are asked to pay a Rs 30,000 fee in order to unlock their computers.

"They are given a form to fill out in order to pay the fine, which asks them to divulge personal information, including their credit card information. The victims become panicked because the warning has a sense of urgency and appears to be time-bound," the researchers stated. 

The information entered by the victims into the form is sent to the attacker's server. Once the attackers have obtained the card information, it may be sold to other purchasers in a bigger network of cyber criminals, or the victim may be extorted for more funds. 

When users attempt to connect to a website, they may click on a malicious link that appears as an SSO login pop-up window. Users are requested to check in to the website using their SSO credentials when they visit the provided URL. The victims are then sent to a fraudulent webpage that appears just like the SSO page. The attack often triggers single sign-on windows and presents bogus web pages that are identical to the legitimate page. 

"Combine SSO with MFA (multi-factor authentication) for secure login across accounts, check for suspicious logins and account takeovers and avoid clicking on email links from unknown sources," the researchers suggested.
Read more »
Subscribe to: Posts (Atom)