Search the Community

The ransomware group that attacked a subsidiary of UnitedHealth Group stole massive amounts of customers’ private health care data, the latest in a continuing string of information coming out about the data breach. In a statement this week, UnitedHealth said that, based on targeted sampling of the data taken, the number of files that contained.. The post UnitedHealth: Ransomware Attackers Stole Huge Amount of Data appeared first on Security Boulevard. View the full article

HelloKitty is back. The dreaded ransomware, which died in late 2023 after the developer leaked both the builder and the source code on a hacker forum, is back with a new name and a new data leak website. According to BleepingComputer, both the ransomware and the dark web portal are now called HelloGookie, most likely after the developer and operator, Gookee/kapuchin0. For the uninitiated, the original HelloKitty ransomware was developed and maintained by a hacker with the alias Guki. That ransomware was known for targeting large organizations and corporations. It was established in late 2020, and gained infamy for breaching CD Projekt Red in February the next year. Releasing decryptors CD Projekt Red is a Polish game studio famous for its Witcher game series, as well as Cyberpunk 2077. So far, the Witcher series sold more than 50 million copies worldwide, while Cyberpunk 2077 currently sits at around 25 million. Both are open-world, role-playing games (RPG), and both have won numerous awards. Witcher 3 is widely considered as one of the best RPGs ever created. When HelloKitty hit CD Projekt Red, it stole roughly 450GB of uncompressed source code, including files for an unreleased version of the Witcher 3 game, allegedly sporting ray tracing, a rendering technique used in computer graphics to produce highly realistic images by simulating the way light interacts with objects in a scene. Eventually, the technique made it to the Witcher 3 game in a 2022 update. To “celebrate” the resurrection, the ransomware’s operator released the data stolen in the CD Projekt Red data breach, as well as data stolen from Cisco in a 2022 attack. Furthermore, they published four private decryption keys that can be used to decrypt files locked by HelloKitty. There are currently no new leaks on the website, and no indication that there are any ongoing attacks. HelloKitty was a major player in the ransomware game. Whether HelloGookie manages to repeat the success of its predecessor remains to be seen. More from TechRadar Pro HelloKitty ransomware behind CD Projekt Red attackHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article

The Akira ransomware has been around for just more than a year, but has caused its share of damage, racking up more than 250 victims and pulling in about $42 million in ransom, according to law enforcement and cybersecurity agencies in the United States and Europe. Akira was first detected in 2023, showing itself to.. The post Akira Ransomware Group Takes In $42 million from 250 Attacks in a Year appeared first on Security Boulevard. View the full article

FBI, CISA, EC3, and NCSC-NL issued an urgent advisory highlighting the use of new TTPs and IOCs by the Akira ransomware group. The post SafeBreach Coverage for AA24-109A (Akira Ransomware) appeared first on SafeBreach. The post SafeBreach Coverage for AA24-109A (Akira Ransomware) appeared first on Security Boulevard. View the full article

Preemptive protection and reactive cybersecurity strategies for best possible ransomware protection We live in a time where digital transformation dictates the pace of business, and the necessity for ransomware protection strategies and preemptive protection is essential to organizational integrity and continuity. “Ransomware will cost its victims around $265 billion (USD) annually by 2031, with a... The post Proactive and Reactive Ransomware Protection Strategies appeared first on TrueFort. The post Proactive and Reactive Ransomware Protection Strategies appeared first on Security Boulevard. View the full article

When deploying ransomware on a target system, threat actors will almost always look to compromise the backups, too. Organizations that lose their backups end up paying a lot more in ransom demands, and losing even more in the recovery process, a new report from cybersecurity researchers Sophos has claimed, highlighting the importance of keeping the backups safe. The company surveyed almost 3,000 IT and cybersecurity professionals, whose organizations suffered a ransomware attack in 2023. Almost all (94%) respondents said the attackers went after their backups, too, rising to 99% in state and local government, the media, leisure, and entertainment sectors. Higher demands Organizations in the energy, oil and gas, and utilities, were most likely to lose their backups to ransomware (79%), followed by education (71%). Across all sectors, the researchers said, more than half (57%) of all compromise attempts were successful. As a result, the ransom demands grew. Victims whose backups were compromised received, on average, more than two times the ransom demand of those who kept their backups safe. The median ransom demand was around $2.3M (backups compromised) and $1M (backups not compromised). What’s more, organizations with compromised backups were almost twice as likely to pay the ransom, compared to those with safe backups (67% compared to 36%). The median ransom payment for organizations with compromised backups was also double - $2 million versus $1.062 million. These firms were also unable to negotiate down the ransom payment, as the attackers were well-aware of the strong position they held during the negotiations. “Backups are a key part of a holistic cyber risk reduction strategy,” the researchers said. “If your backups are accessible online, you should assume that adversaries will find them. Organizations would be wise to take regular backups and store in multiple locations; be sure to add MFA (multi-factor authentication) to your cloud backup accounts to help prevent attackers from gaining access, practice recovering from backups; and secure your backups.” “Monitor for and respond to suspicious activity around your backups as it may be an indicator that adversaries are attempting to compromise them.” More from TechRadar Pro These two ransomware giants are joining forces to hit more victims across the worldHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article

The healthcare sector has once again found itself at the center of a storm. On February 21, Change Healthcare, a titan in healthcare support services, suffered a devastating cyberattack by the notorious BlackCat/ALPHV group. This incident has sent shockwaves through the U.S. healthcare system, affecting hospitals, clinics, and pharmacies nationwide. The Unfolding of the Cyberattack […] The post A(nother) Ransomware Saga with a Twist appeared first on TuxCare. The post A(nother) Ransomware Saga with a Twist appeared first on Security Boulevard. View the full article