Worldwide Ransomware attacks confirmed in April 2020

Roll-up of Ransomware attacks we have detected in April 2020

Hospitals Deliberately Targeted by Ransomware During #COVID19 Peak

Despite promises from some ransomware groups to avoid targeting healthcare organizations (HCOs) during the COVID-19 crisis, multiple campaigns decided to activate in early April after months of planning, according to Microsoft.

Hackers publish ExecuPharm internal data after ransomware attack

U.S. pharmaceutical giant ExecuPharm has become the latest victim of data-stealing ransomware.
https://techcrunch.com/2020/04/27/execupharm-clop-ransomware/

Portugal’s Energy Giant EDP Hit By Ransomware Attack

Portugal’s energy giant Energias de Portugal (EDP) fell victim to a ransomware attack this week, with hackers threatening to leak more than 10 terabytes of sensitive company information unless the firm pays the equivalent of US$11 million in bitcoin.

Zaha Hadid Architects Hit With Ransomware Attack

The Architects’ Journal (AJ) reports that a hacker broke into the servers of Zaha Hadid Architects and stole confidential information in an attempt to extort money.
https://www.architecturalrecord.com/articles/14588-zaha-hadid-architects-hit-with-ransomware-attack

Ransomware Shuts Down Colorado Hospital IT Network Amid COVID-19

Parkview Medical Center is continuing to recover from a ransomware attack that shut down its IT network over a week ago; another ransomware attack and an email hack complete this week’s breach roundup.
https://healthitsecurity.com/news/ransomware-shuts-down-colorado-hospital-it-network-amid-covid-19

Ransomware Attack on Portuguese Energy Company EDP Shows Increasing Trend Toward Public Leaking of Sensitive Information

EDP is the biggest energy company in Portugal and one of the largest wind power operators in the world. The company was breached by a hacking group called Ragnarok, known for using the custom Ragnar Locker ransomware that has been hitting managed service providers since late 2019.

US govt: Hacker used stolen AD credentials to ransom hospitals

Hackers have deployed ransomware on the systems of U.S. hospitals and government entities using stolen Active Directory credentials months after exploiting a known remote code execution (RCE) vulnerability in their Pulse Secure VPN servers.

IT services giant Cognizant suffers Maze Ransomware cyber attack

Information technologies services giant Cognizant suffered a cyber attack Friday night allegedly by the operators of the Maze Ransomware, BleepingComputer has learned.

The State of Ransomware in the US: Report and Statistics for Q1 2020

In 2019, 966 government agencies, educational establishments and healthcare providers in the US were impacted by ransomware. While the early indicators were that the 2020 numbers would be similar to 2019’s or perhaps even worse, that has proved not to be the case. A total of 89 organizations were impacted by ransomware in Q1, however, as the COVID-19 crisis worsened, the number of successful attacks reduced considerably and is now at a level not seen in several years.

DoppelPaymer Ransomware hits Los Angeles County city, leaks files

The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted.

SeaChange video platform allegedly hit by Sodinokibi ransomware

A leading supplier of video delivery software solutions is reportedly the latest victim of the Sodinokibi Ransomware, who has posted images of data they claim to have stolen from the company during a cyberattack.

Fresh Ransomware Targets Android Devices

The gang behind Black Rose Lucy malware, which targets Android users, has added ransomware capabilities, according to Check Point Research. The malware, which dates back to 2018, originally was designed as a malware-as-a-service botnet and dropper for other malicious code but has now expanded.

Travelex Ransomware Attack Payment: $2.3 Million

Travelex paid hackers $2.3 million to recover from a New Years Eve ransomware attack, The Wall Street journal reports.

Danish Agro’s computer systems hacked

Agribusiness group, Danish Agro, was the target of ransomware attack on Sunday, April 19.

Ransomware Hackers Hit Cononavirus Biotech Researchers

Ransomware hackers in March hit a biotechnology research outfit working to understand the human body’s immune response to help speed development of a vaccine for the Coronavirus (Covid-19) pandemic.

Another COVID-19 Research Firm Targeted by Ransomware Attack

Hackers hit biotech research firm 10x Genomics with a ransomware attack amid work on potential COVID-19 treatments; two email security hacks complete this week’s breach roundup.
https://healthitsecurity.com/news/another-covid-19-research-firm-targeted-by-ransomware-attack

Ransomware threats to Kolkata execs working from home, using Zoom: Police

KOLKATA: Two city-based professionals, who were working from home and using the Zoom video calling app, allegedly received ransomware threats, demanding payments in bitcoins, police said on Wednesday.

Sodinokibi Ransomware Attacks Florida Town’s Digital Services

Cybercriminals in March launched a ransomware attack against the town of Jupiter, Florida. The cyberattack temporarily disabled many of Jupiter’s digital services, according to The Palm Beach Post.

Coffee Co. Jail target of ransomware attack

The Coffee County jail was targeted in a ransomware attack. Tennessee Bureau of Investigation and state Homeland Security cyber experts are investigating.

Ransomware attacks lock 2 Manitoba law firms out of computer systems

The Law Society of Manitoba believes the attacks may have originated from email attachments

Ransomware Attackers Exploit #COVID19 to Target Hospital VPNs

Microsoft has been forced to alert several dozen hospitals in a “first of its kind notification” that their gateway and VPN appliances are vulnerable to ransomware groups actively scanning for exposed endpoints.

City of Olean Computers Hit With Ransomware

A ransomware attack shut down computers at the Olean Municipal Building for several hours on Friday.

Leading accounting firm MNP hit with cyberattack

A leading accounting firm in Canada forced a company-wide shutdown of their systems after getting hit with a cyberattack last weekend, BleepingComputer has learned.

NTPC confirms ‘cyber attack’ from unknown source on Thursday, RCMP investigating

The Northwest Territories Power Corporation’s (NTPC) website went down Thursday afternoon, leaving some pages to show what appears to be a ransomware message from unknown hackers.

Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay

Internal confidential documents belonging to some of the largest aerospace companies in the world have been stolen from an industrial contractor and leaked online.

Ransomware attacks see 148% surge amid COVID-19

VMware Carbon Black saw a 148% increase in ransomware attacks in March over baseline levels in February, plus a massive spike in attacks on financial institutions.

Ransomware targets C-suite executives

C-suite executives will increasingly be targeted as cyber criminals look for ways to extort money from large corporations, according to a new report from cyber analytics provider CyberCube.

46% of small and medium businesses targeted by ransomware and 73% paid

The small and medium business (SMB) community is no stranger to ransomware attacks. A recent report revealed that hackers have targeted 46% of SMBs, with 73% of those companies paying the ransom.

Brandywine Counseling and Community Services notifies patients of ransomware incident

Brandywine Counseling and Community Services, Inc. disclosed a breach. Note that this is not the Brandywine Urology breach recently disclosed but a different entity and a different breach. DataBreaches.net has reached out to Brandywine Counseling to ask for clarification on certain details, but has not received any response by publication time. This incident is not yet up on HHS’s public breach tool, so we also do not yet know how many patients have been notified.
https://www.databreaches.net/brandywine-counseling-and-community-services-notifies-patients-of-ransomware-incident/