Worldwide Ransomware attacks confirmed in June 2020

Roll-up of Ransomware attacks we have detected in June 2020

U.S. defence contractor lost sensitive data to Maze ransomware attack

Westech International, a prominent defence contractor in the U.S. that works for various government defence agencies, recently suffered a major ransomware attack that resulted in the loss of confidential information to hackers.

REvil Ransomware Group Auctions Stolen Data

A prolific ransomware group has begun auctioning data stolen from victim organizations that refuse to pay up, marking an escalation in its monetization efforts.

NASA contractor reportedly hit by ransomware

Ransomware operator has encrypted 2,583 servers and workstations belonging to NASA contractor DMI

Big global IT outsourcer Excis hit by Windows ransomware

Global IT outsourcing firm Excis has been hit by a Windows ransomware attack, with the malware used being Sekhmet, another one of the breed that exfiltrates victims’ data before locking it down.

Netwalker ransomware continues assault on US colleges, hits UCSF

The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stolen unencrypted data, and encrypted their computers.

Two more Australian companies hit by Mespinoza/Pysa ransomware

Two more Australian companies have been hit by attackers using the Mespinoza/Pysa Windows ransomware, the same malware that was used to take down the Australian money management firm MyBudget, security sources have told iTWire .

Ransomware attack causes system outage at telecom firm

South Africa-based telecommunications firm Telkom SA SOC Ltd. suffered a ransomware attack, which led to outages across of its several systems, MyBroadband reports citing sources. Staff working remotely have been unable to connect to servers or to the Telkom virtual private network. The ransomware attack follows severe disruptions at Telkom since May 29, when the company said that its call centers were experiencing “technical disruptions.”

Ransomware group takes MyBudget name off site, reason unknown

The saga surrounding Australian money management firm MyBudget is yet to end, with the ransomware group which infiltrated its servers now removing the company’s name from the site where it advertises the names of victims who have not acceded to its ransom demands.

Hackers Access PHI During Mat-Su Surgical Ransomware Attack

Arkansas-based Mat-Su Surgical is notifying 13,146 patients that a hacker accessed their PHI during a ransomware attack in March; a website configuration error and another ransomware attack complete this week’s breach roundup.
https://healthitsecurity.com/news/hackers-access-phi-during-mat-su-surgical-ransomware-attack

Criminal organisation’ carries out a ransomware attack on a £600m company owned by Kent County Council

On 22 May, local news site Shepwayvox reported that Kent Commercial Services (KCS) “suffered a ransomware attack and took down their website” on 2 April. Kent County Council (KCC) wholly owns KCS, which has an annual turnover of around £600m.

Ransomware locks down the Nipissing First Nation

The Nipissing First Nation administration stopped a ransomware attack in its tracks but not soon enough to prevent disruption of communications.

IT Services Giant Conduent Suffers Ransomware Attack, Data Breach

Conduent, a $4.4 billion by revenue (2019) IT services giant, has admitted that a ransomware attack hit its European operations — but says it managed to restore most systems within eight hours.

Ransomware Strikes Three US Universities

A ransomware gang claims to have successfully attacked three universities within the last seven days. They say that their latest attack was against the University of California San Francisco, or UCSF, on June 3.

Hackers Target Fincantieri’s Norwegian Unit With Ransomware

A group of hackers executed a successful attack this week on shipbuilder Fincantieri SpA’s Norwegian unit, an Italy-based representative for the company said, confirming local reports.

QNAP NAS devices targeted in another wave of ransomware attacks

The operators of the eCh0raix ransomware have launched another wave of attacks against QNAP network-attached storage (NAS) devices.

Maze Ransomware Leaks Stolen Data From AT San Antonio Aerospace

Maze ransomware group has posted the stolen data from AT San Antonio Aerospace, as they claim to have breached the network of ST Engineering in March this year. And since the AT San Antonio Aerospace is a part of ST Engineering group, they had their hands on its database, which is of 1.5TB. The group has posted over 100 documents to support their claims, which contained the company’s financials, contracts, and proposals.

BREAKING: Columbia student information at risk in ransomware attack

Columbia is the latest victim in an attack by a group of data hackers known as NetWalker that is threatening to publish students’ private data and sell their personal information on the dark web.

This new ransomware is targeting Windows and Linux PCs with a ‘unique’ attack

A newly uncovered form of ransomware is going after Windows and Linux systems in what appears to be a targeted campaign.

Israeli Software Firm Goes Behind Regulator’s Back to Pay $250,000 in BTC Ransom

Israel-based Sapiens reportedly paid in Bitcoins for a ransom requested during an attack that reportedly happened between March and April.

MaxLinear (MXL) discloses security incident resulting from Maze ransomware attack

On June 16, 2020 MaxLinear, Inc. announced a security incident resulting from a Maze ransomware attack affecting certain but not all operational systems within our information technology infrastructure.

Honda global operations halted by ransomware attack

Honda has confirmed a cyberattack that brought parts of its global operations to a standstill.
https://techcrunch.com/2020/06/09/honda-ransomware-snake/

Knoxville Is the Latest American City to Suffer a Ransomware Attack

The city of Knoxville had to shut down its IT infrastructure following a ransomware attack launched by an unknown gang.

Ransomware attack compromises Australian beer supply

A ransomware attack on beverage company Lion could result in a temporary shortage of Australian beer after it was compelled to shut down key systems.

Snake ransomware attack hits power company Enel Group

The Enel Group was hit by a ransomware attack from EKANS (SNAKE) ransomware operators that affected its internal network, according to reports.
https://www.scmagazineuk.com/snake-ransomware-attack-hits-power-company-enel-group/article/1686199

United States Nuclear Missile Contractor Hit by Maze Ransomware Attack

A U.S. nuclear missile contractor was hit by a Maze ransomware attack that allowed hackers to access sensitive information.

Ransomware Attack Targets Victoria Beckham’s Personal Data

Maze ransomware group threatens to leak stolen data from Threadstone Advisors, LLC.

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware.

RDH suffers ransomware attack

Rangely District Hospital (RDH) will send notices this week to patients whose records may have been involved in a ransomware attack in April 2020.

Fisher & Paykel Appliances struck by Nefilim ransomware

Fisher & Paykel Appliances is the latest big brand name to be struck down by ransomware, shutting down its operations while it recovered following the attack.

Magellan Health says targeted by ransomware attack

Pharmacy benefits manager Magellan Health Inc said on Friday it was the target of a ransomware attack in which customer information such as physical addresses and health insurance account details may have been leaked.
https://finance.yahoo.com/news/magellan-health-says-targeted-ransomware-115800582.html

Robotics Company Falls Prey to Ransomware Attack

Ransomware gang REvil strikes a US-based robotics firm, leaking their sensitive data on the dark web.

Elexon files posted online following May’s ransomware attack

Documents obtained during a cyberattack on Elexon last month have reportedly been leaked on the dark web.

Ransomware group auctions Crozer-Keystone Health System data on darknet

Netwalker, a ransomware operator that threatens to publish data online if ransoms aren’t paid, hacked Springfield, Pa.-based Crozer-Keystone Health System and is auctioning off its data online, according to Cointelegraph.

Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline

Indian conglomerate Indiabulls Group has allegedly been hit with a cyberattack from the CLOP Ransomware operators who have leaked screenshots of stolen data.

Toronto accounting firm hit by ransomware

A Toronto chartered accounting firm is trying to recover after a recent ransomware attack that saw some of its data encrypted after documents were copied and are now being auctioned off on the dark web.

Attackers hit Thai power authority using Maze ransomware

Attackers have hit Thailand’s Provincial Electricity Authority using the Maze ransomware that runs only on Windows and have released data from the company on the dark web.

DraftKings discloses SBTech ransomware attack in SEC filing

In a Form S-1 filed with the SEC today, DraftKings disclosed that SBTech, who they merged with in April, was hit by a ransomware attack at the end of March 2020.

ConnectWise partners hit by ransomware via automate flaw

Multiple ConnectWise partners have had their customers hit with ransomware through a software flaw that the company revealed last week with one having several end users compromised, according to a source who spoke on condition of anonymity.

Business giant Xerox allegedly suffers Maze Ransomware attack

Maze ransomware operators have updated their list of victims adding Xerox Corporation to the roster. It appears that the encryption routine had completed on June 25.

Ransomware Attacks NHAI Email Server, No Data Loss Reported

The National Highways Authority of India (NHAI) witnessed a ‘ransomware attack’ on its e-mail server on Sunday.

LG Reportedly Attacked By Ransomware Maze Developers

The developer group behind the ransomware Maze claims to have attacked the electronics manufacturer LG and stole data. The stolen information is said to have included 40 gigabytes of source code. However, LG has not yet confirmed the attack.

Gang uses DoppelPaymer ransomware to attack Mitsubishi Paper site in Germany

Cyber criminals using the DoppelPaymer ransomware that attacks Windows systems have hit Mitsubishi HiTec Paper Europe, a company based in Germany, which is a part of Tokyo-based Mitsubishi Paper Mills.

Ransomware gang offers celebrity data from New York legal firm for auction

Attackers who hit the New York-based entertainment and media lawyers Grubman Shire Meiselas & Sacks using the REvil ransomware that attacks Windows systems have threatened to sell data on celebrities like singer Nicki Minaj, basketball star LeBron James and singer Mariah Carey through an acution process on 1 July.

Big-name Connecticut legal firm takes a hit from Sekhmet ransomware

A gang of hackers has used the Sekhmet ransomware to attack the site of Coles, Baldwin, Kaiser & Creager, a legal firm based in Connecticut, that has a long list of well-known clients.