Worldwide Ransomware attacks confirmed in May 2020

Roll-up of Ransomware attacks we have detected in May 2020

Hackers Stole 220GB of Data in Toll Group Ransomware Attack

Following the revelation that the Toll Group, an Australian transportation company with a global reach, was compromised with ransomware a second time in less than six months, new information has come to light. Hackers stole massive amounts of data, in addition to locking systems with ransomware.

Texas Takes Second Ransomware Hit

The Texas Department of Transportation (TxDOT) has been hit by ransomware just days after the state’s judiciary system suffered the same fate.

Toll Group Data Leaked Following Second Ransomware Incident

Australian shipping giant Toll Group recently suffered its second ransomware attack of the year, with Thomas Knudsen, the company’s managing director, branding the latest attack as being serious and regrettable.

One in three ransomware attacks target business users

Of all the ransomware attacks that occured last year, a third targeted corporate users. This is according to a new report from cybersecurity firm Kaspersky, which states a total of 767,907 attacks were registered.

More and more organizations are falling to ransomware – will you be next?

It’s been “the year of ransomware” for about the past three years. And while you may be tired of hearing about the trend and just getting used to the reality, you may also like to remember: instances of attacks are climbing – quickly – and we’re now reaching a level where more than half of ransomware schemes result in a business paying out.

New Ransomware Uses a Banking Trojan To Attack Governments and Companies

A new type of ransomware attack emerged in recent months, raising red flags among the cybersecurity community and authorities such as the FBI in the United States. Cybersecurity firm Group-IB has warned that it comes in the form of a Trojan, according to a report published on May 17.

UK public sector remains highly vulnerable to ransomware attack

The public sector is still highly vulnerable to cyberattacks due to a lack of awareness among employees, according to a new report from data security provider Clearswift.

Ransomware is now the biggest online menace you need to worry about - here’s why

Ransomware attacks have become more commonplace than payment card theft incidents for the first time, as cyber criminals alter how they go about their malicious operations in an effort to gain the biggest financial reward for the least amount of effort.

Maze ransomware attack will cost Cognizant at least $50m to $70m

A ransomware attack on IT services supplier Cognizant will cost the company between $50m and $70m over the next three months and it will incur further costs during the year as it works to fully restore its computer systems.

Diebold Nixdorf hit by ransomware attack

ATM manufacturer Diebold Nixdorf has suffered a ransomware attack on its corporate network, disrupting some operations.

“ColdLock” Ransomware Hits Taiwanese Organizations

Researchers discovered a new ransomware codenamed “ColdLock” that targeted several organizations in Taiwan. According to researchers from Trend Micro , the ransomware appears to target databases and email servers for encryption.

Ransomware gangs are changing targets again. That could make them even more of a threat

The coronavirus pandemic has forced most organisations to rethink how they work. And it appears now that even cybercrooks and ransomware gangs are having to adapt their behaviour to adjust to the ongoing virus crisis.

Pitney Bowes hit with second ransomware attack

For the second time in a seven-month span, Pitney Bowes has been hit by a ransomware attack, but cyber experts and financial analysts cautioned against rashly judging the company’s security practices – or assuming fiscal doom – with some suggesting that lessons learned from the first attack may have limited the damage of the most recent one.

Sodinokibi ransomware can now penetrate locked files

The Sodinokibi ransomware has gained a new feature that allows it to encrypt files that were previously out of its reach.

Energy company’s website takes ransomware hit from unknown hackers

The website of Northwest Territories Power Corporation (NTPC) went down last week after hackers managed to disable the site with ransomware.

Ransomware: Average Business Payout Surges to $111,605

The average ransom paid by victims to ransomware attackers reached $111,605 in the first quarter of this year, up 33% from the previous quarter, reports ransomware incident response firm Coveware. In addition, every attacker now typically demands a ransom payment only in bitcoins.

Ransomware Slams Healthcare, Logistics, Energy Firms

Ransomware attacks hit at least four large organizations around the world this week, including a hospital group in Europe that has been battling the COVID-19 pandemic.

Snake ransomware attack disrupts operations at hospital chain Fresenius Group

A major ransomware attack has disrupted operations at Germany-based Fresenius Group, Europe’s largest private hospital operator whose dialysis products and services are in huge demand in the middle of the COVID-19 pandemic.

Here’s a list of all the ransomware gangs who will steal and leak your data if you don’t pay

Ransomware gangs are getting more aggressive these days about pursuing payments and have begun stealing and threatening to leak sensitive documents if victims don’t pay the requested ransom demand.

Ransomware Hit ATM Giant Diebold Nixdorf

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network.

Ransomware Attacks Toll Group for Second Time in 2020

Nefilim ransomware attacks Toll Group’s technology network. Global logistics company has over 1,200 locations. Earlier attack involved Mailto ransomware.

Maze ransomware gang leak Banco BCR card data

The Maze ransomware gang have started posting payment card data stolen during a breach at state-owned Banco de Costa Rica.

New Ransomware Employs Never-Before-Seen Attack Method

A UK-based cybersecurity firm unveiled new details of Ragnar Locker ransomware attack that uses a VirtualBox app.

Ransomware attack hits international fisheries organization in Halifax

An international fisheries organization based in Halifax that previously had questions raised about its cybersecurity has been hit by a ransomware attack.

Ransomware Attack Hits One Public Figure After Another

A mysterious ransomware gang known as ‘REvil’ has been wreaking havoc online in recent days following a high profile ransomware attack targeting New York-based entertainment and media law firm Grubman Shire Meiselas & Sacks earlier this month.

Sodinokibi ransomware can now penetrate locked files

The Sodinokibi ransomware has gained a new feature that allows it to encrypt files that were previously out of its reach.

REvil Ransomware Attacks Food Distributors; Hackers Seek $7.5M Ransom

The REvil Sodinokibi hacking group has hijacked data files belonging to two large food distributors in a ransomware attack that reportedly exposed sensitive information of at least three megamarket food chains.

Vigilante hackers launch ransomware attack on loan scammers

A hacker group known as CyberWare is using a new ransomware called MilkmanVictory to target companies that, it believes, are carrying out loan scams.

[F]Unicorn Ransomware Masquerading as COVID-19 Contact Tracing App

A new ransomware family called “[F]Unicorn” masqueraded as a COVID-19 contact tracing app in order to target Italian users.

Ransomware Attack on Europe’s Largest Private Hospital Operator

The largest private hospital operator in Europe has been struck by a ransomware attack as the continent strives to prevent healthcare systems from being overwhelmed by the COVID-19 pandemic.

REvil ransomware hackers threatening to release “dirty laundry” on Donald Trump

The hacker group behind last week’s REvil (Sodinokibi) ransomware attack on New York-based law firm Grubman Shire Meiselas & Sacks is now demanding $42 million and threatening to release controversial information on U.S. President Donald Trump.

Sodinokibi Ransomware Attacks Celebrity Law Firm: Report

Cybercriminals have used Sodinokibi (REvil) ransomware to steal celebrity contracts, nondisclosure agreements, phone numbers, email addresses and other sensitive information from media and entertainment law firm Grubman Shire Meiselas & Sacks, according to Variety.

NetWalker Ransomware Expands Operations, Targeting Healthcare

NetWalker ransomware actors have exploited the healthcare sector throughout the COVID-19 crisis. Now, the hackers are pairing up with other cybercriminals to gain enterprise access.
https://healthitsecurity.com/news/netwalker-ransomware-expands-operations-targeting-healthcare

Ransomware Gang Posting Financial Details From Bank Attack

The Maze ransomware gang has started releasing payment card data from an attack that happened earlier this year at Banco BCR, the state-owned Bank of Costa Rica, according to several cybersecurity experts.

Anglo-Eastern suffers ransomware attack

Anglo-Eastern, one of the world’s largest shipmanagers, has become the latest big name to suffer a cyber attack.

Australian customer experience firm Stellar hit by ransomware

Australian customer experience firm Stellar, that also operates across Asia, North America and Africa, appears to have taken a hit from a group of attackers using the NetWalker ransomware that works on Windows systems.

Retailer IN SPORT’s head office hit by ransomware

IN SPORT, a NSW-based retailer, had its head office server and computers ransomwared last week and is unsure exactly what files the attackers accessed.

Texas courts slammed by ransomware attack

Texas has revealed a ransomware attack launched against its court system but insists no ransom will be paid.

ExecuPharm Suffers Ransomware Attack, Hackers Published Data on Darknet

The U.S.-based pharmaceutical giant ExecuPharm admitted it became a victim of a cyberattack.

MAZE Claims Ransomware Attack on US Egg Supplier

The threat group MAZE has published what it claims is data stolen from a Minnesota egg supplier during a ransomware attack.

Superintendent: ‘Ransomware-type virus’ attacks North Babylon School District

A portion of the North Babylon School District’s computer network has been infected by a “ransomware-type virus,” according to Superintendent Glen Eschbach.

Snake ransomware leaks patient data from Fresenius Medical Care

Medical data and personally identifiable information belonging to patients at a Fresenius Medical Care unit are currently available online on a paste website.

Northwest Atlantic Fisheries Organization hit by ransomware attack

The Northwest Atlantic Fisheries Organization (NAFO), an intergovernmental organization that manages fish stocks in international waters in the northwest Atlantic Ocean, has been hit by a ransomware attack, according to the CBC News.
https://www.seafoodsource.com/news/business-finance/northwest-atlantic-fisheries-organization-hit-by-ransomware-attack

Columbus Mayor confirms ransomware attack on city government yesterday

The Columbus Consolidated Government confirmed today that a ransomware attack targeting the city occurred on May 26.
https://www.wrbl.com/news/local-news/columbus-mayor-confirms-ransomware-attack-on-city-government-yesterday/

Rio Arriba County hit in ransomware cyberattack

Rio Arriba County government was the victim of a ransomware cyberattack, with a significant but still unknown number of its network servers, electronic files and databases having been encrypted, according to a Wednesday news release.

Ransomware attack targets Nipissing First Nation

Nipissing First Nation (NFN) has confirmed it was the victim of a ransomware attack earlier this month that affected the administration’s computers and server.

Michigan State University hit By Ransomware Gang – Cybersecurity Experts Insight

Michigan State University is being targeted with ransomware, and the attackers in this case made the announcement.

Ransomware Attack on Magellan Health Results in Data Exfiltration

Magellan Health, a Fortune 500 company, reports hackers exfiltrated data from its systems before launching a ransomware attack; a “sophisticated cybersecurity incident” and another ransomware attack complete this week’s breach roundup.
https://healthitsecurity.com/news/ransomware-attack-on-magellan-health-results-in-data-exfiltration

Maze Ransomware Hackers Post Patient Data Stolen from 2 Providers

Despite assurances healthcare providers were off-limits during COVID-19, Maze ransomware hackers post patient data stolen from two covered entities; a separate phishing attack completes this week’s breach roundup.
https://healthitsecurity.com/news/maze-ransomware-hackers-post-patient-data-stolen-from-2-providers

REvil Ransomware found buyer for Trump data, now targeting Madonna

The REvil ransomware group claims to have buyers ready for documents containing damaging information about US‌ President Donald Trump and is preparing to auction data on international celebrity Madonna.

Ransomware Attack Kidnaps Austrian City

Malware team, NetWalker, launched a ransomware attack against the Austrian village of Weiz. This attack affected the public service system and leaked some of the stolen data from building applications and inspections.

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking.

New Mexico County Government Falls Victim to Ransomware

The ransomware attack against Rio Arriba County was first discovered earlier this week. The incident encrypted network servers, electronic files, and databases. The extent of damage is under investigation.

Ransomware attack affects 13,146 patients’ info at Alaska surgical practice: 4 details

Palmer, Alaska-based Mat-Su Surgical Associates reported a ransomware attack that affected thousands of patients’ information.

Number of ransomware attacks rises in Czech Rep

Since quarantine and social distancing rules were put in place in March, the number of ransomware attacks in the Czech Republic increased by 40% compared to the start of the year, Czech Radio reports.

Internal documents published after Stadler refuses $US 6m ransom

INTERNAL documents stolen during a cyber-attack on Stadler’s headquarters have been published online after the manufacturer refused to give in to ransom demands.