Signature Performance Insurance, a leading provider of healthcare administrative solutions and services, suffered a ransomware attack by Medusa, publishing data worth $2500000. A critical flaw in GoAnywhere MFT is currently allowing anyone to become an admin. The vulnerability tracked as CVE-2024-0204 has a score of 9.8. A report by Forta revealed that an “Authentication bypass in Fortra’s GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user via the administration portal.” Users are advised to upgrade to version 7.4.1. Cyber Threat actors have ransomed 24 new organisations today. The victims include:
-
- Double Eagle Energy Holdings IV: The attack on the American company led to the exfiltration and encryption of 929994 files worth 798.50 GB in size.
- UK Stratton Primary School: In this attack, the United Kingdom-based school lost customer data and passwords with a total of 78023 files worth 125.79GB exfiltrated.
- Medjet: A US-based company with revenue of $10.5m and over 45 employees. The attack led to the exfiltration of 32913 files worth 79,54GB including passwords and customer data.
- Crystal Lake Health Center: A US-based company with revenue of $16.7M also suffered a data breach that resulted in the exfiltration of private data, passwords, and 37281 files. The total exfiltrated file size is 137.62GB when reporting this incident.
- Austal USA: The giant American company with over 4300 employees and revenue of $100m suffered a data breach that resulted in the exfiltration of 7151 files containing government data and technological data. The total size of the exfiltrated data is 11.21GB.
- United Africa Group Ltd: The ransomware attack against this Namibian company has resulted in the exfiltration of 36 file directories, 152297 files containing customer data, government data, technology, passwords, and private data. 183.77GB is the total size of data lost.
- Homeland Inc.: An American company with a revenue of $43.5M. The attack on the company resulted in the exfiltration of 183793 files containing databases, private data, and passwords. The total size of data lost is 204.09GB.
- TCI Co, Ltd: A Taiwan-based company with a revenue of $324.0m lost 104256 files containing Customer data, technological data, and financial data worth 237.62GB.
- Fred Hutchinson Cancer Research Center: A US-based company with over 5700 employees and revenue of $948.0M suffered a data breach. The attack on this victim resulted in the exfiltration of 711627 files worth 533.07GB.
- C. Moore Trucking: The American company with revenue of $53.8M and 261 employees suffered exfiltration of 1132736 files containing passwords, financial data, and databases. 608.44GB is the total size of files exfiltrated.
- Thermosash Commercial Ltd: The New Zealand company with revenue of $70.0M suffered the loss of 776229 files worth 1772.55GB in size.
- Lincoln Office: The attack on this United States company resulted in the exfiltration of 298618 files worth 370.36GB. The company currently has a revenue of $19.4M and 68 employees.
- Bartec Top Holding GmbH: The attack on this German company resulted in the exfiltration of 192643 files containing private data, financial data, and databases, all worth 1412.47GB in size. The company has 1500 employees and a revenue of $407.4M.
- Owens Group: The United Kingdom company with $293.9M was lucky to escape file exfiltration and data loss.
- IDESA Group: The Mexican company suffered the exfiltration of 581054 files containing database and financial data worth 753.89GB. The company’s revenue is $403.4m, and the company currently has 1776 employees.
- THK Co. Ltd: This is a Japanese company with 13502 employees. The attack on the company resulted in the exfiltration of 1570975 files containing private and technological data worth 1811.08GB.
- Dr Jaime Schwartz MD, FACS: The United States company suffered data theft and encryption due to the ransomware attack. The group exfiltrated 496628 files worth 2304.94GB in size in the process.
- Project M.O.R.E: The attack on the United States company resulted in the exfiltration of 26390 worth 23.14GB in size. The group also encrypted the company’s exfiltrated data.
- Ausa: Reports on the attack revealed no data encryption, but there was exfiltration of 230731 data worth 453.82GB. The American company’s revenue is $70.0M.
- InstantWhip: the American company with a revenue of $300.0M suffered both data encryption and exfiltration. The group exfiltrated 28184 data worth 21.62GB in size during the attack. The files contain both technological and private data.
- Gunning and LaFazia Inc: This is another American company with a revenue of $5.0M. The attack on the company resulted in data encryption and exfiltration. The group exfiltrated 310304 files worth 372.62GB.
- Builders Hardware and Hollow Metal, Inc: The attack on this American company resulted in the exfiltration of 487489 files worth 824.76GB. The attack resulted in data encryption with financial and private data included.
- Alupar Investimento SA: This Brazilian company has a revenue of $939.4M. The attack on the company caused both data exfiltration and encryption. The group exfiltrated 242787 files worth 699.97GB in size.
- Covenant Care: The attack on Covenant Care resulted in the exfiltration of 238868 files containing customer data, database, financial and private data. The company has 8000 employees with over $1.2B in revenue.
The U.S, UK, and Australia imposed a financial sanction on Alexander Ermakov (aka GistaveDore, JimJones, Blade_runner), a Russian national, for their role played in the 2022 ransomware attack against Medibank, a health insurance provider. Akira hit four new victims in a ransomware attack, resulting in data encryption and exfiltration. The victims are:
-
- Wilhoit Properties: An American company involved in property management. There is disclosure on the number of files exfiltrated and the extent of damage caused by the ransomware group.
- Drig Sheet Metal: The attack on the company, whose speciality is providing services to industrial customers, resulted in the exfiltration of data worth 65GB. The exfiltrated files contain detailed projects with drawings, contracts, confidential agreements, and personal and financial information.
- Milstone Environmental Contracting: This company is known for delivering innovative techniques and design, approaching projects in an inclusive, cooperative, and transparent way, and applying methodical quality management processes to get the job done safely and successfully.
- Cryopak: The ransomware group has threatened the release of many passports, driver’s licenses, NDAs, and confidential agreements after the attack on the company. The company is a subsidiary of Integreon Global, previously known as TCP Reliable. Cryopak is famous for providing cold chain solutions to the pharmaceutical, life science, biotech, and food industries.
Kasseika ransomware group is trending for the ability to leverage BYOVD (Bring Your Own Vulnerable Driver) attacks to disarm security on compromised Windows hosts. According to reports, the attack style allows the threat actor to terminate antivirus processes and services for the deployment of ransomware.
Security professionals warn Google Kubernetes Misconfig lets any Gmail account control your clusters. The shortcoming was codenamed Sys:All by Orca, and there is speculation of the possibility of about 250,000 active GKE clusters in the wild being susceptible to the attack vector. Further reports state that the situation results from the misconception that the system:authenticated group in Google Kubernetes Engine includes only verified and deterministic identities, whereas it consists of any Google-authenticated account (even outside the organization).
