Hello and welcome to our blog.
We start this week with a series of ransomware attacks in Chile, the Dominican Republic and Argentina. Chile is the latest victim. The country’s Interior Ministry reported last week that a government agency had had its systems and online services disrupted by ransomware targeting Windows and VMware ESXi servers. In the Dominican Republic, the country’s national cybersecurity center said on August 24 that the Dominican Agrarian Institute (IAD) of its Ministry of Agriculture was targeted. He has, so far, refused to pay the $650,000 ransom. Earlier in August, Argentina’s justice system in Córdoba was hit with ransomware, forcing the organization to shut down systems and services.
The Balkan country of Montenegro has also been hit with ransomware, and the hackers are demanding a whopping $10 million. The attack, which targeted its critical infrastructure, struck on August 19. According beeping computer, several government spokesmen initially blamed the incident on “Russian services”. However, the Cuba ransomware gang claimed responsibility for the attack.
The Portuguese public airline TAP Air Portugal is the victim of an attack carried out by the ransomware gang Ragner Locker. First disclosed on August 26, the incident appeared to have been successfully blocked. The company, at the time, said it found no evidence of improper access to customer data. But, on August 31, the Ragnar Locker ransomware gang boasted on its leaked website that the airline’s systems had in fact been hacked and customer data had been exfiltrated.
In the UK, a massive cyberattack on its National Health Service (NHS) has continued to wreak havoc since the incident was announced in early August. This week the NHS announced that some services could be offline for another three months. The attack impacted key services, including those used for patient records and medical notes. As a result, some staff had to rely on pen and paper. It is also likely that it will take months to process the increasing amounts of medical documents.
NATO is investigating the leak of data allegedly stolen from European missile systems company MBDA Missile Systems, which hackers put up for sale on the Dark Web. According to a recent BBC History the data includes blueprints of weapons used by NATO allies during the Ukraine War. MBDA Missile Systems has admitted that its data was stolen but claims that no classified files were part of it. Information was hacked from a compromised external hard drive. The data was leaked to be sold on Russian and English language forums after MBDA refused to pay the nearly $300,000 ransom.
Student loan holders from the Oklahoma Student Loan Authority (OSLA) and EdFinancial received bad news this week about a data breach via Nelnet Servicing. The breach revealed data from 2.5 million student loan accounts. The data was exposed after hackers hacked technology service provider Nelnet Servicing. The company was raped, which began in June, lasted until July 22. The breach was discovered on August 17.
Top Global Security News
safety week (September 1, 2022) Ransomware attacks target government agencies in Latin America
Several government agencies in Latin America have been the target of ransomware attacks in recent months, and the latest victims are Chile and the Dominican Republic.
Chile’s Interior Ministry reported last week that a government agency had had its systems and online services disrupted by ransomware targeting Windows and VMware ESXi servers. The ransomware encrypted files on compromised systems and renamed them with the .crypt extension.
The targeted agency appears to be Sernac, the country’s National Consumer Service, which provides consumer rights protection. The organization disclosed the incident on August 25.
Chilean authorities have released some Indicators of Compromise (IoCs) and, based on available information, SecurityWeek believes the incident involved the relatively new RedAlert ransomware, also known as N13V.
safety week (September 1, 2022) Ransomware gang claims customer data stolen in TAP Air Portugal hack
Ransomware gang Ragnar Locker claims to have exfiltrated customer data in a cyberattack on Portuguese national airline TAP Air Portugal.
The incident was first disclosed on August 26, when TAP announced on Twitter that it had successfully foiled the cyberattack before the threat actor could access customer data.
“TAP was the target of a cyberattack, which is now blocked. Operational integrity is guaranteed. No facts were found that would allow us to conclude that there was improper access to customer data. The website and app still show some instability. Thank you for your understanding,” the company said.
On August 31, however, the Ragnar Locker ransomware gang boasted on its leaked website that the airline’s systems had in fact been hacked and customer data had been exfiltrated.
BBC News (31 Aug 2022) Advanced cyber-attack: NHS doctors’ paperwork piling up
Doctors say it could take months to deal with growing piles of medical documents caused by an ongoing cyber attack on an NHS provider.
An out-of-hours GP said patient care was badly affected as staff entered a fourth week of taking care notes with pen and paper.
The ransomware attack against software and services provider Advanced was first spotted on August 4.
The company says it could take another 12 weeks for some services to come back online.
beeping computer (August 29, 2022) Nelnet Servicing breach exposes data from 2.5 million student loan accounts
The data of more than 2.5 million people with student loans from the Oklahoma Student Loan Authority (OSLA) and EdFinancial has been exposed after hackers broke into the systems of technology service provider Nelnet Servicing.
Nelnet Servicing’s technology services, including a web portal, are used by OSLA and EdFinancial to give students who contract online access to their loan accounts.
During June, unidentified intruders compromised Nelnet Servicing and remained on its systems until July 22. The hackers likely compromised the company’s network after exploiting a vulnerability.
dark reading (August 29, 2022) NATO investigates dark web leak of data stolen from missile supplier
NATO is investigating the leak of data allegedly stolen from a European missile systems company, which hackers put up for sale on the Dark Web, according to a published report.
The leaked data includes blueprints for weapons used by Ukraine in its current war with Russia.
Integrated defense company MBDA Missile Systems, headquartered in France, has admitted that data from its systems is part of the cache sold by threat actors on hacker forums after what appears to be a ransomware attack. .
Other cybersecurity stories