In March, a new ransomware called Eldorado emerged, targeting victims in the US across various industries. The cybercriminals behind Eldorado are actively promoting their malicious service on forums and seeking partners to join their program. The ransomware can encrypt both Windows and Linux systems using different variants and unique encryption algorithms. It also deletes shadow … Read more
The Change Healthcare ransomware attack in February was initiated through compromised credentials for a Citrix remote access portal, lacking multi-factor authentication as per UnitedHealth Group CEO Andrew Witty’s recent testimony. The threat actors gradually escalated within the system to extract data before deploying ransomware nine days later. Witty defended his decision to pay a $22 … Read more
Law and Human Rights Minister Yasonna Laoly confirmed that immigration data services are secure on Amazon Web Service following a cyberattack. The data remains in AWS and is safe from leaks. The Ministry of Law and Human Rights’ immigration services were transferred to AWS after disruptions caused by a ransomware attack. President Joko Widodo tasked … Read more
The RansomHub ransomware has added a Linux encryptor targeting VMware ESXi environments. Initially emerging in February 2024, RansomHub has quickly risen to become the fourth most prolific ransomware operator in recent months. Symantec experts suspect it is a variant of the Knight ransomware, which targeted multiple platforms before being shut down in February 2024. The … Read more
Ransomware gangs are targeting companies using vulnerable Citrix Netscaler devices to breach networks, steal data, and encrypt files. The Citrix Bleed vulnerability (CVE-2023-4966) is being exploited in these attacks, affecting organizations like Toyota Financial Services and Industrial and Commercial Bank of China. Researchers like Kevin Beaumont are tracking these incidents. In other news, the BlackCat … Read more
The RansomHub ransomware operation, launched in February 2024, targets VMware ESXi environments in enterprise attacks. It is a ransomware-as-a-service (RaaS) operation linked to other ransomware groups and has affected over 45 victims in 18 countries. A specialized ESXi variant of RansomHub was discovered by Recorded Future in April 2024, showing overlaps with the now-defunct Knight … Read more
A recent report from Nutanix’s sixth annual global Healthcare Enterprise Cloud Index (ECI) survey revealed that healthcare organizations consider advanced AI to be both a priority and a challenge. This survey polled IT decision-makers in healthcare organizations worldwide to gauge enterprise progress with cloud adoption, hybrid multicloud models, ransomware, sustainability, and AI. The report highlighted … Read more
Nutanix recently announced new features in the Nutanix Cloud Platform to strengthen cyber resilience against ransomware attacks on unstructured data. These features, available in Nutanix Data Lens and Nutanix Unified Storage solutions, allow organizations to detect a threat, defend against further damage, and initiate a 1-click recovery process within 20 minutes of exposure. With ransomware … Read more
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a critical security flaw in Citrix NetScaler ADC and Gateway appliances. The vulnerability, known as Citrix Bleed (CVE-2023-4966), allows attackers to bypass password requirements and MFA, gaining access to user sessions and elevated permissions. Despite Citrix addressing the issue, it became a zero-day exploit as … Read more
Aerospace company Boeing recently experienced a ransomware attack and has shared details with the cybersecurity agency CISA. This move is seen as historic for a company of Boeing’s size. The advisory, published on November 22, includes tactics, techniques, and procedures provided by the FBI and other agencies. CISA director Jen Easterly praised Boeing for its … Read more