Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Inc ransomware. Show all posts
Personal Data Breach
Cyberattacks Data Breach Data breaches attacks Data Leak data security INC Ransom gang Inc ransomware Library Personal Data Breach

Pierce County Library System Data Breach Exposes Information of Over 340,000 People

 

A cyber attack on the Pierce County Library System in the state of Washington has led to the compromise of personal data of over 340,000 people, which is indicative of the rising threat of cybersecurity breaches being posed to public services. This attack has impacted library services in the entire county, along with library users and staff. The incident was made known to the public through breach notification letters published on the website of the Pierce County Library System. 

The incident, as revealed in the notification letters, occurred when the library system detected the incident on April 21 and decided to shut all library systems in an effort to control the breach. The library system conducted an investigation that confirmed the breach had taken place. 

The library network was also able to identify that the exfiltration of data from individuals who utilized or were part of the institution was successful on May 12. It was established that the hackers had access to the network from April 15 to April 21. Access to sensitive information was gained and exfiltrated during this time. The level of information that was vulnerable varied depending on who was targeted. 

The data that was breached for the benefit of the library patrons included names and dates of birth. Though very limited compared to the data for employees, this data is still significant for use in identity-related fraud. The breach had severe implications for current and former employees who worked within the library system. The data that was stolen for them included Social Security numbers, financial accounts, driver’s license numbers, credit card numbers, passports, health insurance, and certain data related to medical matters. 

This particular ransomware assault would later be attributed to the INC ransomware gang, which has been responsible for a number of highly detrimental attacks on government bodies over 2025. The gang has previously conducted attacks on bodies such as the Office of the Attorney General of Pennsylvania and a countrywide emergency alert service used by local authority bodies. This type of situation is not the first that has occurred on the level of Pierce County. 

In the year 2023, Pierce County was the victim of a ransomware attack on the public transit service that the community utilized heavily because the service was used by 18,000 riders on a daily basis. Public library networks have become a common target for ransomware attacks in recent years. This is because cybercriminals also perceive public libraries as high-stakes targets since community members depend on them for internet access to their catalogs and other digital services, creating a challenge where an organization may feel pressured into paying a ransom demand to resume operations. Such attacks also include national and city library networks in North America. 

The current threat environment has led to calls for developing targeted programs within the government in the United States that would evaluate risks for libraries' cybersecurity environments. This involves enhancing data sharing related to cyber attacks and providing libraries with more support and advanced services from firewalls that target libraries specifically. 

The increasing digitization efforts by libraries as government institutions further solidify that a breach such as that which Pierce County experienced is a reminder that a continued investment in cybersecurity measures is a necessity.
Read more »
Ransomwares
Cyber Attacks Defense Hacker attack Inc ransomware IT Systems IT systems breach Military Data NATO Ransomwares

Hungarian Defence Agency Hacked: Foreign Hackers Breach IT Systems

 

Foreign hackers recently infiltrated the IT systems of Hungary’s Defence Procurement Agency, a government body responsible for managing the country’s military acquisitions. According to Gergely Gulyas, the chief of staff to Hungarian Prime Minister Viktor Orban, no sensitive military data related to Hungary’s national security or its military structure was compromised during the breach. Speaking at a press briefing, Gulyas confirmed that while some plans and procurement data may have been accessed, nothing that could significantly harm Hungary’s security was made public. The attackers, described as a “hostile foreign, non-state hacker group,” have not been officially identified by name. 

However, Hungarian news outlet Magyar Hang reported that a group known as INC Ransomware claimed responsibility for the breach. According to the outlet, the group accessed, encrypted, and reportedly published some files online, along with screenshots to demonstrate their access. The Hungarian government has refrained from confirming these details, citing an ongoing investigation to assess the breach’s scope and potential impact fully. Hungary, a NATO member state sharing a border with Ukraine, has been increasing its military investments since 2017 under a modernization and rearmament initiative. 

This program has seen the purchase of tanks, helicopters, air defense systems, and the establishment of a domestic military manufacturing industry. Among the notable projects is the production of Lynx infantry fighting vehicles by Germany’s Rheinmetall in Zalaegerszeg, a region in western Hungary. The ongoing conflict in Ukraine, which began with Russia’s 2022 invasion, has further driven Hungary to increase its defense spending. The government recently announced plans to allocate at least 2% of its GDP to military expenditures in 2024. Gulyas assured reporters that Hungary’s most critical military data remains secure. 

The Defence Procurement Agency itself does not handle sensitive information related to military operations or structural details, limiting the potential impact of the breach. The investigation aims to clarify whether the compromised files include any material that could pose broader risks to the nation’s defense strategy. The breach raises concerns about the cybersecurity measures protecting Hungary’s defense systems, particularly given the escalating reliance on advanced technology in modern military infrastructure. With ransomware attacks becoming increasingly sophisticated, governments and agencies globally are facing heightened pressure to bolster their cybersecurity defenses. 

Hungary’s response to this incident will likely involve a combination of intensified cybersecurity protocols and ongoing collaboration with NATO allies to mitigate similar threats in the future. As the investigation continues, the government is expected to release further updates about the breach’s scope and any additional preventive measures being implemented.
Read more »
Vice Society
American healthcare cyberattack Cyber Security Inc ransomware ransomware-as-a-service Vice Society

Vice Society Shifts to Inc Ransomware in Latest Healthcare Cyberattack

 

Ransomware incidents are increasing, with a recent attack targeting American healthcare institutions by a well-known cybercrime group.

Vice Society, also known as Vanilla Tempest by Microsoft, has been active since July 2022. This Russian-speaking group has utilized various ransomware strains in its double extortion tactics, including BlackCat, Hello Kitty, Quantum Locker, Rhysida, Zeppelin (including a custom version), and its own proprietary ransomware.

In a series of updates on X, the Microsoft Threat Intelligence Center (MSTIC) highlighted the group's latest weapon: Inc ransomware.

"Vanilla Tempest is one of the most active ransomware operators that MSTIC monitors," said Jeremy Dallman, MSTIC's senior director of threat intelligence. "While they have been targeting healthcare for some time, their recent adoption of the Inc ransomware payload marks a significant shift as they increasingly engage with the broader ransomware-as-a-service (RaaS) ecosystem."

Although Vice Society targets multiple industries, including IT and manufacturing, it is primarily known for its campaigns against education and healthcare. This aligns with broader cybersecurity trends. According to Check Point Research, healthcare remains the most frequently targeted sector by ransomware. In fact, healthcare organizations worldwide face an average of 2,018 attacks per week, representing a 32% increase compared to the previous year.

Cindi Carter, Check Point's CISO for the Americas, explains the appeal to cybercriminals. "Healthcare organizations are often plagued by outdated legacy technology and bureaucratic hurdles, making them easy targets. Additionally, the data these organizations collect is highly valuable," she states. "A medical record is one of the most identifiable pieces of digital information about a person, second only to a fingerprint."

In its recent healthcare exploits, Vice Society gained initial access through systems already compromised by the Gootloader backdoor. The group subsequently deployed tools such as the Supper backdoor, AnyDesk’s remote monitoring software, and MEGA’s data synchronization service—both legitimate products. They utilized Remote Desktop Protocol (RDP) for lateral movement and exploited Windows Management Instrumentation (WMI) to drop Inc ransomware within infected networks.

Inc ransomware has been operational since last summer, making headlines for attacking large organizations, including Xerox and Scotland's National Health Service (NHS). Jason Baker, a threat intelligence consultant with GuidePoint Security, notes that the organized nature of Inc ransomware affiliates sets them apart.

"The most distinct aspect of Inc affiliates is their systematic approach during the negotiation process," Baker says, drawing from his own experiences. "They don’t make off-the-cuff remarks or resort to empty threats. Everything is methodical."

Baker likens it to the difference between a well-planned bank robbery and a spontaneous street mugging. "You can tell when someone has put serious thought into their attack and knows exactly what they're doing," he adds.

According to a report from Dark Reading, Inc’s malware recently leaked details about its encryption methods, potentially giving defenders an advantage. However, Baker warns that the reality is far more nuanced, especially in the healthcare sector.

"If an organization realizes it can recover data without needing a decryptor, it reduces their incentive to pay the ransom," he explains. "But the situation becomes more complex in double extortion scenarios, especially when sensitive personally identifiable health information (PHI) or intellectual property is involved. That’s why double extortion remains effective—it adds pressure, even if recovery is possible."
Read more »
Subscribe to: Comments (Atom)