Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ransomware attack. Show all posts
User Privacy
Cyber Security Legislative Amendment Ransomware attack UK Government User Privacy

UK Government Proposes Mandatory Reporting of Ransomware Attacks

 

The British government's proposals to amend its ransomware strategy marked a minor milestone on Tuesday, when the Home Office issued its formal answer to a survey on modifying the law, but questions remain regarding the effectiveness of the measures. 

The legislative process in the United Kingdom regularly involves public consultations. In order to address the ransomware issue, the Home Office outlined three main policy recommendations and asked for public input in order to support forthcoming legislation. 

The three main policy ideas are prohibiting payments from public sector or critical national infrastructure organisations; requiring victims to notify the government prior to making any extortion payments; and requiring all victims to report attacks to law enforcement.

Following a string of high-profile ransomware incidents that affected the nation, including several that left the shelves of several high-street grocery stores empty and one that contributed to the death of a hospital patient in London, the official response was published on Tuesday, cataloguing feedback for and against the measures.

Despite being labelled as part of the government's much-talked-about Plan for Change, the plans are identical to those made while the Conservative Party was in control prior to Rishi Sunak's snap election, which delayed the consultation's introduction. Even that plan in 2024 was late to the game. 

In 2022, ransomware attacks dominated the British government's crisis management COBR meetings. However, successive home secretaries prioritised responding to small boat crossings of migrants in the English Channel. Ransomware attacks on British organisations had increased year after year for the past five years. 

“The proposals are a sign that the government is taking ransomware more seriously, which after five years of punishing attacks on UK businesses and critical national infrastructure is very welcome,” stated Jamie MacColl, a senior research fellow at think tank RUSI. But MacColl said there remained numerous questions regarding how effective the response might be. 

Earlier this year, the government announced what the Cyber Security and Resilience Bill (CSRB) will include when it is brought to Parliament. The CSRB, which only applies to regulated critical infrastructure firms, is likely to overlap with the ransomware regulations by enhancing cyber incident reporting requirements, but it is unclear how.
Read more »
United States
Cyber Crime Extradition Federal Agency Ransomware attack United States

Armenian Man Extradited to US After Targeting Oregon Tech Firm

 

The Justice Department said Wednesday last week that an Armenian national is in federal custody on charges related to their alleged involvement in a wave of Ryuk ransomware attacks in 2019 and 2020. On June 18, Karen Serobovich Vardanyan, 33, was extradited to the United States from Ukraine. 

On June 20, he appeared in federal court and pleaded not guilty to the allegations. The seven-day jury trial Vardanyan is awaiting is set to start on August 26. The prosecution charged Vardanyan with conspiracy, computer-related fraud, and computer-related extortion Each charge carries a maximum penalty of five years in federal prison and a $250,000 fine. 

Vardanyan and his accomplices, who include 45-year-old Levon Georgiyovych Avetisyan of Armenia and two 53-year-old Ukrainians, Oleg Nikolayevich Lyulyava and Andrii Leonydovich Prykhodchenko, are charged with gaining unauthorised access to computer networks in order to install Ryuk ransomware on hundreds of compromised workstations and servers between March 2019 and September 2020. 

Lyulyava and Prykhodchenko are still at large, while Avetisyan is in France awaiting a request for extradition from the United States. According to authorities, the Ryuk ransomware was widespread in 2019 and 2020, infecting thousands of people worldwide in the private sector, state and local governments, local school districts, and critical infrastructure. 

Among these are a series of assaults on American hospitals and a technology company in Oregon, where Vardanyan is the subject of a trial by federal authorities. Ryuk ransomware attacks have affected Hollywood Presbyterian Medical Centre, Universal Health Services, Electronic Warfare Associates, a North Carolina water company, and several U.S. newspapers. 

Ryuk ransomware operators extorted victim firms by demanding Bitcoin ransom payments in exchange for decryption keys. According to Justice Department officials, Vardanyan and his co-conspirators received approximately 1,160 bitcoins in ransom payments from victim companies, totalling more than $15 million at the time.
Read more »
Ransomwares
Cyber Attacks Data Leak data security Data Theft DragonForce DragonForce Ransomware Group Hacker attack Hacking Group Ransomware attack Ransomware group Ransomwares

Belk Hit by Ransomware Attack as DragonForce Claims Responsibility for Data Breach

 

The department store chain Belk recently became the target of a ransomware attack, with the hacking group DragonForce taking responsibility for the breach. The cybercriminals claim to have stolen 156 GB of sensitive data from the company’s systems in early May. 

JP Castellanos, Director of Threat Intelligence at cybersecurity firm Binary Defense, stated with high confidence that DragonForce is indeed behind the incident. The company, based in Ohio, specializes in threat detection and digital forensics. During an investigation of dark web forums on behalf of The Charlotte Observer, Castellanos found that DragonForce had shared samples of the stolen data online. 

In a message directed at Belk, the group stated that its original aim wasn’t to damage the company but to push it into acknowledging its cybersecurity failures. DragonForce claims Belk declined to meet ransom demands, which ultimately led to the data being leaked, affecting numerous individuals. 

Following the breach, Belk has been named in multiple lawsuits. The complaints allege that the company not only failed to protect sensitive personal information but also delayed disclosing the breach to the public. Information accessed by the attackers included names, Social Security numbers, and internal documentation related to employees and their families. 

The cyberattack reportedly caused a complete systems shutdown across Belk locations between May 7 and May 11. According to a formal notice submitted to North Carolina’s Attorney General, the breach was discovered on May 8 and disclosed on June 4. The total number of affected individuals was 586, including 133 residents of North Carolina. 

The stolen files contained private details such as account numbers, driver’s license data, passport information, and medical records. Belk responded by initiating a full-scale investigation, collaborating with law enforcement, and enhancing their digital security defenses. On June 5, Belk began notifying those impacted by the attack, offering one year of free identity protection services. These services include credit and dark web monitoring, as well as identity restoration and insurance coverage worth up to $1 million. 

Despite these actions, Belk has yet to issue a public statement or respond to ongoing media inquiries. DragonForce, identified by experts as a hacktivist collective, typically exploits system vulnerabilities to lock down company networks, then demands cryptocurrency payments. If the demands go unmet, the stolen data is often leaked or sold. 

In Belk’s case, the group did not list a price for the compromised data. Castellanos advised anyone who has shopped at Belk to enroll in credit monitoring as a precaution. Belk, which was acquired by Sycamore Partners in 2015, has been working through financial challenges in recent years, including a short-lived bankruptcy filing in 2021. 

The retailer, now operating nearly 300 stores across 16 southeastern U.S. states, continues to rebuild its financial footing amid cybersecurity and operational pressures.
Read more »
SafePay ransomware
Cyber Attacks Cyber Outage Global IT Outage IT system Palo Alto Palo Alto Networks Ransomware attack Ransomwares SafePay ransomware

Ingram Micro Confirms SafePay Ransomware Attack and Global IT System Outage

 

Ingram Micro, one of the world’s largest IT distribution and services companies, has confirmed it was targeted in a ransomware attack by the SafePay group, causing major operational disruptions across its global network. The cyberattack, which began early on July 4, 2025, forced the company to take critical internal systems offline and suspend access to platforms such as its AI-powered Xvantage distribution system and the Impulse license provisioning platform. 

The attack came to light after employees discovered ransom notes on their devices. According to cybersecurity outlet BleepingComputer, the notes were linked to the SafePay ransomware operation—an increasingly active threat actor that has claimed over 220 victims since emerging in late 2024. Although the extent of data encryption remains unclear, sources suggest that the attackers likely accessed Ingram Micro’s network via compromised credentials on the company’s GlobalProtect VPN gateway. Initially, 

Ingram Micro refrained from publicly acknowledging the attack, stating only that it was experiencing “IT issues.” Employees in some regions were instructed to work from home, and the company advised against using the VPN service believed to be involved in the breach. 

On July 6, Ingram Micro officially confirmed the ransomware incident. In a statement, the company said it took immediate steps to secure affected systems, brought in cybersecurity experts to investigate, and notified law enforcement agencies. It also assured customers and partners that it was working urgently to restore operations and minimize further disruption. 

By July 8, the company had made significant progress in recovery. Subscription orders—including renewals and modifications—were once again being processed globally, with additional support for phone and email orders reinstated in key markets such as the UK, Germany, Brazil, India, and China. However, some hardware order functions remain limited. 

Palo Alto Network issued a clarification stating that none of its products were the source of the breach. The company emphasized that attackers likely exploited misconfigurations or stolen credentials, not any inherent flaws in the VPN software. 

This breach highlights the increasing sophistication of ransomware groups like SafePay and the risks faced by large IT infrastructure providers. Ingram Micro’s swift containment and recovery response may help mitigate long-term impacts, but the incident serves as a critical reminder of the importance of proactive cybersecurity measures, especially in environments reliant on remote access technologies.
Read more »
stolen employee data
Cybersecurity Incident Data Breach Hunters International leak IdeaLab identity theft protection Ransomware attack stolen employee data

IdeaLab Data Breach Exposes Sensitive Employee Information: Hackers Leak 137,000 Files Online

 

IdeaLab has begun notifying individuals whose personal data was compromised in a cybersecurity incident that occurred last October, when malicious actors infiltrated the company’s network and accessed confidential information.

Although the company did not specify the precise nature of the attack, the breach was claimed by the Hunters International ransomware group, which later published the stolen files on the dark web.

Founded in 1996, IdeaLab is a prominent California-based technology incubator known for launching over 150 companies, including GoTo.com, CitySearch, eToys, Authy, Pet.net, Heliogen, and Energy Vault. As one of the most established venture capital firms in the United States, IdeaLab has driven substantial economic growth, job creation, and investment returns over nearly three decades.

Suspicious activity was first detected on IdeaLab’s systems on October 7, 2024. A subsequent investigation revealed that unauthorized access began three days earlier. To respond, the company engaged external cybersecurity experts to conduct a thorough assessment, which concluded on June 26, 2025.

Investigators confirmed that data belonging to current and former employees, support service contractors, and their dependents had been stolen. In regulatory disclosures, IdeaLab stated that the compromised records included names along with various other sensitive details, though the exact types of data were not fully disclosed.

On October 23, 2024, after what appears to have been a failed extortion attempt, Hunters International published approximately 137,000 files—totaling 262.8 gigabytes. While the download link has since become inactive, security analysts believe other cybercriminals likely retrieved the files prior to removal.

Earlier today, the threat actor announced it was shutting down Hunters International operations, deleting all extortion-related data and offering free decryption keys to victims. However, cybersecurity researchers at Group-IB previously reported that the group had already begun transitioning to a new extortion-focused platform named World Leaks, suggesting this shutdown could be a strategic rebrand.

To help mitigate potential harm, IdeaLab is providing affected individuals with complimentary 24-month access to credit monitoring, identity theft protection, and dark web surveillance services through IDX. Impacted parties must enroll by October 1 to take advantage of these resources.
Read more »
Swiss Government
Data Breach Data Leak Radix Ransomware attack Swiss Government

Swiss Health Foundation Ransomware Attack Exposes Government Data

 

The Swiss government is announcing that a ransomware assault at the third-party company Radix has affected sensitive data from multiple federal offices.

The Swiss authorities claim that the hackers obtained information from Radix systems and then posted it on the dark web. The nation's National Cyber Security Centre (NCSC) is assisting in the analysis of the leaked data to determine which government agencies are affected and to what extent. 

“The foundation Radix has been targeted by a ransomware attack, during which data was stolen and encrypted,” the Swiss government noted. “Radix’s customers include various federal offices. The data has been published on the dark web and will now be analyzed by the relevant offices.” 

Radix is a Zurich-based non-profit focused on health promotion. It operates eight competence centres that carry out projects and services for the Swiss federal government, cantonal and municipal corporations, and other public and private organisations. 

According to the organization's statement, Sarcoma ransomware affiliates penetrated its systems on June 16. Sarcoma is a newly emerging ransomware outfit that began operations in October 2024 quickly became one of the most active, claiming 36 victims in its first month. One notable example was an attack on PCB giant Unimicron. 

Phishing, supply-chain attacks, and outdated flaws are some of the ways Sarcoma gains access. Once RDP connections are exploited, the hackers usually proceed laterally across the network. The threat actor may encrypt the data in addition to stealing it in the final phase of the attack. On June 29, the ransomware outfit uploaded the stolen Radix data on their leak portal on the dark web, most likely after extortion attempts failed. 

Personalised alerts were sent to affected individuals, according to Radix, which also states that there is no proof that critical information from partner organisations was compromised. Radix advises potentially vulnerable users to be on guard over the next few months and to be cautious of attempts to obtain their account credentials, credit card details, and passwords in order to mitigate this risk. 

In March 2024, the Swiss government confirmed it had experienced a similar exposure via third-party software services provider Xplain, which was attacked by the Play ransomware gang on May 23, 2023. As a result of that incident, 65,000 Federal Administration documents were leaked, many of which included private and sensitive data.
Read more »
Ransomwares
Data Breach Data Privacy data security Data Theft Healthcare Data healthcare data breach Healthcare Industry Personal Information Ransomware attack Ransomwares

Horizon Healthcare RCM Reports Ransomware Breach Impacting Patient Data

 

Horizon Healthcare RCM has confirmed it was the target of a ransomware attack involving the theft of sensitive health information, making it the latest revenue cycle management (RCM) vendor to report such a breach. Based on the company’s breach disclosure, it appears a ransom may have been paid to prevent the public release of stolen data. 

In a report filed with Maine’s Attorney General on June 27, Horizon disclosed that six state residents were impacted but did not provide a total number of affected individuals. As of Monday, the U.S. Department of Health and Human Services’ Office for Civil Rights had not yet listed the incident on its breach portal, which logs healthcare data breaches affecting 500 or more people.  

However, the scope of the incident may be broader. It remains unclear whether Horizon is notifying patients directly on behalf of these clients or whether each will report the breach independently. 

In a public notice, Horizon explained that the breach was first detected on December 27, 2024, when ransomware locked access to some files. While systems were later restored, the company determined that certain data had also been copied without permission. 

Horizon noted that it “arranged for the responsible party to delete the copied data,” indicating a likely ransom negotiation. Notices are being sent to affected individuals where possible. The compromised data varies, but most records included a Horizon internal number, patient ID, or insurance claims data. 

In some cases, more sensitive details were exposed, such as Social Security numbers, driver’s license or passport numbers, payment card details, or financial account information. Despite the breach, Horizon stated that there have been no confirmed cases of identity theft linked to the incident. 

The matter has been reported to federal law enforcement. Multiple law firms have since announced investigations into the breach, raising the possibility of class-action litigation. This incident follows several high-profile breaches involving other RCM firms in recent months. 

In May, Nebraska-based ALN Medical Management updated a previously filed breach report, raising the number of affected individuals from 501 to over 1.3 million. Similarly, Gryphon Healthcare disclosed in October 2024 that nearly 400,000 people were impacted by a separate attack. 

Most recently, California-based Episource LLC revealed in June that a ransomware incident in February exposed the health information of roughly 5.42 million individuals. That event now ranks as the second-largest healthcare breach in the U.S. so far in 2025. Experts say that RCM vendors continue to be lucrative targets for cybercriminals due to their access to vast stores of healthcare data and their central role in financial operations. 

Bob Maley, Chief Security Officer at Black Kite, noted that targeting these firms offers hackers outsized rewards. “Hitting one RCM provider can affect dozens of healthcare facilities, exposing massive amounts of data and disrupting financial workflows all at once,” he said.  
Maley warned that many of these firms are still operating under outdated cybersecurity models. “They’re stuck in a compliance mindset, treating risk in vague terms. But boards want to know the real-world financial impact,” he said. 

He also emphasized the importance of supply chain transparency. “These vendors play a crucial role for hospitals, but how well do they know their own vendors? Relying on outdated assessments leaves them blind to emerging threats.” 

Maley concluded that until RCM providers prioritize cybersecurity as a business imperative—not just an IT issue—the industry will remain vulnerable to repeating breaches.
Read more »
User Security
Ahold Delhaize Data Breach Grocery Giant Ransomware attack User Security

2.2 Million People Impacted by Ahold Delhaize Data Breach

 

Ahold Delhaize, the Dutch grocery company, reported this week that a ransomware attack on its networks last year resulted in a data breach that affected more than 2.2 million customers. 

The cybersecurity breach was discovered in November 2024, when numerous US pharmacies and grocery chains controlled by Ahold Delhaize reported network troubles. The incident affected Giant Food pharmacies, Hannaford supermarkets, Food Lion, The Giant Company, and Stop & Shop.

In mid-April 2025, Ahold Delhaize was attacked by the Inc Ransom ransomware organisation. Shortly after, the company acknowledged that the hackers probably stole data from some of its internal business systems.

 Since then, Ahold Delhaize has determined that personal data has been hacked, and those affected are currently being notified. Internal employment records for both current and defunct Ahold Delhaize USA enterprises were included in the stolen files. The organization told the Maine Attorney General’s Office that 2,242,521 people are affected.

The compromised information differs from person to person, however it includes name, contact information, date of birth, Social Security number, passport number, driver's license number, financial account information, health information, and employment-related information. Affected consumers will receive free credit monitoring and identity protection services for two years. 

The attackers published around 800 Gb of data allegedly stolen from Ahold Delhaize on their Tor-based leak website, indicating that the corporation did not pay a ransom. Inc Ransom claimed to have stolen 6 TB of data from the company.

Cyberattacks on the retail industry, notably supermarkets, have increased in recent months. In April, cybercriminals believed to be affiliated with the Scattered Spider group targeted UK retailers Co-op, Harrods, and M&S. 

Earlier this month, United Natural Foods (UNFI), the primary distributor for Amazon's Whole Foods and many other North American grocery shops, was targeted by a hack that disrupted company operations and resulted in grocery shortages. According to UNFI, there is no evidence that personal or health information was compromised, and no ransomware group claimed responsibility for the attack.
Read more »
Subscribe to: Posts (Atom)