Connect with us

Malware

Urgent: INC Ransom Demands Skyrocket as 3TB of Stolen NHS Scotland Data Faces Potential Leak

Cybercriminals using the ‘Inc Ransom’ malware are threatening to leak 3TB of stolen data from NHS Scotland if a ransom is not paid. The ransomware pretends to be a Windows 10 upgrade, infecting users’ systems and encrypting their files.

Published

on

Imagine waking up one day to find that your personal medical records, including sensitive information like psychological reports and analysis results, have been leaked online. This nightmare scenario is what many people in Scotland are currently facing. The INC Ransom extortion gang is threatening to publish a massive three terabytes of data they claim to have stolen after breaching the National Health Service (NHS) of Scotland.

In a chilling message, the cybercriminals shared multiple images containing medical details and warned that they would leak the data “soon,” unless the NHS pays a ransom. This is a stark reminder of the ever-present danger that cyberattacks pose to our lives, and the need for robust cybersecurity measures to protect our most sensitive information.

A Growing Threat to Public and Private Organizations

INC Ransom is a data extortion operation that emerged in July 2023 and has targeted organizations in both the public and private sectors. Victims include education, healthcare, and government organizations, as well as industrial entities like Yamaha Motor. The group is known for targeting organizations that hold large amounts of sensitive data, making them particularly dangerous and disruptive.

Reports about a cybersecurity incident disrupting NHS Scotland services first appeared on March 15, which is likely when the attack occurred. The threat actor published several sample documents with sensitive information about doctors and patients, demonstrating their access to the stolen data and the seriousness of the situation.

Only a Single Regional Health Board Affected

Thankfully, the Scottish Government has confirmed that the cyberattack impacts only NHS Dumfries and Galloway, one of the regional health boards that make up NHS Scotland. They stated, “This incident remains contained to NHS Dumfries and Galloway and there have been no further incidents across NHS Scotland as a whole.”

As the government works with multiple entities, including the health board, Police Scotland, and other agencies (e.g., National Crime Agency, National Cyber Security Centre) to determine the impact of the breach, they are also assessing the potential implications for individuals affected by the leak.

Meanwhile, NHS Dumfries and Galloway has confirmed that a ransomware group leaked clinical data relating to a small number of patients. This leak was the result of the cyberattack that occurred two weeks ago, during which the attackers compromised the organization’s IT systems and accessed a significant amount of data, including patient and staff-identifiable information.

A Deplorable Act and the Importance of Cybersecurity

NHS Dumfries and Galloway Chief Executive Jeff Ace expressed his disgust at the release of confidential patient data, stating, “This information has been released by hackers to evidence that this is in their possession.” He added that patient-facing services are operating normally, and the organization is working with the police and the National Cyber Security Center (NCSC) to respond to the situation.

All patients who had their information leaked online will be informed directly by the NHS so they can take appropriate measures to protect themselves. This incident serves as a stark reminder of the importance of strong cybersecurity measures and the need for organizations to constantly stay vigilant against emerging threats.

Take Action to Protect Yourself

As we see more and more cyberattacks targeting sensitive data, it’s crucial for individuals and organizations to take cybersecurity seriously. If you’re concerned about the security of your personal information or your organization’s data, don’t wait for a cyberattack to remind you of the importance of cybersecurity. Reach out to us at IT Services for guidance and support on protecting your data and safeguarding your digital assets.

Together, we can build a more secure digital world and prevent incidents like the NHS Scotland breach from happening again. So, don’t hesitate – contact us today and let’s work together to make your digital life safer and more secure.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Nexperia Chipmaker Confirms Explosive Data Breach Following Ransomware Gang’s Sinister Leak

Chipmaker Nexperia suffered a cyberattack as ransomware group ‘Grief’ leaked the company’s data. The breach exposed sensitive files, including employee information. Nexperia is working closely with law enforcement and external cybersecurity experts to investigate the incident and mitigate any potential impacts on its partners and customers.

Published

on

Picture this: a leading Dutch chipmaker, Nexperia, experiences a major cyber attack, forcing it to shut down its IT systems and launch an investigation to assess the damage. It’s a real-life scenario that unfolded in March 2024 when hackers breached the company’s network, and a ransomware gang claimed responsibility, leaking samples of supposedly stolen data.

Nexperia is no small fish in the tech pond. As a subsidiary of Chinese company Wingtech Technology, it operates semiconductor fabrication plants in Germany and the UK, producing a staggering 100 billion units that range from transistors and diodes to MOSFETs and logic devices. Employing 15,000 specialists and boasting an annual revenue of over $2.1 billion, this is a company that has a lot to lose.

Immediate Response and Investigation

Upon discovering the unauthorized access to its IT servers, Nexperia released a statement detailing its swift response. The company took action by disconnecting the affected systems from the internet, containing the incident, and implementing extensive mitigation measures.

It didn’t stop there, though. Nexperia enlisted the help of third-party experts and FoxIT to investigate the nature and scope of the breach. Furthermore, the company reported the incident to the police and data protection authorities in the Netherlands.

Enter Dunghill Leak

On April 10, the extortion site ‘Dunghill Leak’ announced its breach of Nexperia, claiming to have stolen a whopping 1 TB of confidential data. The site leaked samples of allegedly stolen files, including microscope scans of electronic components, employee passports, non-disclosure agreements, and more. It’s important to note, however, that the authenticity of these samples has not been confirmed by Nexperia.

So, what’s at stake? If the ransom demand isn’t met, Dunghill claims it will leak a vast array of sensitive data, such as design and product data, engineering data, commercial and marketing data, corporate data, client and user data, and various files and miscellaneous data, including email storage files. Some big-name brands like SpaceX, IBM, Apple, and Huawei are potentially at risk.

The Dark Angels Connection

Dunghill Leak is linked to the Dark Angels ransomware gang, which uses the data leak site to pressure attacked organizations into paying a ransom. In September 2023, we reported that Dark Angels breached building automation giant Johnson Controls and encrypted the company’s VMWare and ESXi virtual machines. The gang threatened to publish the stolen data on the Dunghill Leak website, but it never materialized.

As of now, the Dunghill Leak extortion site lists twelve victims, with data for eight either fully or partially released, while two are marked as ‘sold on the dark web.’

Stay Informed and Stay Protected

The Nexperia breach is yet another reminder of the importance of cybersecurity in today’s technologically driven world. By staying informed about the latest cyber threats, you can better protect yourself and your organization.

If you’re curious to learn more about cybersecurity and how it affects you, don’t hesitate to contact us. Keep coming back for more insights and updates on the ever-evolving world of cybersecurity. We’re here to help you stay safe in the digital age.

Continue Reading

Malware

Cisco Duo Alert: Third-Party Data Breach Unveils SMS MFA Logs – Protect Your Privacy Now!

Cisco Duo has warned customers of a third-party data breach that exposed SMS multi-factor authentication (MFA) logs, potentially compromising user security. Learn about the breach, its implications, and how to safeguard your accounts using MFA methods.

Published

on

Imagine this: you’re using a highly secure multi-factor authentication (MFA) service like Cisco Duo to protect your business, and then you find out that hackers have accessed your VoIP and SMS logs. Sounds like a nightmare, right? Well, that’s precisely what happened to some Cisco Duo customers recently.

What Went Wrong?

Cisco Duo, an MFA and Single Sign-On service used by companies for secure access to their networks and applications, serves over 100,000 customers and handles more than a billion authentications every month. But even this security giant wasn’t immune to a cyberattack on one of its telephony providers.

On April 1, 2024, an unnamed provider responsible for handling Cisco Duo’s SMS and VoIP MFA messages fell victim to a breach. The hackers obtained employee credentials through a phishing attack, gaining access to the provider’s systems and subsequently downloading SMS and VoIP MFA message logs associated with specific Duo accounts between March 1 and March 31, 2024.

What Information Was Compromised?

Thankfully, the hackers didn’t access the content of the messages or use their access to send messages to customers. However, the stolen logs did contain data that could be exploited in targeted phishing attacks to obtain sensitive information, like corporate credentials. This data included employee phone numbers, carrier information, location data, dates, times, and message types.

How Has the Situation Been Handled?

Upon discovering the breach, the affected provider immediately invalidated the compromised credentials, analyzed activity logs, and notified Cisco. They also implemented additional security measures to prevent similar incidents in the future.

Cisco Duo received all of the exposed message logs from the vendor, which customers can request by emailing [email protected] to better understand the breach’s scope, impact, and appropriate defense strategies.

What Should You Do If You’re Impacted?

If you’re one of the customers affected by this breach, it’s crucial to be vigilant against potential SMS phishing or social engineering attacks using the stolen information. Cisco’s Data Privacy and Incident Response Team advises contacting affected users and advising them to be vigilant and report any suspected social engineering attacks.

Additionally, it’s essential to educate your users on the risks posed by social engineering attacks and investigate any suspicious activity.

Not an Isolated Incident

This breach isn’t an isolated event. Last year, the FBI warned that threat actors were increasingly using SMS phishing and voice calls in social engineering attacks to breach corporate networks. In 2022, Uber experienced a similar breach after a threat actor performed an MFA fatigue attack on an employee and then contacted them on WhatsApp, pretending to be IT help desk personnel.

Although Cisco has not disclosed the supplier’s name or the number of customers impacted by this incident, it serves as a stark reminder that no system is entirely immune to cyberattacks. Stay vigilant, educate your users, and always be on the lookout for suspicious activity.

Stay Informed and Protected with Our IT Services

Don’t let your business become another statistic in the ever-growing list of cyberattack victims. Keep coming back to learn more about the latest threats and how to protect your company. And if you need assistance with your cybersecurity strategy, don’t hesitate to contact us – we’re here to help.

Continue Reading

Malware

Hacker Exposes Massive Giant Tiger Data Breach, Unleashes 2.8M Records Online

A hacker claims to have breached the Canadian retail chain Giant Tiger, leaking 28 million records online, including customers’ personal data. The hacker, known as ‘ZeroTwo’, shared a sample of the stolen data on a popular hacking forum, with details like names, addresses, and phone numbers. Giant Tiger has not yet confirmed the breach.

Published

on

Canadian retail chain Giant Tiger disclosed a data breach in March 2024.

A threat actor has now publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers.

Data breach monitoring service HaveIBeenPwned has added the leaked database to its website to make it easy for users to check if their information was compromised.

The discount store chain operates over 260 stores and employs 8,000 people across Canada.

2.8 Million Customer Records Leaked Online

On Friday, we noticed a post titled “Giant Tiger Database – Leaked, Download!” surfacing on a hacker forum.

The threat actor behind the post claims to have uploaded the “full” database of Giant Tiger customer records stolen in March 2024.

“In March 2024, the Canadian discount store chain Giant Tiger Stores Limited… suffered a data breach that exposed over 2.8 million clients,” states the threat actor.

“The breach includes over 2.8 million unique email addresses, names, phone numbers, and physical addresses.”

The stolen data in the dump, claims the threat actor, additionally includes the “website activity” of Giant Tiger customers.

“I finally opened 60 of the 60 pages of the database section!” replied one forum member to the post, with others requesting to preview a sample of the data set. The threat actor obliged and posted a small snippet.

The data set has been leaked essentially for free. Although the download link to the set has to be unlocked by spending “8 credits,” such credits are typically trivially generated by forum members by, for example, commenting on existing posts or contributing new posts.

Threat actors often breach companies and steal sensitive data to blackmail them and extort money. Failing successful extortion, a threat actor may deliberately leak the stolen data online or sell it off on dark web marketplaces to buyers interested in conducting identity theft and phishing attacks.

Breach Caused by a Third-Party Vendor

We have not verified the authenticity of the data set, however, we did reach out to Giant Tiger with questions regarding the leak.

Without commenting on the authenticity of the leaked data, a spokesperson responded:

“On March 4, 2024, Giant Tiger became aware of a security concern related to a third-party vendor we use to manage customer communications and engagement,” a Giant Tiger spokesperson told us.

“We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation.”

“No payment information or passwords were involved.”

Giant Tiger declined to share the name of the third-party vendor in question.

Records Added to HaveIBeenPwned

As of April 12th, the leaked data set has been added to the “Have I Been Pwned?” database.

HaveIBeenPwned (HIBP) is a free online service that allows users to check if their data was compromised in known data breaches.

The number of breached records associated with this incident added to the HIBP database is 2,842,669, with the service stating that 46% of these records were already in its database.

Giant Tiger customers should be wary of any suspicious emails or incoming communications that claim to be from the retailer. These could very likely be targeted phishing attempts from threat actors.

Although no payment information or passwords were exposed in this breach, signing up for an identity monitoring service could be beneficial to customers in preventing them from becoming victims of identity theft.

To stay informed and protected, keep coming back to learn more about cybersecurity and how it impacts you. Don’t hesitate to contact us if you have any questions or concerns about your online security.

Continue Reading

Trending