Reports of NHS data being exposed following a ransomware attack on U.K.-based data capture and storage company Stor-a-File are incorrect, an NHS Digital spokesperson tells ISMG. "Most NHS data was held offline and not affected in the Stor-a-File hack."
MediaMarktSaturn Retail group, a German multinational chain of stores, has confirmed to ISMG that it has suffered a ransomware attack. It is reported that the attack was perpetrated by threat group Hive and has affected store operations in the Netherlands, Belgium and Germany.
The Federal Bureau of Investigation has issued a notification warning to private sector companies, especially those listed or in the process of being listed on stock exchanges, to be aware of ransomware actors using their undisclosed merger and acquisition data for extortion.
Threat group FIN7 has set up a website posing as a security company to recruit talent, according to fraud intelligence company Gemini Advisory. The aim of the scam was to lure security researchers who could help the group with penetration testing-related activities to enable ransomware attacks.
Researchers at cybersecurity firm Trend Micro have observed the adoption of a new franchise-based business model by ransomware operators that moves away from the traditional ransomware-as-a-service model. Operators now rebrand a "supplier" ransomware before deployment.
Microsoft, in its annual threat review report, Digital Defense, says 58% of cyberattacks worldwide over the past year originated in Russia. And 92% of the Russia-based threat activity came from the nation-state threat group Nobelium.
The Mēris botnet, responsible for huge waves of DDoS attacks recorded by cybersecurity firms Qrator Labs and Cloudflare, is still active, using "abandoned" MikroTik routers. The attack signatures saw a spike of 21.8 million requests per second, exploiting a vulnerable version of MikroTik RouterOS.
Olympus, a Japanese company that manufactures optics and reprography products, reports that a portion of its IT system in the EMEA region was affected by a "potential cybersecurity incident." While Olympus has not identified an attacker, some reports suggest it is the BlackMatter ransomware gang.
Ireland's cybercrime police, the Garda National Cyber Crime Bureau, have conducted a "significant disruption operation" targeting the IT infrastructure of a cybercrime group, seizing multiple domains used in a May ransomware attack that disrupted Ireland’s national health services provider.
Local officials with the city of Rolle, located near Lake Geneva in Switzerland, have acknowledged that they initially misjudged the impact of a recent ransomware attack that reportedly led to the leak of residents' data on the darknet.
The Cybersecurity and Infrastructure Security Agency is warning organizations to immediately patch the ProxyShell vulnerabilities in Microsoft Exchange email servers because security researchers say ransomware gangs are exploiting these flaws.
Security researchers are tracking several ransomware gangs that are attempting to exploit a series of bugs in Microsoft Windows collectively called "PrintNightmare." Meanwhile, Microsoft has published an out-of-band alert about another zero-day flaw related to the PrintNightmare vulnerabilities.
The RansomEXX gang reportedly hit Taiwan-based computer hardware maker Gigabyte last week with a ransomware attack that temporarily shut down its website and other internal services. The attackers have now reportedly threatened to leak 112GB of business data if a ransom is not paid.