It simply goes to show that users should never download software from a third-party website or marketplace.
The cybersecurity researchers at Jamf discovered that cybercriminals are trojanizing legitimate Mac software apps with malware and uploading them to The Pirate Bay and other pirated software sites, where users download them and unknowingly infect their devices. The attackers use XMRig cryptojacking malware to execute the XMRig utility.
For your information, XMRig is a command-line cryptominer. It isn’t new on Mac, as Trend Micro analyzed a sample in February 2020. This tool is used for legitimate purposes, but its open-source, adaptable design has made it a popular choice among threat actors.
The newly discovered XMRig implementation was disguised as Final Cut Pro, Apple’s video editing software. Attackers used the Invisible Internet Project (I2P) in both iterations of XMRig for outbound communication, raising confusion about whether the infections were connected or part of something larger.
The malicious version of Final Cut Pro is unauthorized by Apple. It executes XMRig in the background. When it wasn’t initially dubbed as malicious by any security mechanism on VirusTotal, from Jan 2023 onwards multiple vendors detected the malware. Still, most of the malicious apps remain undetected.
Researchers from Jamf searched for the malware source on The Pirate Bay and found one with a matching hash to the trojanized version and a series of Apple Mac apps, including Logic Pro and Photoshop.
It is worth noting that all apps were uploaded to The Pirate Bay by the user called “wtfisthat34698409672.” Moreover, they found numerous versions of Final Cut Pro.
All malicious apps for macOS have been uploaded by “wtfisthat34698409672.” (Screenshot credit: Jamf)
“We suspected that the Mach-O sample arrived packaged in a DMG (an Apple image format used to compress installers) for Adobe Photoshop CC 2019 v20.0.6. However, the parent file was not successfully sourced.”
Jamf
Further probing revealed three generations of malware—the first generation started in August 2019 and was a standard malware implementation. The second generation started in April 2021 and wasn’t detected by VirusTotal until February 13, 2023. This version was different as there were additional hidden files, but no persistence mechanism was noted.
Instead, the malware opened with the app and stopped functioning when the app was closed. The third generation had greater stealth features, as there weren’t any hidden executables, but only one large binary with base64-encoded components and LZMA compression.
New versions of these malicious Mac apps started appearing on The Pirate Bay within just 24 hours of Apple’s app update releases and were disguised as legitimate processes.
Researchers state that this isn’t a typical malware campaign and is more like a methodology for delivering malware. Still, users should beware of trojanized apps and avoid downloading software from unknown sources.
Android TV comes in a variety of different devices. From set-top boxes, to HDMI dongles, and even actual TVs. So here we are to bring you the best Android TV devices that are currently available.
For those that are not aware, Android TV is Google’s TV operating system based on Android. This is great because all of your favorite apps from your smartphone are available on your TV. In addition to that, you also get the Google Assistant and Cast, so you can literally put anything on your TV.
Best Android TV Devices
In this list, you’ll find the best Android TV devices from companies like NVIDIA, TiVo, Xiaomi, Sony, TCL and many others. All of which make some really great Android TV devices, that can be had for as little as $50. Making them very inexpensive.
Google unveiled the new Chromecast with Google TV last month, and it quickly became one of our favorite streaming devices. That is because it brings all the familiarity of Android TV, to a smaller dongle, with an actual remote. Which is something the Chromecast was always missing.
Chromecast with Google TV runs Android TV, but it has a new user interface on-top called Google TV. Which works extremely well. It makes it much easier to find something to watch, and the recommendations will get better over time. Additionally, it has a “Live” tab for YouTube TV (other streaming live TV services will be added in the future, apparently), which makes it easy to see what is live on TV right now. Without jumping into the app, which can be a bit slower.
The remote has all the buttons you’d want, including buttons to control your TV. Which makes the Chromecast with Google TV incredible, and worth buying.
Walmart has been working to build out its own electronics brand – onn. – and it now has an Android TV set-top box available. Which is actually pretty cheap, at about $20. It does do 4K but not 4K HDR. Which is great, since most 4K devices are closer to $50.
It is regular Android TV, so you’re going to get access to all of your favorite apps on Android TV. That includes Netflix, Hulu, Amazon Prime Video, YouTube and much more. There’s also support for Google Assistant here.
Google’s entry-level Chromecast is actually the cheapest Chromecast the company has ever put out. At just $29.99, it’s really competing with Roku and Fire TV here. The major difference between this and the original Chromecast with Google TV that is $49, is the resolution. As the name indicates, this one only does up to 1080p resolution, while the older Chromecast with Google TV does 4K.
As the name indicates, this does also run on Google TV. That’s Google’s newer TV platform, which has hundreds of thousands of apps to choose from. Including some of your favorites like Netflix, Freevee, Hulu, YouTube and much more. Google also has some really good recommendations here.
The Xiaomi Mi TV Stick is the best Android TV streaming device on the market right now. Though there aren’t many competitors to choose from. It doesn’t do 4K though, so if you want 4K, check out the NVIDIA SHIELD TV listed below.
This stick from Xiaomi does the absolute bare minimum for Android TV, and that’s not a bad thing. It’s keeping things simple. As mentioned, it does 1080p only, it has a gigabyte of RAM and 8GB of storage as well. Which should keep it decently speedy.
With Android TV running on the Xiaomi Mi TV Stick, you’re going to be able to watch all of your favorite movies and TV shows here. From apps like YouTube, Sling TV, Fubo TV, Disney+, Hulu, Netflix and much more.
The NVIDIA SHIELD TV Pro is the best streaming device for gamers, because it is also a gaming console and works with GeForce Now. So you can play your favorite PC games on the big screen.
This runs on Android TV, as you might have expected, and that allows it to run a bunch of great apps. Like Fubo TV, Netflix, YouTube TV, Hulu, Disney+, HBO MAX and much more. There are hundreds of thousands of games available on the NVIDIA SHIELD TV Pro.
Of course, with it running on Android TV, you also get the Google Assistant here. So you can control your smart home products from your TV, find something to watch and much more.
The Sony A9G is a BRAVIA OLED TV, and it’s the latest model from the company. With this being an OLED TV, you’re going to get a really great picture. With the blacks actually being black, and colors are just going to be more true to life, compared to an LCD or LED TV.
Sony also worked with a number of movie producers to fine-tune the display on the A9G, so that it delivers the best picture quality possible. With X-Reality PRO, you are getting images upscaled to 4K clarity, even if it is being streamed in 1080p or less. Sony has support for Dolby Vision as well as IMAX Enhanced, which is going to give you a total cinematic experience.
There is Android TV built into this TV, so you are going to have access to thousands of great Android apps. This includes Netflix, Google Play Movies & TV, Hulu, YouTube, Sling TV, Amazon Prime Video and much more. The Google Assistant is on-board and there is also support for Amazon Alexa.
What makes this the best Android TV available is the fact that it has the best picture quality available, and Sony also gave Android TV enough power to run smoothly in this TV. Instead of slow and buggy like it is in other TVs on the market, that have Android TV built-in.
The Hisense U8G is a really great Android TV for the gamers out there. That is because it does have an HDMI 2.1 port and supports [email protected] gaming. That’s a big deal for the PlayStation 5 and Xbox Series X consoles.
Additionally, it has the Quantum Dot Wide Color Gamut supported. So you’re going to get over 1 billion true-to-life colors with this TV. It does have HDR, and supports IMAX Enhanced. IMAX Enhanced allows the TV to bring the cinema experience home. As it is able to combine digitally remastered 4K HDR content and DTS audio technologies with the best consumer products and streaming platforms.
The TiVo Stream 4K is currently the cheapest way to get Android TV onto your TV set at home. It comes in at just $35, which is really impressive for what you’re getting here. And best of all, the remote only has one sponsored button, and it’s for Netflix. One that most people likely won’t mind.
TiVo has included it’s own guide of what’s on TV here, and you can also see what’s on Live TV through the TiVo Stream. It’s similar to the Google TV interface that Google introduced in late 2020, but with a touch of TiVo included.
Don’t forget that the TiVo Stream 4K is also capable of running 4K HDR content and it also supports Dolby Vision.
This is a budget Android TV model from TCL. Coming in at less than $150. It’s a 32-inch Full HD TV. So you’re not getting 4K nor HDR here. But for this price, you can’t expect to get that.
Instead, you still get all of your favorite Android apps, as well as Google Assistant and Google Cast included. And soon it’ll get updated to the Google TV interface.
During yesterday’s PlayStation State of Play livestream, Sony showed off a handful of new games coming to PS VR2 this year, including Before Your Eyes. Originally released for PC (you can pick it up on Steam right now for $9.99), Before Your Eyes is a narrative adventure that takes you back through your life through a series of blinks. In the game, you blink, and you jump forward in time to a later part of your life.
One super cool detail here is that you will actually be blinking when playing Before Your Eyes on PS VR2 and the headset will track it. So when you open your eyes again a split second later you’ll progress to a new scene. It’s a small detail but it should make the game feel a lot more immersive. Which, is bound to make it more enjoyable for players.
PS VR2 provides a new way to play Before Your Eyes
Since the game is already available on Steam, it’s obviously not the first time people have been able to play it. It is however the first time you’ll be able to play it without controller inputs. You will of course need the controllers to start the game. But once you begin playing, blinking is essentially your main control. And if you think about it, that’s kind of a neat way to lay out the game’s narrative.
Really, it feels like Before Your Eyes was made for VR. Even if it wasn’t intentionally designed for VR initially. The game’s launch is still a couple of weeks away. But it is available to pre-order right now. And if you’re PlayStation Plus subscriber, you can save some money. Bringing the standard price down from $14.99 to $13.49. You can also check out the game’s PS VR2 launch trailer below.
According to a Mozilla analysis, the majority of the top apps’ data privacy labels on the Google Play Store are false or deceptive.
“Google Play Store’s misleading Data Safety labels give users a false sense of security. Honest nutrition labels help us eat better. It’s time we have honest data safety labels to help us better protect our privacy”, Jen Caltrider, Project Lead, Mozilla
TikTok and Twitter do not share your personal information with third parties, contrary to what the Data Safety labels in the Google Play Store would have you believe.
Nonetheless, the privacy rules of the apps clearly mention that they share user data with platforms, advertisers, ISPs, and a wide range of other companies.
“In nearly 80 percent of the apps reviewed, Mozilla found that the labels were false or misleading based on discrepancies between the apps’ privacy policies and the information apps self-reported on Google’s Data Safety Form”, reports Mozilla.
See No Evil 🙈
The Researchers behind #privacynotincluded have unearthed some pretty egregious discrepancies between Google Play Store’s Data Safety Labels and the privacy policies of 40 of the store’s top apps.
Researchers have determined that the system falls short of assisting users in making more informed decisions regarding their privacy prior to making a purchase or downloading one of the 2.7 million apps available on the store.
Misleading Data Safety Labels on the Google Play Store
The 20 most popular paid apps and the 20 most popular free apps on the Google Play Store were compared for the study’s privacy policies and labeling. Afterward, a rating of “Poor,” “Needs Improvement,” or “OK” was given to each app.
It gave a “Poor” rating to 40% of the examined apps, including Facebook, Twitter, and Minecraft, since their Data Safety Forms contained discrepancies.
Notably, only 15% of apps, including Candy Crush Saga, Google Play Games, and others, received an “Ok” rating because their privacy policies closely matched their disclosures, while 37.5% of apps, including YouTube, Google Maps, Gmail, WhatsApp Messenger, TikTok, and Instagram, were rated as “need improvement”.
While Terraria, League of Stickman Acti, and UC Browser – Safe, Fast, Private did not complete the form, three other apps did.
“Consumers care about privacy and want to make smart decisions when they download apps. Google’s Data Safety labels are supposed to help them do that. Unfortunately, they don’t. Instead, I’m worried they do more harm than good,” said Jen Caltrider.
“When I see Data Safety labels stating that apps like Twitter or TikTok don’t share data with third parties it makes me angry because it is completely untrue. Of course, Twitter and TikTok share data with third parties. Consumers deserve better. Google must do better.”
The Data Safety form has flaws that make it simple for apps to offer false information. Additionally, Google releases itself from the obligation to validate the information given by apps by noting in its Data Safety Labeling that apps “are responsible for providing complete and accurate declarations,” according to the report.
“The history of nutrition labeling shows that it’s possible to create a standardized system that becomes part of the cultural fabric and makes a positive difference in people’s daily lives,” said Caltrider
Recommendation
Mozilla suggests that Google and Apple implement a global, standardized data privacy system on their platforms as a solution to the issue.
Mozilla also urges the companies to take more responsibility for assuring the accuracy of the data the applications disclose and to clarify and expand their enforcement action against apps.
DNA Diagnostics Center, a leading DNA testing company, failed to protect client data it inherited from another company it acquired years before.
DNA Diagnostics Center (DDC), an Ohio-based private DNA testing company, last week reached a settlement deal with the Ohio and Pennsylvania state attorneys general in relation to a 2021 breach that saw the theft of 45,000 residents‘ personal details. Overall the attack compromised over 2.1 million customers who had undergone genetic testing across the US.
The company will pay a total fine of $400,000 for Ohio and Pennsylvania—and has promised to tighten its information security.
What happened in the 2021 breach
When DDC acquired Orchid Cellmark, a British company also in the DNA testing industry, as part of its business expansion in 2012, the company didn’t know that it also inherited legacy databases that kept personally identifiable information (PII) in plain text form. According to court documents, “the Breach’s impacted databases, containing sensitive personal information, were inadvertently transferred to DDC without its knowledge. Moreover, DDC asserts it was not aware that these legacy databases existed in its systems at the time of the Breach—more than nine years after the acquisition.”
DDC said it conducts both inventory assessment and penetration testing on its systems. But since it was unaware of the unused databases, they were not included during the tests as the assessments focused only on those with active customer data.
In May 2021, one of DDC’s MSPs (managed service providers) began sending automated alerts over a two-month period about suspicious activities within its network. Court documents didn’t reveal why DDC didn’t act on the alerts, but three months after, the same MSP notified DDC again, this time about Cobalt Strike malware activity in its network. This triggered the company’s incident response plan.
According to the investigation, an attacker logged into the old VPN (virtual private network) that DDC used before migrating to a new one using a compromised employee account. It’s not known how this account ended up in the attacker’s hands, but they were able to harvest Active Directory (AD) credentials from a domain controller, a server providing security authentication for users. Weeks after, the attacker used a test account with administrator privileges to establish persistence in the now-compromised environment. They then unleashed Cobalt Strike.
In the following weeks, the attacker accessed five servers and copied 28 databases. They then exfiltrated data from DDC using a decommissioned server. Finally, in September, the attacker contacted DDC to extort payment for all the data they had. The company paid up to have all copied data deleted.
No threat group has owned up to the attack.
The Commonwealth took issue with DDC engaging in “deceptive or unfair business practices by making material misrepresentations in its customer-facing privacy policy concerning the safeguarding of its customers’ personal information.” Evidence of this was when DDC “disseminated, or caused to be disseminated” statements in its Privacy Policy, stating the company is committed to protecting the information of its clients. Yet, the Commonwealth alleges it “failed to employ reasonable measures to detect and prevent unauthorized access to its computer network,” leading to the compromise of Pennsylvanians’ data.
“Negligence is not an excuse for letting consumer data get stolen,” said Ohio Attorney General Dave Yost in a statement. Acting Attorney General Michelle Henry added, “The more personal information these criminals gain access to, the more vulnerable the person whose information was stolen becomes.”
Terms of settlement
DDA is required to develop an information security program that is “reasonably designed” to protect user data. An employee or third-party service provider with appropriate credentials and expertise must be assigned to oversee the prram.
The company is also ordered to conduct comprehensive annual risk assessments of its networks where sensitive client data are stored, maintain an asset inventory, create and implement an incident response plan, and remove any assets that are not used or necessary for business purposes.
Lastly, DDA must create and implement security measures for the overall protection of personal data it stores, including regularly updating software, controlling user access (such as the use of two-factor authentication), conducting network penetration testing, segmenting the network, and maintaining a central log management system, among others.
The infosec program must be developed and implemented within 180 days (six months).
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
The Sony Xperia 5 V has just surfaced online with the Snapdragon 8 Gen 2 SoC, and 16GB of RAM. Needless to say, these are immensely powerful specs. The device appeared on Geekbench, and the listing revealed some additional details.
The Sony Xperia 5 V is coming with Snapdragon 8 Gen 2 & 16GB of RAM
The phone appeared with the ‘Sony XQ-DQ72’ model number. It managed to score 1,439 points in the single-core, and 5,071 points in the multi-core test. Do note that this may be a pre-production unit, though.
The listing reveals that Android 13 will come pre-installed on the device. Other than that, and the SoC and RAM info, nothing else got revealed on Geekbench. This is plenty to go on, though.
The Sony Xperia 5 V will be smaller than the flagship Xperia 1 V. The Xperia 5 IV included a 6.1-inch display, and something similar is expected here. Considering its clean software, and high-end specs, this phone may appeal to those of you who want a more compact device.
The Sony Xperia 5 V will compete with the likes of the Galaxy S23, and the upcoming ASUS ZenFone 10 this year, presuming that ASUS sticks to a compact form factor. Those will be the three high-end compact devices out there.
We’re not sure when will the device launch, though
The thing is, we don’t know when will this handset arrive. The Xperia 5 III launched in April 2021, while the Xperia 5 IV arrived in August 2022. So your guess is as good as ours. Also, Sony usually takes its sweet time to make a phone available to purchase after it launches.
We do hope that the company will change its ways this year. Sony’s smartphones are appealing in their own right, so it would be nice to see them arrive sooner this time around.
Plenty of iPhone 15 and iPhone 15 Pro info surfaced recently, and some graphic info came from 9to5Mac. The site first shared the iPhone 15 Pro CAD-based renders, and then showed us the iPhone 15 and iPhone 15 Pro side-by-side. The same source is now back to show us what a “special edition” iPhone 15 Pro will look like in its dark red color.
The iPhone 15 Pro will be available in a “special edition” dark red color
As many of you know, iPhone tends to offer its ‘Pro’ model in a special edition color every year. Well, this time around, it seems like that color will be dark red. 9to5Mac partnered up with Ian Zelbo to show us what the phone will look like.
If you check out the image below, you’ll see a mock-up of the device, based on CAD renders, and with a very dark red color applied to it. The color hex of $410D0D was used here, but the final product may look a bit different, of course.
The standard iPhone 15 models may arrive in either a light blue, or a pink color
What about the standard iPhone 15 models, the iPhone 15 and iPhone 15 Plus? Well, the source says that Apple is testing light blue and pink colors (shown below the paragraph). It is noted that it’s still very early, and Apple could change its mind.
What is interesting is that Apple is rumored to switch to Titanium this year, for the Pro models. It will allegedly replace stainless steel with titanium. So it will be interesting to see what will the final product look like.
The entire iPhone 15 series is expected to arrive in September, as per usual. We do already have plenty of information on the changes we can expect, though. All iPhone 15 products will include a Type-C port at the bottom, and a Dynamic Island too.
The iPhone 15 Pro series devices will include thinner bezels this time around, and a frame made out of Titanium. The iPhone 15 vanilla model may actually have a slightly larger display than the iPhone 15 Pro this time around, a 6.2-inch panel vs a 6.1-inch one.
There’s a new malware roaming free online right now. It hijacks people’s social media accounts, steals login credentials, and mines cryptocurrencies using people’s devices, reports TechRadar.
New malware exploits users’ YouTube and Facebook account
The info comes from researchers from Bitdefender’s Advanced Threat Control Team (ATC), which found a new strain of malware named S1deload Stealer. The malware tries to avoid being detected by antivirus programs by using DLL sideloading. In the second half of 2022, malicious users were able to infect hundreds of users.Bitdefender products detected more than 600 unique users infected with this malware between July and December 2022, Dávid Ács, a researcher from Bitdefender, stated.
The malware needs to be downloaded and run by the victims themselves. It was hidden in archives (.zip files) that allegedly had adult content. When the victims downloaded and run the “content”, they didn’t find what they were looking for but instead got their devices infected with an infostealer.
Here’s what this malware is capable of. First, it can download a headless Chrome browser that runs in the background. It opens YouTube vids and Facebook posts and rakes up views. It can also download and run an infostealer that decrypts login credentials saved in browsers, as well as session cookies.
When it comes to a Facebook account, it tries to analyze it. It looks for whether the account administrates any Facebook pages or groups, if it pays for ads, or if it’s linked to a business manager account. All in all, you can imagine this makes the account even more valuable.
And then it can go ahead and download, install, and run a cryptocurrency miner. It mines the BEAM cryptocurrency for hackers. By the way, the hacker can also use the stolen credentials to spam on social media and try to infect even more machines.
A more techy explanation of the malware’s actions can be found on Bleeping Computer’s article. The moral of the story: don’t download shady things from the internet.
There has been an emergence of a new security threat that has been causing havoc among the Asian shipping and medical laboratory industries.
It’s a never-before-seen threat group dubbed Hydrochasma, actively targeting the shipping and medical organizations that are engaged in research and treatment of the COVID-19 vaccine.
Symantec, a company under Broadcom, has been monitoring the activities of cybercriminals since October of last year. Their ultimate aim seems to be the acquisition of valuable information.
Modus Operandiof Attack
Hydrochasma’s modus operandi is unique in that they employ open-source tools and LotL techniques during their attacks. This enables them to carry out their malicious activities without leaving behind any traces that could potentially expose their identity.
This method of operation poses a challenge to those attempting to track and attribute the attacks to specific threat actors.
The origin and affiliation of this threat actor have not been determined, nor has any evidence yet been collected as to its origin.
The utilization of pre-existing tools seems to serve a dual purpose for Hydrochasma:-
To evade attribution efforts
To enhance the stealthiness of their attacks
By leveraging these tools, they can mask their activity and blend in with legitimate network traffic, making it more challenging for security experts to detect and respond to their malicious activities.
Attack Chain
Most likely, Hydrochasma infected its host with a phishing email in order to spread its infection. Initial signs of Hydrochasma’s presence on a targeted system are often indicated by the appearance of a lure document, with a file name that is crafted to appear as if it were an email attachment written in the native language of the victim organization.
This is an attempt to deceive the target into thinking that the document is legitimate and relevant to their work. Here below we have mentioned those attachment names:-
Product Specification-Freight-Company Qualification Information wps-pdf Export.pdf[.]exe
University-Development Engineer[.]exe
Once the attacker gains access to a machine, they utilize this access to deploy a Fast Reverse Proxy (FRP), which has the potential to expose servers that are located behind a firewall to the public web.
Tools Used
Here below we have mentioned all the tools that are dropped by the intruder on the affected system:-
Gogo scanning tool
Process Dumper (lsass.exe)
Cobalt Strike Beacon
AlliN scanning tool
Fscan
Dogz proxy tool
SoftEtherVPN
Procdump
BrowserGhost
Gost proxy
Ntlmrelay
Task Scheduler
Go-strip
HackBrowserData
It is extremely difficult to relate the activity to any specific threat group when a large number of publicly available tools are used.
There was no evidence that any data was taken from any of the targeted computers by Hydrochasma according to researchers from Symantec. Hydrochasma on the other hand utilizes certain tools that allow remote access to the system, which could result in data being extracted from the system.
This attack appears to have been motivated by a mission to gather intelligence, as indicated by the sectors targeted.
The Lehigh Valley Health Network stated it was the target of a cybersecurity attack by a ransomware gang known as BlackCat
In a statement issued Monday morning, Lehigh Valley Health Network said it had been the target of a cyberattack attributed to a ransomware gang known as BlackCat. The Network is made up of 13 hospital campuses, as well as other health facilities, and is based in Pennsylvania.
BlackCat
The ransomware-as-a-service (RaaS) group BlackCat, also known as ALPHV and Noberus, is currently one of the most active groups, and has been associated with Russia. In our recent February ransomware review it came in second after Lockbit, based on the number of known attacks.
In December, 2022, the Office of Information Security and Health Sector Cybersecurity Coordination Center issued an extensive Analyst Note which identified BlackCat as a “relatively new but highly-capable” ransomware threat to health care providers.
BlackCat uses double extortion and sometimes triple extortion to make victims pay the ransom. That means that besides encrypting files, the gang also threaten to publish the stolen data on a so-called “leak site”, and at times, threaten their victims with DDoS attacks.
The attack
According to the health network, the attack targeted the network supporting Delta Medix, a physician practice in Lackawanna County. The unauthorized activity was detected on February 6, 2023 and involved a computer system used for patient images for radiation oncology treatment and other sensitive information.
The health network is investigating the full scope of the attack, but says services have not been disrupted, although its websites seem to be offline for the moment. It was unable to say yet whether any specific patient’s personal or sensitive information was compromised, but promised to inform any affected individuals if it discovers that was the case.
No ransom
The Lehigh Valley Health Network said it has refused to pay a ransom, but did not disclose the demanded amount. According to the US Department of Health and Human Services (HHS) The BlackCat group has demanded ransoms as high as $1.5 million in previous cybersecurity attacks against the healthcare sector.
Dr. Brian Nester, the health network’s president and CEO said:
“BlackCat demanded a ransom payment, but LVHN refused to pay this criminal enterprise. We understand that BlackCat has targeted other organizations in the academic and health care sectors. We are continuing to work closely with our cybersecurity experts to evaluate the information involved and will provide notices to individuals as required as soon as possible. Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident.”
Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware.
Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
Write an incident response plan. The period after a ransomware attack can be chaotic. Make a plan that outlines how you’ll isolate an outbreak, communicate with stakeholders, and restore your systems.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
