Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 24-Jan-2024 23:56:08 JST Kevin Beaumont

   Cyber incident at Equilend

   https://www.bloomberg.com/news/articles/2024-01-24/wall-street-s-stock-lending-tech-firm-goes-down-in-cyberattack?leadSource=uverify%20wall

   https://archive.ph/rxLUX

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 25-Jan-2024 02:35:01 JST Kevin Beaumont

     in reply to

     Bloomberg claim LockBit have caused the cyber incident at Equilend

     https://www.bloomberg.com/news/articles/2024-01-24/wall-street-s-stock-lending-tech-firm-goes-down-in-cyberattack?leadSource=uverify%20wall

     https://archive.ph/H0XaO

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 26-Jan-2024 18:08:12 JST Kevin Beaumont

     in reply to

     Equilend, who process billions of dollars of transactions a day usually, have confirmed their ongoing outage is a result of ransomware. https://equilend.com/press-releases/equilend-cyber-security-incident-frequently-asked-questions/ #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 27-Jan-2024 04:14:47 JST Kevin Beaumont

     in reply to

     Equilend have a blog running for their LockBit ransomware incident.

     They process several trillion dollars a month usually, they've been down for almost 5 days.

     Comes off the back of LockBit encrypting ICBC, the world's largest bank. ICBC were able to recover quickly as they were running Novell Netware, and LockBit didn't have an encryption payload.

     https://equilend.com/press-releases/equilend-cyber-security-incident/ #threatintel

   • Embed this notice
     metlstorm (metlstorm@infosec.exchange)'s status on Saturday, 27-Jan-2024 05:35:56 JST metlstorm

     in reply to

     @GossiTheDog exqueeze me, baking powder, did you say “ICBC were running novell netware” …

     … I. Wow. I legitimately guffawed out loud. Thank you, sir. You have made my day. 💖

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 27-Jan-2024 05:37:29 JST Kevin Beaumont

     in reply to

     Since people are asking about the Netware thing

   • Embed this notice
     Chester Wisniewski (chetwisniewski@securitycafe.ca)'s status on Saturday, 27-Jan-2024 06:20:06 JST Chester Wisniewski

     • metlstorm

     @GossiTheDog @metlstorm I'm surprised this was effective considering many more ransomware crews are doing "remote ransomware", effectively running the encryption on an unprotected device and connecting to the shares over the network. Would work against Netware shares as well as anything else...

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 29-Jan-2024 17:05:25 JST Kevin Beaumont

     in reply to

     Almost a week into their ransomware incident, Equilend are still trying to restore service - nothing has returned yet. #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 06-Feb-2024 18:20:14 JST Kevin Beaumont

     in reply to

     Two weeks since ransomware incident began, Equilend have their client services back online. #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 06-Feb-2024 18:24:36 JST Kevin Beaumont

     in reply to

     Of note with the Equilend incident, they never appeared on the LockBit portal. I confirmed with LockBit that they hit them.. so likely Equilend paid, same as ICBC and Ion Trading did.

     Who runs the world? Ransomware groups.

     #threatintel

   • Embed this notice
     Bálint Szilakszi (szbalint@x0r.be)'s status on Tuesday, 06-Feb-2024 18:30:31 JST Bálint Szilakszi

     in reply to

     @GossiTheDog two weeks is quite impressively fast

   • Embed this notice
     Martin S 🚩❤️✊🍉🇺🇦 (krampus@infosec.exchange)'s status on Monday, 12-Feb-2024 08:13:36 JST Martin S 🚩❤️✊🍉🇺🇦

     in reply to

     @GossiTheDog I can't help but wonder why #tietoevry never ended up on Akira's "news" list either. Maybe Akira didn't fully succeed, or something else hasn't been revealed yet.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 25-Feb-2024 06:57:38 JST Kevin Beaumont

     in reply to

     Equilend have been added to LockBit’s portal. #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 27-Feb-2024 07:45:56 JST Kevin Beaumont

     in reply to

     LockBit have given Equilend another day. #threatintel

   • Embed this notice
     Christoffer S. (nopatience@swecyb.com)'s status on Wednesday, 28-Feb-2024 06:58:06 JST Christoffer S.

     in reply to

     @GossiTheDog Plenty more victims now... guess this has done nothing but embolded him/them and I guess we can expect more eager affiliates to join the ranks for LockBit. Given the absolutely phenomenally massive marketing campaign that was provided to them for free.

     I thought this would end-up with lockbitsup in jail, but if this is not going to be the case.

     The fallout will be bad... really bad me thinks.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 12-Mar-2024 03:30:57 JST Kevin Beaumont

     in reply to

     Equilend confirms employee data was stolen in ransomware attack
     https://www.bleepingcomputer.com/news/security/equilend-confirms-employee-data-was-stolen-in-ransomware-attack/ #threatintel