Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 05-Dec-2024 01:24:06 JST Kevin Beaumont

   RIP the Deloitte UK customer account managers who have to spent the next week copy/pasting the same statement to 1000 clients

   #threatintel #extortion

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 06-Dec-2024 00:07:54 JST Kevin Beaumont

     in reply to

     means tweets

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 09-Dec-2024 22:22:16 JST Kevin Beaumont

     in reply to

     Deloitte press statement on that ransomware group claim: “We are aware of the claims by the threat actor. Our investigation indicates that the allegations relate to a single client’s system which sits outside of the Deloitte network. No Deloitte systems have been impacted.”

     Helio Loureiro repeated this.
   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 15-Dec-2024 20:30:56 JST Kevin Beaumont

     in reply to

     Deloitte are involved in (another?) ransomware incident, it is unclear if this is the Brain Cipher one.

     https://www.reuters.com/technology/cybersecurity/rhode-island-hit-by-data-breach-hackers-demand-ransom-2024-12-15/

     #threatintel #ransomware

   • Embed this notice
     Josh (joshua@aus.social)'s status on Sunday, 15-Dec-2024 20:51:32 JST Josh

     in reply to

     @GossiTheDog one question for you, why are you still on X?

   • Embed this notice
     Josh (joshua@aus.social)'s status on Sunday, 15-Dec-2024 21:09:02 JST Josh

     @GossiTheDog is one of those cross posting bot setups your using?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 24-Dec-2024 02:33:12 JST Kevin Beaumont

     in reply to

     Update, called it - Brain Cipher have renamed their Deloitte ransomware page to Rhode Island

     #threatintel #extortion

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 24-Dec-2024 02:40:51 JST Kevin Beaumont

     in reply to

     They're still trying to blackmail Deloitte (or the state) over this one, they have a pretty incredible rant on the portal along with the security contracts that are supposed to go with the system.

     #threatintel #extortion

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 03-Jan-2025 06:34:26 JST Kevin Beaumont

     in reply to

     Brain Cipher should, in my opinion, just concede defeat on getting a ransom payment and give Rhode Island the decryption info for free as a fuck you to Deloitte and goodwill gesture to Rhode.

     https://therecord.media/rhode-island-data-breach-deloitte

     #threatintel #extortion

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 16-May-2025 22:02:01 JST Kevin Beaumont

     in reply to

     Deloitte supplied a managed service to US state government, it got popped, over 5 months Brain Cipher ransomware group stolen everything, and nobody noticed until they got the ransom note.

     CrowdStrike IR report:

     https://admin.ri.gov/sites/g/files/xkgbur536/files/2025-05/RIBridges%20Investigation%20Summary%20FINAL%20-%20External%20Release.pdf

     #threatintel #extortion

   • Embed this notice
     Kieran L (klittle667@tweesecake.social)'s status on Friday, 16-May-2025 22:10:23 JST Kieran L

     in reply to

     @GossiTheDog I've immediately dismissed anything else in this report. "CrowdStrike’s investigation began on December 16, 2024, and concluded on January 31,
     2024."

   • Embed this notice
     Kieran L (klittle667@tweesecake.social)'s status on Friday, 16-May-2025 22:17:43 JST Kieran L

     @GossiTheDog Because they haven't proofread it properly. It says that they started to investigate on 16/12/2024, and finished on 31/01/2024. ... Still, what a mess.