Notices by Dissent Doe :cupofcoffee: (pogowasright@infosec.exchange)

The New York Blood Center was already having a blood shortage emergency and then they got hit with a ransomware attack.

Whoever hit them: please, please, please: you are putting more lives at risk every day. Give them a decryptor.

#emergency #blood #ransomware

@GossiTheDog Being explicit that an attack is "ransomware" is only really helpful if we all only call an attack "ransomware" if ransomware is actually deployed and encrypts the victim's files. If there's no encryption of files, maybe we should call it a hack with an extortion attempt. Right now, too many folks use "ransomware" to describe incidents in which nothing's encrypted and I think that creates a wrong impression and may cause even more unease.

Two ransomware groups claimed they attacked Rutherford County Schools. in Tennessee. One leaked sensitive records.

I skimmed the data tranche and found tens of thousands of files with sensitive student information and personnel files. Read more about it here:

https://databreaches.net/2025/01/07/two-ransomware-groups-claimed-they-attacked-rutherford-county-schools-one-leaked-sensitive-records/

#databreach #ransom #EduSec #cybersecurity

@douglevin @brett @funnymonkey

OK, a huge thumbs up to Byte Federal for their breach notification letter. They frankly admit where they screwed up and what happened. I wish more notifications were as clear and straightforward as this one.

https://databreaches.net/2024/12/17/a-positive-example-of-forthright-breach-disclosure/

#databreach #transparency #disclosure #IncidentManagement #IncidentReporting #infosec

How is it that no one has set up the dark web equivalent of archive.org to archive onion sites?

(Translation: a link is dead and I really want to know what data it linked to) :blobnotlike:

Scattered Spider Hacking Gang Arrests Mount With Teen:

Remington Ogletree (aka "Remi") arrested and charged with wire fraud and aggravated identity theft.

This teen had jaw-droppingly bad opsec, and to add to it, he used a crypto laundering service on TG that was actually an undercover FBI operation.

https://databreaches.net/2024/12/05/scattered-spider-hacking-gang-arrests-mount-with-teen/

#ScatteredSpider #FinSec #Telecoms #Hack #phishing #infosec #databreach

#dogsofmastodon #doghair

Russia arrests cybercriminal Wazawaka for ties with ransomware gangs: https://www.bleepingcomputer.com/news/security/russia-arrests-cybercriminal-wazawaka-for-ties-with-ransomware-gangs/

I really do not understand what Russia is doing arresting nationals involved in ransomware. Why are they arresting Matveev now (if at all)? So many Russian threat actors felt safe from prosecution as long as they stayed in Russia and didn't attack Russia or CIS.

Now we have alleged members of REvil awaiting sentences that could be like 7 years, and Matveev being arrested. WTH?

Anyone have any actual info on why Russia is doing this?

#ransomware #Russia #databreach #arrests

So it seems that on November 12 -- the day before Judge Batten was to sentence Robert Purbeck (aka Lifelock), Purbeck filed a pro se motion for the judge to recuse himself. The motion made all kinds of arguments about supposed conflict of interest and wrongdoing, etc. etc.

But the motion didn't get docketed until November 14.

And on November 13, when Judge Batten went to sentence Purbeck, neither Purbeck nor his attorney even mentioned any motion to recuse.

Today the judge ruled on the motion, noting that he had not even been aware of it until this morning, but was denying it on multiple procedural grounds, adding a footnote that "Although denying the motion on procedural grounds, the Court notes that
Purbeck’s motion is littered with factual errors, rendering the motion meritless."

That's such a professional way of saying "he's full of shit." I'll have to remember that one.

#hack #extortion #databreach #healthsec

Idaho man who hacked medical entities and made vile threats sentenced to 10 years in prison:

https://databreaches.net/2024/11/13/idaho-man-who-hacked-medical-entities-and-made-vile-threats-sentenced-to-10-years-in-prison/

This is a case that started because the threat actor, "Lifelock," contacted DataBreaches to try to get DataBreaches.net to report on victims who hadn't paid his ransom demands.

Some of his court filings tried to blame me for the FBI raiding him and seizing his devices. The FBI did their own investigation but yes, it was my reporting that initially made the FBI aware of Robert Purbeck.

#databreach #healthsec #cybersecurity #infosec #extortion

@euroinfosec @campuscodi @gcluley @zackwhittaker

Heads up! New developments -- and arrests -- in law enforcement pursuit of LockBit.

Law enforcement reactivated a previously seized LockBit URL to announce what will be revealed tomorrow. Announcements will include the arrest of what they describe as a major LockBit actor, other LockBit-linked UK arrests, and a member of EvilCorp identified as a LockBit affiliate.

Stay tuned, it seems.

#LockBit30 #NCA #disruption #EvilCorp #ransomware

Threat actors called VANIR Ransomware Group posted a few listings in July. Tonight, their onion site has a seized message:

" THIS HIDDEN SITE HAS BEEN SEIZED
by the State Bureau of Investigation Baden-Württemberg as a part of a law enforcement action taken against Vanir Ransomware Group "

From the press release about the seizure, it sounds like there have been no arrests and the identity of the TAs is not yet known: https://www.presseportal.de/blaulicht/pm/110980/5866617

For more on what Vanir's leak site looked like previously, see Cyjax: https://www.cyjax.com/data-leak-site-emergence-continues-to-increase/

#ransomware #databreach

This seems to be a week for announcing big lawsuit settlements. Here's another big one:

An Oracle lawsuit settlement for $115 million addresses claims that Oracle unlawfully tracked and collected vast amounts of personal information without obtaining proper consent from users and allegedly sold it to third parties for advertising purposes through Oracle’s various advertising products, including ID Graph and Data Marketplace.

Official settlement website: https://www.katzprivacysettlement.com/

If you think you might be an eligible class member, you only have until Oct. 17th to file a claim. See the settlement site for info on who's eligible, etc.

#privacy #consent #Oracle #lawsuit

@campuscodi

The #FTC went after #Blackbaud for its poort security, #databreach in 2020, and incident response. A ton of provisions in the proposed order, but no monetary penalty.

Press release: https://www.ftc.gov/news-events/news/press-releases/2024/02/ftc-order-will-require-blackbaud-delete-unnecessary-data-boost-safeguards-settle-charges-its-lax

Direct link to proposed order: https://www.ftc.gov/news-events/news/press-releases/2024/02/ftc-order-will-require-blackbaud-delete-unnecessary-data-boost-safeguards-settle-charges-its-lax

I like how they included that after paying $250k to the threat actors to get them to delete the data, "The company never verified, however, that the hacker actually deleted the stolen data, according to the complaint."

#EduSec #databreach

@douglevin @funnymonkey

"Based on 481 ransomware attacks from the Dutch police and a Dutch incident response party, we arrive at a number of key insights: Insurance led to a 2.8x higher ransom amount paid, without affecting the frequency of payments. Data exfiltration led to a 5.5 times higher ransom amount paid, without affecting the frequency of payments. Organizations with recoverable backups were 27.4 times less likely to pay the ransom compared to victims without recoverable backups.

Press release: https://www.utwente.nl/nieuws/2024/1/1318314/ut-brengt-besluitvormingsproces-slachtoffers-ransomware-in-kaart#belangrijke-inzichten

Full article by Tom Meurs and colleagues: https://ris.utwente.nl/ws/portalfiles/portal/324702475/Ecrime2023vPREPRINT.pdf

h/t, #politieNL

@allan @brett @lawrenceabrams @ecrime_ch @GossiTheDog

#databreach #ransomware #cyberinsurance #backup #incidentresponse #risk #dataprotection #analyses

Why we need legislation requiring more transparency in breach notices, Saturday edition (Bluefield University):

https://www.databreaches.net/why-we-need-legislation-requiring-more-transparency-in-breach-notices-saturday-edition-bluefield-university/

#EduSec #Transparency #incidentresponse #databreach #cybersecurity #deception #FTC #HHS #OCR #HIPAA #HITECH #GLBA #security

I've listed some elements that I would like to see in legislation. Please add your own thoughts in the comment section under the post or here.

@brett @douglevin @funnymonkey @mkeierleber @BleepingComputer @eff

Today's reminder about the insider threat:

Decade-long data leak raises serious concerns with NTT group:

https://www.asahi.com/ajw/articles/15061345

#databreach #infosec #insider