AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/24/2023

HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance

The HardBit ransomware emerged in October 2022, with version 2.0 launched in late November. In a blog post published on Monday, data security company Varonis reported seeing samples of the malware throughout the rest of 2022 and into 2023.  Organizations hit by the HardBit ransomware have their files encrypted and the cybercriminals also claim to steal victims’ data, although they currently do not appear to have a website where they name targets and leak their data. The ransom note dropped on compromised systems does not specify how much the victim has to pay to recover its files. Instead, the targeted company is instructed to contact the hackers through email or the Tox instant messaging platform. 


Vanderbilt apologizes for using ChatGPT in email on Michigan shooting

Officials at Vanderbilt University apologized for using an AI chatbot to write a consoling email to students after a mass shooting at Michigan State University. The message went out last week from the office of equity, diversity and inclusion at the Peabody College of Education and Human Development, reported the Vanderbilt Hustler, the student newspaper. The message said the Michigan shooting, in which three students were killed, was a reminder of the importance of creating an inclusive environment. “One of the key ways to promote a culture of care on our campus is through building strong relationships with one another,” the brief message said.


Russian national accused of developing, selling malware appears in U.S. court

ARussian national accused of developing and licensing the “NLBrute” malware and selling at least 35,000 compromised logins appeared in a Florida federal court on Tuesday facing charges of conspiracy, access device fraud and computer fraud. Dariy Pankov, also known as “dpxaker,” was arrested in the Republic of Georgia on Oct. 4, 2022 and was recently extradited to the United States, U.S. Attorney Roger B. Handberg said in a statement Wednesday. Pankov faces a maximum of 47 years in federal prison if convicted on all counts, Handberg said.


Student Medical Records Exposed After LAUSD Breach

On Feb. 22, the education news site The 74 Million revealed that the hacking group Vice Society had posted hundreds, if not thousands, of psychological evaluations of special education students in the Los Angeles Unified School District (LAUSD). The leaked information reportedly includes personal information like names, diagnoses, family immigration status, and allegations of physical and sexual abuse. Local outlets have followed up with great reporting of their own. But you’d never know anything was happening if you looked at LAUSD’s online presence.


Firms Who Pay Ransom Subsidise 10 New Attacks: Report

Just 10% of ransomware victims pay their extorters, but those who do are effectively funding 6-10 new attacks, Trend Micro has warned. The security vendor used data science techniques to analyze data from multiple sources, including detection telemetry, network infrastructure, blockchain transactions, underground forums, chat logs and more. Its resulting report, What Decision-Makers Need to Know About Ransomware Risk, claimed that those who decide to pay usually do so quickly, to avoid severe disruption to their infrastructure and services. More than half did so within 20 days. However, given the low numbers who do pay, they’re generally being forced to stump up more cash more per compromise.


Ransomware Attack Forces Produce Giant Dole to Shut Down Plants

In a statement posted on its website on Wednesday, Dole said it was dealing with a cybersecurity incident involving ransomware. The company has contacted law enforcement and external cybersecurity experts to help it address and investigate the attack. The Ireland-based company said the impact to its operations has been limited but, according to reports, the Dole ransomware attack has caused problems for some stores. One grocery store in Texas informed customers on Facebook that the Dole ransomware attack caused a shortage in prepackaged salads. On February 17, the company made public a memo received from Dole in which the vendor explained that it was forced to shut down plants “for the day” and put all shipments on hold. 

Related Posts