Virginia Museum of Fine Arts

https://www.securityweek.com/virginia-museum-shuts-down-website-amid-it-breach

Exploit: Ransomware

Virginia Museum of Fine Arts: Art Museum

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.822=Moderate

A system security breach prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation in late November 2021. The museum, an independent agency of the state, said the Virginia Information Technologies Agency detected an intrusion by an unauthorized third party to the museum’s environment in late November. An investigation is underway, and a temporary website has been established.

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector including non-profits and cultural institutions.

 

 

McMenamins

https://www.kgw.com/article/news/local/mcmenamins-ransomware-attack/283-dc039d56-cf82-4f06-8862-c2f6223e3893

Exploit: Ransomware

McMenamins: Hotel and Restaurant Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612=Severe

Family-owned hotel and restaurant chain McMenamins received an unwelcome holiday gift: ransomware. The company says that it has had to shut down credit card point-of-sale systems and corporate email but can still serve customers. The Conti ransomware group is thought to be responsible but the group has not claimed responsibility. The popular chain of restaurants, pubs, breweries and hotels is located in the Pacific Northwest: specifically, Washington and Oregon. The company has announced that it is working with the FBI and a third-party cybersecurity firm to investigate the attack.

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Companies that may be holding financial data and PII for clients will be attractive targets for ransomware groups.

 

 

The Oregon Anesthesiology Group (OAG)

https://www.zdnet.com/article/oregon-medical-group-notifies-patients-of-cybersecurity-breach-says-fbi-seized-hellokitty-accounts/

Exploit: Ransomware

The Oregon Anesthesiology Group (OAG): Medical Care Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.717= Severe

The Oregon Anesthesiology Group (OAG) disclosed that a ransomware attack in July led to the breach of sensitive employee and patient information. The company said it was contacted by the FBI on October 21 and informed that the Bureau had seized an account that contained OAG patient and employee files from Ukrainian ransomware group HelloKitty. The FBI also told OAG that the Bureau believes the group exploited a vulnerability in OAG’s third-party firewall to gain entry to its network.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802=Severe

The information of 750,000 patients and 522 current and former OAG employees was impacted in this incident. Patient information potentially involved in this incident included names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers. Cybercriminals also potentially accessed current and former OAG employee data, including names, addresses, Social Security numbers and other details from W-2 forms. OAG will provide victims of the incident 12 months of Experian identity protection services and credit monitoring.

Customers Impacted: Unknown

How It Could Affect Your Business: Medical centers and providers can have big scores of data that are attractive to cybercriminals.

 

 

Superior Plus

https://www.darkreading.com/attacks-breaches/propane-distributor-hit-with-ransomware

Exploit: Ransomware

Superior Plus: Propane Distributor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.229 = Severe

Canadian propane distributor Superior Plus has fallen victim to a ransomware attack. The company announced that it was subject to a ransomware incident on Sunday, December 12, 2021, which impacted its computer system, resulting in the company temporarily disabling some computer systems and applications as it investigates this incident. The company is in the process of bringing these systems back online. The statement goes on to say that it has no evidence that the safety or security of any customer or other personal data has been compromised. Superior Plus supplies propane gas to more than 780,000 customers in the US and Canada, a hot commodity during the winter season.

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted:

How it Could Affect Your Business: Infrastructure targets have been very attractive to cybercriminals looking for quick ransom payments to restore essential services.

 

 

Brazil – Ministry of Health (MoH)

https://www.zdnet.com/article/brazilian-ministry-of-health-hit-by-second-cyberattack-in-less-than-a-week/

Exploit: Ransomware

Ministry of Health (MoH) – National Government Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.107= Extreme

Brazil’s Ministry of Health (MoH) suffered not one but two ransomware attacks in the last week, seriously impacting its operations. The agency was still in the process of recovering from a ransomware attack on 12/10 when they were hit again on 12/13. In the initial attack, all of MoH’s websites, including ConecteSUS, which tracks the trajectory of citizens in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app. The Lapsus$ Group has claimed responsibility for the first attack, claiming that it has stolen some 50TB worth of data. The department was quick to assure the public that it has the relevant data backed up. The second attack set recovery back, preventing Brazil’s platform that issues COVID-19 vaccine certificates, ConecteSUS , from coming back online as scheduled. Ministry officials said that the second attack had been unsuccessful and that no data had been compromised in that incident, but it had affected that timeline for recovery. The National Data Protection Authority (ANPD) is also working on the case and has contacted the Institutional Security Office and the Federal Police to collaborate with the investigations.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Getting hit with multiple attacks in a short period of time could be a death blow to many organizations.

 

 

Ireland – Coombe Hospital

Exploit: Hacking

Coombe Hospital: Medical Center

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.711 = Moderate

The Coombe Hospital announced that it has been hit by a ransomware attack that has impacted its IT systems. The hospital stated that it had isolated and locked down its IT services on a precautionary basis.  The maternity and infants’ hospital said that services are continuing as normal and no disruptions to patient care are expected. The HSE is assessing whether this will have a broader impact on the health service.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Targets in the medical sector have been getting absolutely pounded by ransomware since the start of the global pandemic.

 

 


Greece – VulcanForged

https://www.vice.com/en/article/4awxep/hackers-steal-dollar140-million-from-users-of-crypto-gaming-company

Exploit: Ransomware

VulcanForged: Cryptocurrency Gaming Company

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.7684 = Severe

Hackers stole around $135 million from users of the blockchain gaming company VulcanForge. Blockchain games appear chiefly designed as vehicles to buy and sell in-game items linked to NFTs using PYR. VulcanForge creates games such as VulcanVerse, which it describes as an MMORPG and an online card game called Berserk. Hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, VulcanForge’s token that can be used across its ecosystem, with an estimate $135 million in value.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Any operation that handles or stores cryptocurrency is at a very high risk for trouble. This is the third cryptocurrency outfit to be hit by hackers this month

 

 

Australia – Finite Recruitment

https://www.zdnet.com/article/nsw-government-casual-recruiter-suffers-ransomware-hit/

Exploit: Ransomware

Finite Recruitment: Staffing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223 = Severe

IT recruitment firm Finite Recruitment has confirmed it experienced a cyberattack in October 2021 that resulted in some of the company’s data getting stolen and published on the dark web. The Conti ransomware group listed Finite Recruitment as a victim on its dark web leak site, claiming to have acquired 300GB of the company’s data. Finite Recruitment services several NSW government agencies as well as private clients.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.015 = Severe

An estimated 38,000 employees and up to 80,000 government employees may have had their data exposed and that data may include financial data, contracts, customer databases with phone numbers and addresses, contracts with employees’ passport details, phone numbers, mail correspondence, and other information.

Customers Impacted: Unknown

How it Could Affect Your Business: Cybercriminals are always on the hunt for big troves of personal and financial information and companes that store it are at a high risk for ransomware.