Latest news with #BrainCipher

Boston Globe

Cyberattacker accessed R.I.'s benefits system five months before state officials discovered the hack

During those months, the hacker 'interacted with several archive files, as well as various user files and folders on systems,' according to the nine-page executive summary of the investigation, before making a 'large outbound transfer' in November. Advertisement However, through its review, CrowdStrike was unable to determine how the hacker 'gained access to the credentials used to authenticate to the VPN' or if the system's multi-factor authentication system was bypassed somehow, according to the summary. Get Rhode Map A weekday briefing from veteran Rhode Island reporters, focused on the things that matter most in the Ocean State. Enter Email Sign Up No hacker activity has been reported in the system since the investigation began on Dec. 16, the review found. CrowdStrike finished its investigation on Jan. 31. The full report has been withheld by state officials. Still, the short summary released Thursday provided the first publicly released details on how exactly the cyberattack unfolded before McKee alerted the public in December. McKee is holding a press conference at 10 a.m. to further discuss the findings. Advertisement The breach ultimately left The state first learned of the attack on Dec. 5, but did not reveal the issue to the public until Emails obtained by the Globe show officials from the Department of Administration, HealthSource Rhode Island and Department of Human Services mobilized a team to deal with the hack on Dec. 6. The majority of the communications between the date of discovery and when McKee told the public were redacted by the state. At 3:47 p.m. on Dec. 13, Brian Tardiff, the state's chief digital officer, emailed a Deloitte executive: 'Please proceed with system shutdown.' The system remained offline for more than a month, and Deloitte first learned of the hack after someone posted on a website for Brain Cipher, a ransomware group, on Dec. 4, claiming to have infiltrated the system. Deloitte found 'identified suspicious activity' and notified state officials on Dec. 5. Advertisement The report does not identify the hackers, and says CrowdStrike's review 'did not reveal the presence of any artifacts related to ransomware execution in the RIBridges environment, nor the presence of any Brain Cipher ransomware notes.' The McKee administration This is a developing story and will be updated with details from the state's 10 a.m. press conference. Christopher Gavin can be reached at