Latest news with #Interlock
Tom's Guide
5 days ago
- Health
- Tom's Guide
Over 900,000 hit in massive healthcare data breach — names, addresses and Social Security numbers exposed online
Hackers and especially ransomware gangs have been on a rampage targeting and attacking healthcare organizations this year. Now, one of the largest dialysis providers in the U.S., DaVita, has fallen victim to a massive healthcare data breach. As reported by Comparitech, the kidney dialysis company DaVita has revealed that it suffered a data breach earlier this year when hackers gained unauthorized access to servers, primarily located in its laboratories. While DaVita became aware of this security incident in mid-April, the hackers behind the attack first gained access to its systems on March 24. During which time, they stole all sorts of sensitive personal, financial and medical data. DaVita hasn't come out and said which hackers are responsible but after news of the breach was made public, the Interlock ransomware gang took credit for the attack, claiming it managed to steal 1.5TB of data including 683,104 files and 75,836 files according to a previous report from Comparitech. Whether you, a family member or someone you know gets dialysis treatment at one of DaVita's centers, here's everything you need to know about this latest data breach along with some tips on how you can stay safe and what to do now. Now that the dust has settled and DaVita has carried out a full investigation into the security incident, the company has begun sending out data breach notification letters to affected to DaVita's latest notice (PDF), the following patient data was stolen in the breach: It's worth noting that the types of stolen data are different for all impacted individuals. While some people may have had all of the data listed above stolen in the breach, this may not be the case for everyone. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. If you or someone in your household gets dialysis treatments at DaVita, then chances are you may have received a data breach notification letter in the mail or one is on its way out to you. Inside this data breach notification letter, you can find out exactly what data on you was exposed as a result of the breach. However, you're going to want to hold onto this letter as DaVita is providing free access to one of the best identity theft protection services for a set amount of time. I say this as the sample data breach notification letter (linked above) that I looked at doesn't say a specific time frame but usually, companies provide access to one of these services for either 12 or 24 months. Don't worry though, as your own letter will definitely include the exact timeframe. In this case, DaVita is offering impacted individuals access to Experian IdentityWorks. While we haven't reviewed this particular identity theft protection service yet, it is considered a reliable and worthwhile service. Inside your data breach notification letter, you'll find a code which you can use to activate your IdentityWorks subscription. However, you will need to do so by November 28th of this year if you wish to claim this free offer. If your Social Security number or other stolen data is used to commit fraud or identity theft, IdentityWorks has experts standing by to help you regain any lost funds or to restore your identity. In fact, the plan offered by DaVita includes up to $1 million in identity theft insurance. Besides signing up for this identity theft protection service, you're also going to want to keep a close eye on your financial accounts for signs of fraud and if you're really worried, you can also freeze your credit so that hackers or scammers with your stolen information can't take out loans in your name. Likewise, you're going to want to be extra careful when checking your inbox, text messages and even when answering the phone. The reason being is that your stolen information could be used in targeted phishing attacks. In addition to DaVita, the Interlock ransomware gang has also gone after other healthcare organizations in previous data breaches including Texas Digestive Specialists, Kettering Health and Naper Grove Vision Care back in May. Given that the pace and scope of the group's attacks seem to be increasing, I don't see them slowing down anytime soon. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Forbes
6 days ago
- Forbes
Microsoft Windows Is Being Hacked If You See These JPEG Images
Microsoft users have every right to consider themselves somewhat bombarded by hackers. What with the recent global SharePoint attack, confirmation of the FileFix Windows security bypass, and the FBI issuing a critcial warning to activate 2FA in response to the Interlock ransomware threat. Now Windows users have been issued another warning about a threat hiding in plain sight that weaponizes JPEG image files to attack. Here's what you need to know about the APT37 RoKRAT remote access trojan. Windows Users Warned As Microsoft Paint And JPEG Images Used In Latest Hack Attacks When you think of sophisticated hack attacks, the chances are that the much-derided MS Paint application and the use of basic JPEG images do not immediately spring to mind. Yet here we are, with a critical warning being issued as an advanced threat group colloquially known as Reaper, but more formally identified as APT37, using just these tools to deploy a truly dangerous remote access trojan called RoKRAT. You might be more used to reading about images stolen by hackers than deployed by them as an integral part of an attack, but the risk is very real indeed as security researchers at the Genians Security Center have warned. The latest RoKRAT attack report has revealed how the APT37 hackers are using steganography to obfuscate malware code, which is then injected into the MS Paint process during the Microsoft Windows cyberattacks. Why do this? Because it makes detection, and therefore prevention, much harder. APT37 'employs a two-stage encrypted shellcode injection method to hinder analysis,' the researchers warned, with downloaded images as part of the attack. The report said the malware analysts observed that 'the RoKRAT module is embedded within the JPEG image format.' The RoKRAT attack module itself was concealed, the researchers said, in images named downloaded from a Dropbox drive. There were two photos of a man, a harmless version of which can be viewed within the report itself, but 'the underlying malware structure remained the same.' What Is Steganography? Steganography, from the Greek steganographia, combining words meaning concealed and writing, is just that: the 'art' of concealing information within a different medium so that it is not immediately evident to even a skilled observer. In the world of cybersecurity, steganography is most commonly seen, or not, of course, as malicious code hiding within a seemingly harmless image. This is not a new technique by any means. I feel a confession coming on. Some 25 years ago, someone looking very much like me employed just such a technique to capture keyboard output and hide it in an image file for later extraction. Hackers have known about and deployed steganography forever. Which does not make it an outdated technique or any the easier to detect when looking for malicious code. And that, dear reader, is why the APT37 attackers are deploying it in these latest RaKRAT campaigns. 'When shellcode is injected into the process to perform a fileless attack,' the researchers warned, 'detection by signature- or pattern-based security solutions may be difficult.' But a mature Endpoint Detection and Response solution can identify 'external communications initiated via shellcode and the Dropbox API,' which would quickly halt the Microsoft Windows attack. For mere mortals without access to such enterprise tools, there's another mitigation method: beware of the phishing tactics used initially to distribute the malware. These consist of compressed archives containing Windows shortcut links. You can read about mitigating Microsoft LNK cyberattacks here. I have reached out to Microsoft for a statement rearing the latest APT37 campaign. In the meantime, a spokesperson previously advised that: 'Windows identifies LNK shortcut files as a potentially dangerous file type, which means that when a user attempts to open one that had been downloaded from the internet, a security warning is automatically triggered. This warning, quite correctly, advises the user not to open files from unknown sources. We strongly recommend heeding this warning.'
Forbes
27-07-2025
- Forbes
New FBI Warning — Windows And Linux Users Must Apply 2FA Now
FBI warns of Interlock threat - enable 2FA now. There are some weeks that I almost feel like I have joined the Federal Bureau of Investigation, given the number of alerts that I am exposed to. Within just the last few days, I have shared a warning to 10 million Android users to disconnect their devices, another for all smartphone users as phantom hacker attacks continue, and now comes the FBI recommendation for Windows and Linux users to urgently enable two-factor authentication to complete the cyber-trilogy. Here's everything you need to know when it comes to mitigating the Interlock ransomware threat. FBI And CISA Issue Joint Interlock Ransomware Warning A relatively new ransomware threat is, according to the Cybersecurity and Infrastructure Security Agency, on the rise and targeting both businesses and critical infrastructure providers with double-extortion attacks. A July 22 joint cybersecurity advisory, issued alongside the FBI under alert code aa25-203a, was prompted by ongoing FBI investigations that have identified both indicators of compromise and the tactics, techniques and procedures used by the attackers. 'The FBI is aware of Interlock ransomware encryptors designed for both Windows and Linux operating systems,' the alert confirmed. Although I would heartily recommend reading the full alert for all the technical details, the attacks can be summed up as employing drive-by-downloads and ClickFix social engineering to gain initial access. Once the system has been breached, the attackers then deployed credential stealers and keyloggers to obtain account credentials and execute the necessary lateral movement and privilege escalation required to deploy the ransomware and exfiltrate data. This article, however, is less about the how or why (they are after money, duh!) and more concerned with mitigation. Luckily, the FBI has some excellent and detailed advice about how to prevent such attacks, so let's take a look at what you need to do. Mitigating The Interlock Ransomware Threat — The FBI Recommendations Mitigating the Interlock threat Prevention is always better than cure, and that is no truer than when applied to the world of cybersecurity. Mitigating a threat is the priority for every security team, nobody wants to be dealing with the fallout of failings to do. The FBI is aware of this, which is why the cybersecurity alert features a large, red bullet point mitigation table at the top of the advisory. It's also why it's the focus of this article. While the 'actions for organizations to take today' list is, of course, extremely valuable, it is not the complete litigation picture. For that you need to dig deeper into the alert itself. Personally, I would move number four up to number one as well - especially the employing 2FA across accounts advice, as this is crucial in preventing the lateral movement and privilege escalation that enables a successful ransomware attack. But anyhoo, let's explore the full FBI mitigation advice in our own bullet point list, shall we? And, as the FBI notes, implement a recovery plan!
BBC News
10-07-2025
- BBC News
Schools affected by West Lothian cyber attack named
Social work reports are among the data that has been stolen in a cyber attack on 12 Scottish schools. West Lothian Council has confirmed for the first time the individual schools impacted by a ransomware attack in local authority said reports shared by social work and other agencies were compromised and that it was also "possible" that names and addresses of pupils were taken. The cyber attack, which mainly affects secondary schools, is under police investigation and parents have been urged to remain extra vigilant of phishing attacks or scams. West Lothian Council said only a very small proportion of the files compromised were of a personal and sensitive local authority said it was possible that names, addresses, email addresses and learning materials were amongst the data taken from the affected deemed at risk from the social work and other agency reports that have been compromised have already been contacted, the council said in a update on its website. BBC Scotland News reported in May that a group called Interlock claimed it was behind the groups operate by using malicious software to encrypt an organisation's files, then demand a payment with a threat to publish the material online if no ransom is paid. Which schools are affected by the West Lothian Council cyber attack? The schools directly affected by the issue are: Armadale AcademyBathgate AcademyBroxburn AcademyDeans Community High SchoolInveralmond Community High SchoolJames Young High SchoolLinlithgow AcademySt Kentigern's AcademySt Margaret's AcademyWest Calder High SchoolWhitburn AcademyHoly Family Primary It is understood West Lothian Council was originally made aware of the sensitive data stolen after being alerted to a scanned passport council urged people to be vigilant in case the stolen data was used for further criminal activity such as phishing attacks or other passwords and making sure the new ones are strong and unique is also are asked not to contact schools or the council's customer support line about the cyber attack, as they do not have any more details at this affected by cyber crimes should contact the Cyber and Fraud council said it would issue further updates on the attack on its website.
Yahoo
06-06-2025
- Health
- Yahoo
Kettering Health Cyberattack: people concerned about how much sensitive info on dark web
People are concerned about how much sensitive information from patients is now on the dark web after the Kettering Health cyberattack. [DOWNLOAD: Free WHIO-TV News app for alerts as news breaks] A cyberattack threat analyst explains how the hackers got into the Kettering Health systems and essentially held them hostage today on News Center 7 Daybreak from 4:25 a.m. until 7 a.m. TRENDING STORIES: Multiple injuries after 6-vehicle crash on I-75 in Montgomery Co. 5 hospitalized after car submerges into pond, OSHP says Child flown to hospital after being hit by car in Greene Co. It is believed that Interlock, a hacking group, posted a terabyte of information on their website. As previously reported by News Center 7, Kettering Health said Thursday that it removed the tools Interlock used to gain access, enhanced network security, and patched vulnerabilities. As for the patients' information, a threat analyst told News Center 7 there is 'no immediate way you can remove it.' 'So, that information can reside on the dark web and ultimately find its way to the open web so anyone can see it,' Luke Connolly, Emisoft Threat Analyst, said. Kettering Health says its primary focus is ensuring that patients get in contact with them and get the care they need. The update provided by Kettering Health did not address News Center 7's questions seeking information on services and protections that might be offered to patients and employees now that sensitive information has been released. This is a developing story, and we will continue to update this page with new details. [SIGN UP: WHIO-TV Daily Headlines Newsletter]
