Latest news with #Qilin
Yahoo
3 days ago
- Politics
- Yahoo
‘This is a wake up call' Cyber security expert weighs in on City of Abilene cyber attack
ABILENE, Texas ()- On Friday, April 18th, 2025, The City of Abilene became aware of a cyber attack on city computer systems. Now, more than a month later, the investigation into that attack is ongoing, and an alleged deadline has come and gone the city stating no intention to pay any would-be ransom for the stolen data. KTAB/KRBC sat down with Cybersecurity expert and CEO of CyberCatch, Sai Huda, for insight into how attacks like this one have played out in the past and what might lie in the city's future. 'This is a wakeup call for the City of Abilene,' Huda said. Despite today's deadline, City of Abilene says they still won't pay ransom in cyberattack The City has been relatively quiet on the matter as investigation has been conducted but that's not without reason. Because this attack involves data theft and security measures, city staff is exercising an abundance of caution to mitigate the extent of the attack within city systems and prevent the investigation from becoming compromised. With that in mind, lets discuss what we know so far. What is a Ransomware attack? How has the City responded? What is at risk? What can we do now? This kind of malicious software is something that Huda is quite familiar with, telling KTAB/KRBC that it is not uncommon for an entity such as the City of Abilene to be targeted by such an attack. 'Very typical these days where the attackers, the bad actors, install the ransomware into the system, shut down file systems. But while they do that, they also are able to make a copy of valuable data and exfiltrate that. In other words, transmit that out, and then they'll use that to threaten the victim. In this case, the city of Abilene and say, hey, pay this ransom by this deadline. Otherwise, we will not only leave you encrypted and so you won't be able to access any file systems, but also will start to sell that data on the dark web or release it publicly in increments to embarrass you. And it's all about really money at this point,' said Huda. Cyber Security watchdog group, Comparitech published a research article into the Abilene Cyber attack in which they were able to identify the Russian-based ransomware group Qilin as having claimed responsibility for the attack. City of Abilene doesn't dispute report of cyber attack ransom from Russian ransomware gang In that same article, Comparitech states that Qilin mainly targets victims through phishing emails to gain access to computer systems and introduce the malicious software. The group claiming responsibility for 25 confirmed ransomware attacks in 2025 to date. Seven of which were against government entities all across the U.S. An initial news release put out by the City of Abilene states that, 'upon receiving reports of unresponsive servers City staff began immediately executing the incident response plan in place. Affected servers and critical assets were disconnected from the network to mitigate further spread of the attack. And an investigation with 'industry-leading cybersecurity experts' was launched. Cyber incident disrupts City of Abilene's network systems, including phones Since that day the City IT department has been working to restore affected city services and minimize downtime. Some systems were taken offline intentionally out of an abundance of caution, again to mitigate spread. While the city has neither confirmed nor disproven the claims of an alleged ransom placed on the data and deadline of May 27th, 2025 to pay that ransom. A statement was put out by the City of Abilene saying, 'the City of Abilene administration reiterates that it has decided no ransom will be paid related to the cyber incident that began on April 18, 2025. The city administration has collaborated closely with cybersecurity experts and legal counsel to reach this determination.' Huda says that he feels this was the right decision for the city to make as he has seen similar situations play out to undesirable outcomes when the ransom is paid. 'I think the city is doing the right thing which is not to pay the ransom because then that's sort of paying for bad behavior. you're rewarding for bad behavior,' Huda going on to say, 'some of the victims, which include cities, have paid the ransom simply because they've done a cost benefit analysis and said, you know what? It's gonna cost us this much money and time to recover when the impact is so severe. So let's just pay the ransom, get the decryption keys, unlock the files, and, you know, we're going to have to have a good faith that these guys will not sell that data. They'll destroy it. So some of them, unfortunately have paid. But, we're seeing a trend now which is positive that they're not paying the ransom.' Huda stating that even if the city decided to pay the ransom there is no guarantee that the stolen data would have been released. 'And a lot of times the ransomware gangs actually will go away. All of a sudden they're gone they've taken the ransom payment. They haven't provided the decryption keys and they certainly haven't destroyed the data. So, you know, they're really not trustworthy to begin with. And so why reward them?' Huda said. With an entity like the City of Abilene that has connections to businesses, non-profits, and direct interaction with individuals, the data that was targeted could span a wide range of fields as Huda explained. 'In this case City of Abilene's customers. They could be businesses they could be individuals and as much information about them as possible,' said Huda. In his professional opinion, Abilene may have become a more high priority target for cyber attacks due to recent increased notoriety through the announcement of the A.I Project Stargate. 'The City of Abilene has now appeared, if you will, big time on the map. The project Stargate, which is the largest investment in A.I in US history, which entails building this massive data center at City of Abilene, is really of importance to these bad actors. But imagine all the people that are already involved in that project. So the construction people, the different suppliers, there are high value targets for these bad actors because maybe they can be ransomed or maybe their data could be used to infiltrate other valuable information about the data center. And when it comes online, that becomes even more valuable,' Huda said. While there is currently no evidence to believe that Stargate and the Lancium clean compute facility played a factor in the ransomware gang's decision to target Abilene, Huda says the sheer amount of data and information that are involved in the venture are no doubt of high value to bad actors. 'So plans, designs, how those chips are being made, where they're being shipped to. What volume of chips are being made, what types? That's a really strategic importance. And so, you know, these these that actors in this case might be a criminal gang, but, you know, they may be supported by adversary nation states such as Russia,' suggested Huda. As the City continues to investigate and address the attack that has already happened, Huda says businesses and individuals should be taking a cybersecurity inventory to defend against potential future attacks, data loss, and identity theft. 'So first of all, businesses should be proactive right now and think that they possibly could be attack, target and therefore put some measures in place. So like an incident response plan, which is basically a plan that says, hey, can we recognize a potential incident happening? And if we do, can we quickly come together and prevent that ransomware, for example, from infecting all of our computers?…Backup files should be regularly backed up. They should be offsite, offline, inaccessible to the ransomware, because frequently the ransomware will actually be programed to hunt for those backup files,' Huda said. Huda advised individuals who may have been impacted by the attack to check their passwords and consider changing any passwords that are linked to City of Abilene accounts. Stating also that passwords should be varied between different accounts and not be made simple or easy to guess. As far as any potential fallout from this attack for Abilene citizens, Huda says to be on guard for identity theft and keep a close monitor on all financial or banking accounts you utilize. 'Individuals should, number one be paying attention to their credit reports. Put a credit monitoring alert on. Maybe put some credit freezes but be especially on guard for potential identity theft. That could happen not necessarily from this gang, but, you know, other gangs, other criminals that they may sell that data to who may perpetrate that type of fraud, which is identity theft. Open up credit cards, open up bank loans, different types of other expenses, you know, using the identity of the consumer. So that's the risk to the consumer,' said Huda. Prior to this report, KTAB/KRBC reached out to the City of Abilene with a list of questions. City staff stated that they are actively working to gather the relevant information, but were unable to respond in time for this report. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
6 days ago
- Politics
- Yahoo
Despite today's deadline, City of Abilene says they still won't pay ransom in cyberattack
ABILENE, Texas () – Today is the alleged deadline for the City of Abilene to pay a Russian ransomware group to prevent the sharing of private information from a cyberattack that occurred in April. In April, city officials announced that a cyber incident had impacted Abilene's internal network, rendering several servers inoperable. Last week, a stated that the ransomware group known as Qilin has claimed to have stolen 477 GB of data from the city and is demanding a ransom payment by May 27, 2025. City officials have neither confirmed nor disproven this claim, but they have acknowledged its existence. City of Abilene doesn't dispute report of cyber attack ransom from Russian ransomware gang City officials stated they would never pay a criminal entity, a stance reiterated today on the deadline for payment. 'The City of Abilene administration reiterates that it has decided no ransom will be paid related to the cyber incident that began on April 18, 2025. The city administration has collaborated closely with cybersecurity experts and legal counsel to reach this determination,' the city shared. 'We appreciate your patience as we are able to provide information. We commit to continuing to provide you with the most current details and look forward to sharing more as the investigation continues.' Cyber incident disrupts City of Abilene's network systems, including phones City officials say analysts are actively monitoring for the release of sensitive information and potential data leaks. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
21-05-2025
- Yahoo
City of Abilene doesn't dispute report of cyber attack ransom from Russian ransomware gang
ABILENE, Texas () – A report from Comparitech claims that a Russian ransomware group has taken responsibility for the cyberattack targeting the City of Abilene. The city has acknowledged this new information but hasn't confirmed or denied its validity. Cyber incident disrupts City of Abilene's network systems, including phones Back in April, city officials announced that a cyber incident had disrupted Abilene's internal network, leaving several servers unresponsive. On May 19, Comparitech reported that the ransomware group known as Qilin claimed to have stolen 477 GB of data from the city and is demanding a ransom payment by May 27, 2025. While the exact amount of the alleged ransom is unknown, the City of Abilene shared its firm stance: it will not pay. 'The City of Abilene has been working with cyber security professionals since the incident began on April 18th and, given their expert direction along with adherence to the City's organizational values and standards, determined the payment of any kind of ransom to criminal entities of this sort would not take place,' the city shared. Federal authorities investigating Abilene cyber attack, certain services still impacted According to Comparitech, Qilin has threatened to publicly release the stolen data if the city does not comply. The group has reportedly posted sample files as proof, including tax documents and other government records allegedly taken from city servers. Due to the ongoing investigation, officials say they're still limited in what they can publicly disclose. 'The City of Abilene understands that various aspects of functionality across several departments and services have been affected by the network outage that followed the cyber incident, and we sincerely apologize for the frustration and disruption this has caused. Our employees are working diligently to serve our community, with all essential needs like emergency response, water, and solid waste continuing operations throughout this time. We greatly appreciate everyone's patience and understanding,' the city shared. City of Abilene files Catastrophe Notice due to cyber attack City officials say more details will be released as they become available and once the investigation concludes. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
13-05-2025
- Business
- Yahoo
Lee Enterprises spent $2M for ransomware recovery
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Lee Enterprises said it incurred $2 million in restoration costs due to a major cybersecurity attack in February that also impacted second-quarter advertising revenue. The Davenport, Iowa-based newspaper chain suffered major disruptions during the February attack, when hackers encrypted critical applications and stole data. The company operates in 72 markets in 25 U.S. states, publishing major regional papers, including the Omaha World-Herald, the St. Louis Post-Dispatch and the Buffalo News. The attack also affected the company's finances by freezing its ability to bill and collect money from customers and limiting its ability to pay vendors, VP, CFO and treasurer Tim Millage told analysts during a quarterly earnings call last week. 'While technical recovery is complete, there are some lingering impacts on our balance sheet, as we aim to improve working capital by reducing both accounts receivable and outstanding accounts payable throughout the remainder of the fiscal year,' Millage said during the call. The company's sole lender, BH Finance, agreed to waive interest and basic rent payments in March, April and May, according to Millage. The company has $453 million in debt outstanding under its agreement with BH Finance, according to the earnings report. The company said many of the costs are subject to insurance reimbursement and the claims process is ongoing, according to Millage. Lee Enterprises reported $137 million in total operating revenue for the quarter and said digital revenue rose 3% year-over-year, to $73 million, or 4% on a same-store basis. The company reported a net loss of $12 million for the quarter. The company previously warned in a regulatory filing that the attack would likely have a material impact on operations. The Qilin ransomware group previously claimed credit for the attack. The ransomware-as-a-service team claimed to have access to 350 gigabytes of data and threatened to release some of the information, but it is unclear if it did so. A spokesperson for Lee Enterprises previously confirmed they were aware of the claim and were investigating. Qilin has been active in the ransomware space in recent months. Qilin affiliates engaged in phishing attacks targeting an administrator at a managed service provider, Sophos said in an April report. Lee Enterprises has not explained how the hackers gained access to the company's IT network. The financial fallout underscores the potential long-term impacts on business resilience, according to Forrester, as research shows the average breach cost $2.7 million in 2024. 'It's critical to have strong incident response processes in place to manage the fallout from an incident like this, especially against attacks that affect business continuity,' principal analyst Allie Mellen said via email. 'In these scenarios, every minute counts, and ensuring personnel know what they need to do and when they need to do it can save precious time. This is especially true during ransomware incidents.' Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Forbes
11-05-2025
- Forbes
Beware — These Ransomware Hackers Are Watching You Work
Ransomware attackers can now watch what you are doing. The ransomware threat is evolving, and attackers are continually seeking new angles and technologies to exploit, to aid with leveraging payments in these modern-day extortion schemes. Some are hard to fathom, like the DOGE-trolling hackers demanding $1 trillion, exploiting zero-day vulnerabilities in Windows, and the increasingly common use of 2FA bypass attacks and access to 19 billion compromised passwords on the dark web. But what if ransomware hackers were using employee monitoring software to see what you are up to during the attack and to steal your credentials as well? Welcome to the sinister world of Qilin and Hunters International ransomware. While the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have recently issued a security alert about the dangers that unsophisticated threat actors pose to U.S. critical infrastructure services, that doesn't mean all ransomware hackers are using the kind of basic and elementary intrusion techniques described in the CISA advisory. Take the Qilin and Hunters International ransomware threat, whose affiliates have been observed using a legitimate employee monitoring tool during their attacks. The ransomware attacks in question started with malicious Google Ads deployed by the threat actors. These were designed to display 'when people searched for RVTools, a free Windows utility for managing VMware vSphere deployments,' Sergiu Gatlan at Bleeping Computer, said. If the would-be victim clicked through that advert then it started a waterfall of nefarious events leading to the download and installation of something called Kickidler. Here's the thing: Kickidler is not malware. In fact, it's a perfectly legitimate employee monitoring tool that's deployed by more than 5,000 organizations across the world. The key point of interest is that it provides a visual monitoring capability. Once installed, the ransomware hackers can literally see what you are doing. Varonis threat research investigators have suggested that the ransomware attackers have used the software in order to have undetected access to target systems for weeks at a time, enabling the collection of the credentials required to gain access to critical off-site cloud data backups. It is recommended, therefore, that network defenders ensure the effective and regular auditing of any installed remote monitoring and management software.
