Ransomware

More attackers are stealing data and threatening to leak it without the complicated work of locking up files first, finds CrowdStrike’s Global Threat Report. Plus, attackers are getting around patches to re-exploit vulnerabilities.

Public-facing services in Oregon City, Ore., were taken offline Feb. 6 after what officials are now calling a “sophisticated ransomware attack.” While most services have been restored, others are expected to relaunch this week.

Russia-based ransomware group LockBit claims to have stolen "confidential data" from Pierce Transit and about 300 GB of data from the city of Lakewood. The cyber attack was discovered Feb. 14, officials said.

The ransomware attack against city systems earlier this month continues to hamper public access to the 311 phone system. The outage comes as heavy rain and winds sweep the region.

Los Angeles Unified School District officials report that as many as 2,000 student records were posted on the dark web as a result of a recent cyber attack. Some of the exposed records were more than three decades old.

According to the city, 911, fire, emergency resources and financial data remain unscathed, but Oakland has been forced to take other systems offline. It’s now working with law enforcement to investigate the issue.

While the city has not confirmed that it was the victim of a cyber attack, officials have issued a statement saying that cybersecurity experts are investigating "recently detected suspicious activity on (the) digital network."

The ransomware group Royal sent an extortion letter to Tucson Unified School District earlier this week following a successful cyber attack. Teachers are continuing in-person lessons even as some systems remain offline.

While it has yet to confirm Hive was the group that attacked Norman Public Schools' network in November 2022, the FBI has gained control of the group's operations and said they've targeted over 1,500 victims worldwide.

Nantucket Public Schools canceled classes Tuesday morning and shut down student and staff devices, safety and security systems, including phones and security cameras, after discovering ransomware on its network.

Law enforcement disrupted the digital infrastructure the ransomware group Hive uses to communicate with members, and stole decryption tools that it passed along to victims during a monthslong covert infiltration of the criminal network.

A new report and toolkit aims to help K-12 schools and school districts identify funding and low-cost resources, identify high-priority risk reduction steps and stay informed about emerging cyber threats and risks.  

Maryland’s inspector general partially faulted the Baltimore County school system for a cyber attack on its network in November 2020, because it had neglected to relocate database servers as advised by the state.

Investigators say reconnaissance for the Sept. 3 cyber attack on Los Angeles Unified School District began as early as July 31. Hackers stole data on more than 500 people who worked for district contractors.

The proposed center would provide public entities with cyber solutions, develop the cyber workforce and deliver training and awareness across sectors. Efforts to pass this measure in 2022 ran out of time; a new House bill revives the question.

A newly released report from Connecticut-based IT vendor Datto suggests that only around three out of 100 small- to medium-size businesses hit with ransomware pay cyber criminals to recover their data.

North Texas school districts are eyeing the latest tools and best practices for cybersecurity and trying to learn from the experiences of other districts, but ransomware threats are a continuously moving target.

The newly announced MD-ISAC aims to provide actionable cyber intelligence to counties, cities, towns and public schools to help them identify and head off potential cybersecurity threats.