Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 22
427 résultats taggé Ransomware  ✕
Ingram Micro outage caused by SafePay ransomware attack https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/
07/07/2025 06:42:35
QRCode
archive.org
thumbnail

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned.

Update 7/6/25: Added Ingram Micro's confirmation it suffered a ransomware attack below. Also updated ransom note with clearer version.

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned.

Ingram Micro is one of the world's largest business-to-business technology distributors and service providers, offering a range of solutions including hardware, software, cloud services, logistics, and training to resellers and managed service providers worldwide.
Since Thursday, Ingram Micro's website and online ordering systems have been down, with the company not disclosing the cause of the issues.

BleepingComputer has now learned that the outages are caused by a cyberattack that occurred early Thursday morning, with employees suddenly finding ransom notes created on their devices.

The ransom note, seen by BleepingComputer, is associated with the SafePay ransomware operation, which has become one of the more active operations in 2025. It is unclear if devices were actually encrypted in the attack.

It should be noted that while the ransom note claims to have stolen a wide variety of information, this is generic language used in all SafePay ransom notes and may not be true for the Ingram Micro attack.

bleepingcomputer EN 2025 Cyberattack Note Computer Security Ransom MicroIngram Ransomware VPN SafePay
Johnson Controls starts notifying people affected by 2023 breach https://www.bleepingcomputer.com/news/security/johnson-controls-starts-notifying-people-affected-by-2023-breach/
05/07/2025 12:34:24
QRCode
archive.org
thumbnail

Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company's operations worldwide in September 2023.

Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, HVAC systems, and fire safety equipment for buildings. The company employs over 100,000 people through its corporate operations and subsidiaries across 150 countries, reporting sales of $27.4 billion in 2024.

As BleepingComputer first reported, Johnson Controls was hit by a ransomware attack in September 2023, following a breach of the company's Asian offices in February 2023 and subsequent lateral movement through its network.

"Based on our investigation, we determined that an unauthorized actor accessed certain Johnson Controls systems from February 1, 2023 to September 30, 2023 and took information from those systems," the company says in data breach notification letters filed with California's Attorney General, redacted to conceal what information was stolen in the attack.

"After becoming aware of the incident, we terminated the unauthorized actor's access to the affected systems. In addition, we engaged third-party cybersecurity specialists to further investigate and resolve the incident. We also notified law enforcement and publicly disclosed the incident in filings on September 27, 2023; November 13, 2023; and December 14, 2023."

bleepingcomputer EN 2025 Breach Cyberattack Dark-Angels Data-Breach Johnson-Controls Ransomware
Ransomware gang attacks German charity that feeds starving children https://therecord.media/welthungerhilfe-german-hunger-relief-charity-ransomware-attack
04/07/2025 12:20:06
QRCode
archive.org
thumbnail

therecord.media - Cybercriminals are extorting the German humanitarian aid group Welthungerhilfe (WHH) for 20 bitcoin. The charity said it will not pay.

Deutsche Welthungerhilfe (WHH), the German charity that aims to develop sustainable food supplies in some of the world’s most impoverished countries, has been attacked by a ransomware gang.

The charity, whose name literally translates as World Hunger Help, reached 16.4 million people in 2023. It is currently providing emergency aid to people in Gaza, Ukraine, Sudan and other countries and regions where there is an urgent need for food, water, medicine and basic necessities.

A spokesperson confirmed to Recorded Future News that WHH had been targeted by a ransomware-as-a-service (RaaS) group which recently listed the charity on its darknet leak site.

The cybercriminals are attempting to sell data stolen from the charity for 20 bitcoin, equivalent to around $2.1 million, although it is not clear whether WHH’s computer networks have also been encrypted. The charity said it would not be making an extortion payment to the criminals behind the attack.

“The affected systems were shut down immediately and external IT experts who specialise in such cases were called in. We have also further strengthened the security of our systems with additional technical protective measures,” said a WHH spokesperson.

“We have informed the relevant data protection authority, consulted our data protection officer and involved the police authorities. We continue to liaise closely with the authorities,” they added.

The charity stressed it was “continuing our work in our project countries unchanged. We continue to stand by the side of the people who need our support. In view of the many humanitarian crises worldwide, our work is more important than ever.”

The RaaS group that is extorting WHH was previously responsible for attacks on multiple hospitals — including The Ann & Robert H. Lurie Children’s Hospital of Chicago and hospitals run by Prospect Medical Holdings — and last year also attempted to extort the disability nonprofit Easterseals.

therecord.media EN 2025 Ransomware WHH Germany Cybercriminals Charity
Swiss government affected by cyberattack on health foundation https://www.swissinfo.ch/eng/swiss-politics/swiss-government-affected-by-cyberattack-on-health-foundation/89605046
30/06/2025 16:19:35
QRCode
archive.org
thumbnail

Switzerland says a ransomware attack on the non-profit health foundation Radix that involved data being stolen and encrypted had also affected the federal administration.
The Radix Foundation, a not-for-profit organisation active in the field of health promotion, has been the victim of a ransomware attack, it was confirmed on Monday. The criminals stole and encrypted data, which they then published on the darknet.

The foundation contacted the National Cybersecurity Centre (NCSC) after carrying out an initial analysis of the situation, it announced on Monday. Radix’s clientele also includes various administrative units of the federal administration.

The aim is to determine which services and data are actually affected by the cyber attack. At no time were the hackers able to penetrate the systems of the federal administration, as the Radix Foundation itself does not have such direct access, the centre pointed out.

swissinfo EN Switzerland ransomware attack non-profit encrypted federal administration
Akira doesn’t keep its promises to victims — SuspectFile https://databreaches.net/2025/06/02/akira-doesnt-keep-its-promises-to-victims-suspectfile/
04/06/2025 13:17:35
QRCode
archive.org

Over on SuspectFile, @amvinfe has been busy exposing Akira’s false promises to its victims. In two posts this week, he reports on what happened with one business in New Jersey and one in Germany that decided to pay Akira’s ransom demands. He was able to report on it all because Akira failed to secure its negotiations chat server. Anyone who knows where to look can follow along if a victim contacts Akira to try to negotiate any payment for a decryptor or data deletion.

In one case, the victim paid Akira $200k after repeatedly asking for — and getting — assurances that this would all be kept confidential. In the second case, Akira demanded $6.9 million but eventually accepted that victim’s offer of $800k. The negotiations made clear that Akira had read the terms of the victim’s cyberinsurance policy and used that to calculate their demands.

If the two victims hoped to keep their names or their breaches out of the news, they may have failed. Although SuspectFile did not name them, others with access to the chats might report on the incidents. Anyone who read the chats would possess the file lists of everything Akira claimed to have exfiltrated from each victim. Depending on their file-naming conventions, filenames may reveal proprietary or sensitive information and often reveal the name of the victim.

So the take-home messages for current victims of Akira:

Akira has not been keeping its negotiations with you secure and confidential.
Paying Akira’s ransom demands is no guarantee that others will not obtain your data or find out about your breach.
Even just negotiating with Akira may be sufficient to provide researchers and journalists with data you do not want shared.
If you pay Akira and they actually give you accurate information about how they gained access and elevated privileges, you are now more at risk from other attackers while you figure out how to secure your network.

databreaches EN 2025 Akira ransomware promises
Lyrix Ransomware https://www.cyfirma.com/research/lyrix-ransomware/
30/05/2025 11:27:52
QRCode
archive.org
thumbnail

CYFIRMA’s research team discovered Lyrix Ransomware while monitoring underground forums as part of our Threat Discovery Process. Developed in Python and compiled with PyInstaller — allowing it to run as a standalone executable with all dependencies—Lyrix targets Windows systems using strong encryption and appends a unique file extension to encrypted files. Its advanced evasion techniques and persistence mechanisms make it challenging to detect and remove. This discovery underscores the need for proactive cybersecurity measures and a robust incident response strategy to safeguard data and reduce the risk of breaches.

Target Technologies Windows Operating System
Written In Python
Encrypted file extension Original file names appended with ‘.02dq34jROu’ extension
Observed First 2025-04-20
Problem Statement
Lyrix Ransomware targets Windows operating systems using advanced evasion and anti-analysis techniques to reduce the likelihood of detection. Its tactics include obfuscating malicious behavior, bypassing rule-based detection systems, employing strong encryption, issuing ransom demands, and threatening to leak stolen data on underground forums.

Lyrix Ransomware
Basic Details
Filename Encryptor.exe
Size 20.43 MB
Signed Not signed
File Type Win32 EXE
Timestamp Sun Apr 20 09:04:34 2025 (UTC)
SHA 256 Hash fcfa43ecb55ba6a46d8351257a491025022f85e9ae9d5e93d945073f612c877b

cyfirma EN 2025 Lyrix Ransomware analysis
DragonForce ransomware abuses SimpleHelp in MSP supply chain attack https://www.bleepingcomputer.com/news/security/dragonforce-ransomware-abuses-simplehelp-in-msp-supply-chain-attack/
28/05/2025 10:14:51
QRCode
archive.org
thumbnail

The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems.

Sophos was brought in to investigate the attack and believe the threat actors exploited a chain of older SimpleHelp vulnerabilities tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726 to breach the system.

SimpleHelp is a commercial remote support and access tool commonly used by MSPs to manage systems and deploy software across customer networks.

The report by Sophos says that the threat actors first used SimpleHelp to perform reconnaissance on customer systems, such as collecting information about the MSP's customers, including device names and configuration, users, and network connections.

The threat actors then attempted to steal data and deploy decryptors on customer networks, which were blocked on one of the networks using Sophos endpoint protection. However, the other customers were not so lucky, with devices encrypted and data stolen for double-extortion attacks.

Sophos has shared IOCs related to this attack to help organizations better defend their networks.

MSPs have long been a valuable target for ransomware gangs, as a single breach can lead to attacks on multiple companies. Some ransomware affiliates have specialized in tools commonly used by MSPs, such as SimpleHelp, ConnectWise ScreenConnect, and Kaseya.

This has led to devastating attacks, including REvil's massive ransomware attack on Kaseya, which impacted over 1,000 companies.

bleepingcomputer EN 2025 CVE-2024-57727 Data-Theft DragonForce Managed-Service-Provider MSP Ransomware RMM SimpleHelp-RMM
Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware/
19/05/2025 06:42:28
QRCode
archive.org
thumbnail

Key Takeaways

  • The threat actor first gained entry by exploiting a known vulnerability (CVE-2023-22527) on an internet-facing Confluence server, allowing for remote code execution.
  • Using this access, the threat actor executed a consistent sequence of commands (installing AnyDesk, adding admin users, and enabling RDP) multiple times, suggesting the use of automation scripts or a playbook.
  • Tools like Mimikatz, ProcessHacker, and Impacket Secretsdump were used to harvest credentials.
  • The intrusion culminated in the deployment of ELPACO-team ransomware, a Mimic variant, approximately 62 hours after the initial Confluence exploitation.
  • While ransomware was deployed and some event logs were deleted, no significant exfiltration of data was observed during the intrusion.
    This case was featured in our December 2024 DFIR Labs CTF and is available as a lab today here. It was originally published as a Threat Brief to customers in October 2024.
thedfirreport EN 2025 Confluence ELPACO-team Ransomware CVE-2023-22527
DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists https://www.sentinelone.com/blog/dragonforce-ransomware-gang-from-hacktivists-to-high-street-extortionists/
05/05/2025 18:28:30
QRCode
archive.org
thumbnail

DragonForce ransomware group is targeting major UK retailers. Learn about this evolving threat and what steps can be taken to mitigate risk.
In recent weeks, the DragonForce ransomware group has been targeting UK retailers in a series of coordinated attacks causing major service disruptions. Prominent retailers such as Harrods, Marks and Spencer, and the Co-Op have all reported ongoing incidents affecting payment systems, inventory, payroll and other critical business functions.

DragonForce has previously been attributed for a number of notable cyber incidents including attacks on Honolulu OTS (Oahu Transit Services), the Government of Palau, Coca-Cola (Singapore), the Ohio State Lottery, and Yakult Australia.

In this post, we offer a high-level overview of the DragonForce group, discuss its targeting, initial access methods, and payloads. We further provide a comprehensive list of indicators and defensive recommendations to help security teams and threat hunters better protect their organizations.

Background
DragonForce ransomware operations emerged in August 2023, primarily out of Malaysia (DragonForce Malaysia). The group originally positioned itself as a Pro-Palestine hacktivist-style operation; however, over time their goals have shifted and expanded.

The modern-day operation is focused on financial gain and extortion although the operation still targets government entities, making it something of a hybrid actor, both politically aligned and profit-motivated. The group operates a multi-extortion model, with victims threatened with data leakage via the group’s data leak sites, alongside reputational damage.

Recent DragonForce victims have included government institutions, commercial enterprises, and organizations aligned with specific political causes. The group is also known to heavily target law firms and medical practices. Notably, the group has targeted numerous entities in Israel, India, Saudi Arabia, and more recently several retail outlets in the United Kingdom.

Some components of the UK retail attacks have been attributed to an individual affiliated with the loose threat actor collective ‘The Com’, with claims that members are leveraging DragonForce ransomware. Our assessment indicates that the affiliate in question exhibits behavioral and operational characteristics consistent with those previously associated with The Com. However, due to the lack of strong technical evidence and shifting boundaries of The Com, that attribution remains inconclusive and subject to further analysis.

sentinelone EN 2025 DragonForce Ransomware Gang analysis
Hitachi Vantara takes servers offline after Akira ransomware attack https://www.bleepingcomputer.com/news/security/hitachi-vantara-takes-servers-offline-after-akira-ransomware-attack/
04/05/2025 13:08:23
QRCode
archive.org
thumbnail

Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack.

The company provides data storage, infrastructure systems, cloud management, and ransomware recovery services to government entities and some of the world's biggest brands, including BMW, Telefónica, T-Mobile, and China Telecom.

In a statement shared with BleepingComputer, Hitachi Vantara confirmed the ransomware attack, saying it hired external cybersecurity experts to investigate the incident's impact and is now working on getting all affected systems online.

"On April 26, 2025, Hitachi Vantara experienced a ransomware incident that has resulted in a disruption to some of our systems," Hitachi Vantara told BleepingComputer.

"Upon detecting suspicious activity, we immediately launched our incident response protocols and engaged third-party subject matter experts to support our investigation and remediation process. Additionally, we proactively took our servers offline in order to contain the incident.

"We are working as quickly as possible with our third-party subject matter experts to remediate this incident, continue to support our customers, and bring our systems back online in a secure manner. We thank our customers and partners for their patience and flexibility during this time."

bleepingcomputer EN 2025 Akira Cyberattack Hitachi Hitachi-Vantara Ransomware
DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door https://doublepulsar.com/dragonforce-ransomware-cartel-attacks-on-uk-high-street-retailers-walking-in-the-front-door-52ed8ba68534
04/05/2025 00:44:20
QRCode
archive.org

The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry. I think it’s in the public interest to break down what is happening.

The attacks on Marks and Spencer, Co-op and Harrods are linked. DragonForce’s lovely PR team claim more are to come.

Defenders should urgently make sure they have read the CISA briefs on Scattered Spider and LAPSUS$ as it’s a repeat of the 2022–2023 activity which saw breaches at Nvidia, Samsung, Rockstar and Microsoft amongst many others. More info below.

I am not saying it is Scatter Spider; Scattered Spider has become a dumping ground for e-crime groups anyway. The point is they — the threat actor — are entering using the front door, via the helpdesk to get MFA access — those are very good guides from defenders about what to do, links below.

Source: Cybersecurity and Infrastructure Security Agency
DragonForce is a white label cartel operation housing anybody who wants to do e-crime. Some of them are pretty good at e-crime.

While organisations are away at RSA thinking about quantum AI cyber mega threats — the harsh reality is most organisations do not have the foundations in place to do be worrying about those kind of things. Generative AI is porn for execs and growth investment — threat actors are very aware that now is the time to launch attacks, not with GenAI, but foundational issues. Because nobody is paying attention.

Once they get access, they are living off the land — using Teams, Office search to find documentation, the works. Forget APTs, now you have the real threat: Advanced Persistent Teenagers, who have realised the way to evade most large cyber programmes is to cosplay as employees. Last time this happened, the MET Police ended up arresting a few under-18 UK nationals causing incidents to largely drop off.

doublepulsar EN 2025 UK DragonForce Ransomware Cartel attacks
Ransomware attacks on food and agriculture industry have doubled in 2025 | The Record from Recorded Future News https://therecord.media/ransomware-attacks-food-and-ag-double-2025
03/05/2025 23:27:06
QRCode
archive.org
thumbnail

The uptick began in the fourth quarter of 2024 and continued into 2025, with the increases largely attributed to Clop’s exploitation of a popular file sharing service.

Jonathan Braley, director of cyber information sharing organization Food and Ag-ISAC, spoke at the RSA Conference on Thursday and warned of not only the increase in ransomware incidents but the continued lack of visibility into the full scope of the problem.

“A lot of it never gets reported, so a ransomware attack happens and we never get the full details,” he told Recorded Future News on the sidelines of the conference. “I wish companies would be more open in talking about it and sharing ‘Here's what they use, here's how we fixed it,’ so the rest of us can prevent that.”

The uptick began in the fourth quarter of 2024 and continued into 2025, with the increases largely attributed to Clop’s exploitation of a popular file sharing service. But Braley noted that even when they took out the attacks attributed to Clop, groups like RansomHub and Akira were still continuing to attack the food industry relentlessly.

The Food and Ag-ISAC obtained its numbers through a combination of open-source sites, dark web monitoring, member input and information sharing between National Council of ISAC members.

The industry saw 31 attacks in January and 35 in February before a dip to 18 attacks in March.

The 84 attacks seen from January to March were more than double the number seen in Q1 2024.

therecord.media EN 2025 Ransomware attacks Clop agriculture industry
Cell C confirms data breach, warns users to remain vigilant https://iol.co.za/business/2025-04-09-cell-c-confirms-data-breach-warns-users-to-remain-vigilant/
02/05/2025 11:47:44
QRCode
archive.org

Cell C, South Africa’s fourth largest mobile network operator, said on Wednesday morning that RansomHouse had unlawfully disclosed data after a security breach for which RansomHouse is claiming responsibility.

The operator, with 7.7 million subscribers as of February, was attacked in early November 2024 and RansomHouse acquired 2TB of data, which has been corroborated by files posted on the dark web, according to security company PFortner.

Data accessed included:

Full names and contact details (email, phone numbers)
ID numbers
Banking details (if stored for billing purposes)
Driver’s License Numbers
Medical Records (if supplied for closure of accounts on death of a family member)
Passport details
It is not clear how many people were affected.

iol.co.za EN 2025 operator ransomware South-Africa RansomHouse ransomware
LockBit Ransomware v4.0 https://chuongdong.com/reverse%20engineering/2025/03/15/Lockbit4Ransomware/
30/04/2025 11:30:36
QRCode
archive.org

Malware Analysis Report - LockBit Ransomware v4.0

In this blog post, I’m going over my analysis for the latest variant of LockBit ransomware - version 4.0. Throughout this blog, I’ll walk through all the malicious functionalities discovered, complete with explanations and IDA screenshots to show my reverse engineering process step by step. This new version of LockBit 4.0 implements a hybrid-cryptography approach, combining Curve25519 with XChaCha20 for its file encryption scheme.

This version shares similarities with the older LockBit Green variant that is derived from Conti ransomware. While the multi-threading architecture seems more streamlined than previous versions, it still delivers an encryption speed that outpaces most other ransomware families.

As always, LockBit is still my most favorite malware to look at, and I certainly enjoyed doing a deep dive to understand how this version works.

chuongdong EN 2025 Malware Analysis Report LockBit LockBit4.0 ransomware
Navigating Through The Fog https://thedfirreport.com/2025/04/28/navigating-through-the-fog/
28/04/2025 12:42:23
QRCode
archive.org
thumbnail
  • An open directory associated with a ransomware affiliate, likely linked to the Fog ransomware group, was discovered in December 2024. It contained tools and scripts for reconnaissance, exploitation, lateral movement, and persistence.
  • Initial access was gained using compromised SonicWall VPN credentials, while other offensive tools facilitated credential theft, exploitation of Active Directory vulnerabilities, and lateral movement.
  • Persistence was maintained through AnyDesk, automated by a PowerShell script that preconfigured remote access credentials.
  • Sliver C2 executables were hosted on the server for command-and-control operations, alongside Proxychains tunneling.
  • The victims spanned multiple industries, including technology, education, and logistics, across Europe, North America, and South America, highlighting the affiliate’s broad targeting scope.
thedfirreport EN 2025 SonicWall VPN ransomware Fog AnyDesk PowerShell
Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000 https://www.securityweek.com/two-healthcare-orgs-hit-by-ransomware-confirm-data-breaches-impacting-over-100000/
27/04/2025 11:44:48
QRCode
archive.org

Bell Ambulance and Alabama Ophthalmology Associates have suffered data breaches affecting over 100,000 people after being targeted in ransomware attacks.

One of them is Milwaukee, WI-based Bell Ambulance, which provides ambulance services in the area. The company revealed last week in a data security notice that it detected a network intrusion on February 13, 2025.

An investigation showed that hackers gained access to files containing information such as name, date of birth, SSN, and driver’s license number, as well as financial, medical and health insurance information.

Bell Ambulance did not say in its public notice how many individuals are impacted, but the Department of Health and Human Services (HHS) data breach tracker revealed on Monday that 114,000 people are affected.

The Medusa ransomware group announced hacking Bell Ambulance in early March, claiming to have stolen more than 200 Gb of data from its systems.

The second healthcare organization to confirm a data breach impacting more than 100,000 people is Birmingham, AL-based ophthalmology practice Alabama Ophthalmology Associates.

securityweek EN 2025 Data-Breach Bell-Ambulance US Medusa ransomware Alabama-Ophthalmology-Associates health
The State of Ransomware in the First Quarter of 2025: Record-Breaking 126% Spike in Public Extortion Cases https://blog.checkpoint.com/research/the-state-of-ransomware-in-the-first-quarter-of-2025-a-126-increase-in-ransomware-yoy/
23/04/2025 09:42:35
QRCode
archive.org
thumbnail

Key Findings The number of publicly-mentioned and extorted victims in Q1 reached the highest ever number, with a 126% increase year-over-year. Cl0p

checkpoint EN 2025 Ransomware Record-Breaking Statistics Cl0p
Thousands of Baltimore students, teachers affected by data breach following February ransomware attack https://therecord.media/baltimore-public-schools-data-breach-ransomware
23/04/2025 08:33:49
QRCode
archive.org
thumbnail

Thousands of students, teachers and administrators had information stolen from the Baltimore City Public Schools system during a ransomware attack in February.

therecord.media EN 2025 Data-Leak ransomware students teachers Baltimore City Public Schools US
Kidney Dialysis Services Provider DaVita Hit by Ransomware https://www.securityweek.com/kidney-dialysis-services-provider-davita-hit-by-ransomware/
20/04/2025 12:34:04
QRCode
archive.org

DaVita has not named the ransomware group behind the incident or share details on the attacker’s ransom demands

securityweek EN 2025 DaVita ransomware helath Dialysis
Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial https://www.securityweek.com/ransomware-group-claims-hacking-of-oregon-regulator-after-data-breach-denial/
20/04/2025 12:32:49
QRCode
archive.org

The Rhysida ransomware gang claims to have stolen 2.5 Tb of files from the Oregon Department of Environmental Quality.

securityweek EN 2025 Rhysida Oregon US ransomware Data-Breach
page 1 / 22
4497 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio