What the #OhioRepublicans are demanding isn’t “compromise,” but #extortion. Again, there is a clean bill ready to go in the state house, allowing #Biden’s name to be added to the #ballot. It’s a very simple matter to pass that bill, without any additional provisions. #Republicans are simply taking advantage of the situation in order to advance their own interests to the detriment of Ohio #voters.
Fred Hutchinson Cancer Center failed to reveal threats of potential swatting attacks until this site revealed the threat. Should they have disclosed it themselves?
Arctic Wolf Labs has an interesting article on an investigation of two cases: "Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware:"
This may not be a new kind of threat, but it is something to educate victims about as a potential follow-up threat.
Of note, it turns out I was in communication with the same TA from their second case at around the same time, and I can confirm their conclusion that their two cases are likely the same TA. See my report, "Follow-on extortion campaign: confirmation of some findings by Arctic Wolf:"
On Christmas Eve, Integris Health in Oklahoma was sending emails to patients and issuing notices about an attack by threat actors in November who were allegedly contacting patients directly.
According to their notices, the threat actors did not lock/encrypt anything but did exfiltrate files with #PHI
AlphV/BlackCat replaced their post on #Tipalti with an updated post, and a TA involved in the attack confirmed for me what their original -- and somewhat confusing -- post meant in terms of the rationale for their strategy.
Note that AlphV has NOT named which Tipalti clients have been contacted already or whether there has been any response. Posts by some others claiming that named companies are being extorted seem premature until either the TA announces who they have already contacted or the victims confirm they have been contacted.
So AlphV (aka BlackCat) is trying something different again. This time, it seems they are claiming a victim before they have even attempted to contact the victim or extort them. They post no proof of claims. They state that they are taking this approach because the victim's cyberinsurance policy does not cover extortion, and their research into the victim (Tipalti) and one of the victim's clients (Roblox) suggests that their usual approach will not work. They intend to try to extort those firms and Twitch, all individually.
They even cite an academic reference on the potential benefit of paying ransom.
This listing is not the nasty approach that we've seen in some other listings on that leak site. But we'll see what happens if or when the victims don't respond.
I've sent an inquiry to Tipalti who is probably already swamped and running around trying to figure out what happened. AlphV claims to have been in multiple systems of theirs since September 8. Whether that's true or not remains to be seen.
The listing for plastic surgeon Dr. Jaime Schwartz has reappeared on the Hunters International leak site. Dr. Schwartz has not responded to multiple inquiries since October about this incident and there is no substitute notice or statement on his website -- even though patient data was already being leaked.
> 200 #mobsters in #Italy sentenced to 2200 yrs in prison in 1 of country's largest mob trials, involving 400 lawyers & 900 witnesses. After deliberating for a month, 3-judge panel took ~ 2 hrs 2 hand down rulings today. Mobsters were affiliated w/ notorious 'ndrangheta crime group & convicted o #Mafia association, #extortion, #bribery, & 5 #murders. 207 were jailed, incl 1-time #ForzaItalia lawmaker, frmr police chief, & 1 ex-Mayor, while more than 100 were acquitted
For those of you who have been following the reporting on the prosecution of the Dutch hacker most recently known as "Umbreon," he was sentenced today in Amsterdam to 4 years in prison with one year suspended and three years probation. I think they'll deduct time in detention until now (10 months) from that, but I'm trying to get confirmation on the details.
I will be writing another installment of my interviews with him that will include info on the corporate victims in his trial like TicketCounter, but for now, if you don't know much about him, here was the first interview I reported after his arrest:
And btw, his case is a useful example of why victims should contact law enforcement. It was a report by RDC that got law enforcement started finding a pattern and pursuing it.
"Data provided to the U.S. government by ransomware negotiators shows that companies with good backups are able to recover “far more quickly” than companies that pay a ransom, according to the senior administration official."
My questions: So when they don't have a good backup and have pledged not to pay, what exactly is going to happen next? And if this does work, does that just shift the threat actors over even more to softer targets like, say, healthcare and education entities?
Congressional MAGA Republicans took an oath to “preserve, protect and defend the Constitution,” while intending to weaken and destroy the very democracy that seated them in the House and Senate. That’s what they’re doing: dismantling U.S. democracy.
Congressional moderate Republicans took the same oath. They’re betraying it by condoning Trump’s lawlessness and having failed to vote for his impeachment and removal from office.
So, they call it a "data security incident" and haven't updated their June 5 notice. Yet there's a listing on a leak site that may be populated at some point....